Ensure no security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)

Error: GitHub Actions contain workflow_dispatch inputs parameters

Bridgecrew Policy ID: BC_OPENSTACK_NETWORKING_2
Checkov Check ID: CKV_OPENSTACK_3
Severity: LOW

OpenStack Security groups allow ingress from 0.0.0.0:0 to port 3389 (tcp / udp)

Description

In OpenStack, firewall rules are used to allow or deny traffic to or from a specific network or subnet. When you create a firewall rule, you can specify the destination IP address or range that the rule applies to. This allows you to control which traffic is allowed or denied based on the destination IP of the traffic.

Fix - Buildtime

Terraform

  • Resource: openstack_compute_secgroup_v2
  • Arguments: rule.to_port + rule.from_port
resource "openstack_compute_secgroup_v2" "secgroup_1" {
          name        = "my_secgroup"
          description = "my security group"
        
          rule {
            from_port     = 3389
            to_port       = 3389
            ip_protocol   = "tcp"
            from_group_id = "5338c192-5118-11ec-bf63-0242ac130002"
          }
        }