Loading controls...
Control: Use check mode for Tailscale SSH
Description
Verify high-risk Tailscale SSH connections with check mode.
Usage
Run the control in your terminal:
steampipe check tailscale_compliance.control.security_best_practices_acl_ssh_check_mode_enabled
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share tailscale_compliance.control.security_best_practices_acl_ssh_check_mode_enabled
Plugins & Tables
SQL
with tailscale_users as ( select tailnet_name from tailscale_acl_ssh where users ?| array [ 'root' ] and action = 'check' and check_period is not null group by tailnet_name)select t.tailnet_name as resource, case when tu.tailnet_name is not null then 'ok' else 'alarm' end as status, case when tu.tailnet_name is not null then t.tailnet_name || ' SSH connections for root have check mode enabled.' else t.tailnet_name || ' SSH connections for root have check mode disabled.' end as reason, t.tailnet_namefrom tailscale_tailnet as t left join tailscale_users as tu on t.tailnet_name = tu.tailnet_name;