Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)
Error: GitHub Actions contain workflow_dispatch inputs parameters
Bridgecrew Policy ID: BC_OPENSTACK_NETWORKING_2
Checkov Check ID: CKV_OPENSTACK_3
Severity: LOW
OpenStack Security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)
Description
In OpenStack, firewall rules are used to allow or deny traffic to or from a specific network or subnet. When you create a firewall rule, you can specify the destination IP address or range that the rule applies to. This allows you to control which traffic is allowed or denied based on the destination IP of the traffic.
Fix - Buildtime
Terraform
- Resource: openstack_compute_secgroup_v2
- Arguments: rule.to_port + rule.from_port
resource "openstack_compute_secgroup_v2" "secgroup_1" {
name = "my_secgroup"
description = "my security group"
rule {
from_port = 3389
to_port = 3389
ip_protocol = "tcp"
from_group_id = "5338c192-5118-11ec-bf63-0242ac130002"
}
}
Updated 9 months ago