PlatformResourcesSign inSign Up

Ensure OCI security groups rules do not allow ingress from 0.0.0.0/0 to port 22

Error: OCI security group allows unrestricted ingress access to port 22
Bridgecrew Policy ID: BC_OCI_NETWORKING_4
Checkov Check ID: CKV_OCI_22
Severity: LOW

Suggest Edits

OCI security group allows unrestricted ingress access to port 22

Description

Security groups are stateful and provide filtering of ingress/egress network traffic to OCI resources. We recommend that security groups do not allow unrestricted ingress access to port 22. Removing unfettered connectivity to remote console services, such as SSH, reduces a server's exposure to risk.

Fix - Runtime

Fix - Buildtime

Terraform

resource "oci_core_network_security_group_security_rule" "pass" {
    network_security_group_id = oci_core_network_security_group.sg.id
    direction = "EGRESS"
    protocol = "all"
    source = "0.0.0.0/0"

    tcp_options {
        destination_port_range {
            max = 22
            min = 22
        }
    }
}

Updated 9 months ago