Usage of packages with unauthenticated or missing signatures allowed
Description
This policy detects whether Ansible apt modules install packages without authenticating their signatures, including those with missing signatures. Unauthenticated packages can result in the installation of modified or malicious packages through several mechanisms such as Man-in -the-Middle_Attacks. Malicious attackers could potentially manipulate packages during download, inserting malicious code or substituting them with entirely malicious versions.
Code Example
- name: Example
hosts: all
gather_facts: False
tasks:
- name: Do not allow unauthenticated packages
ansible.builtin.apt:
name: nginx
state: latest
- allow_unauthenticated: true
+ allow_unauthenticated: falseRemediation
Ansible
- Module: ansible.builtin.apt or apt
- Attribute: allow_unauthenticated
To mitigate this risk, set the allow_unauthenticated attribute in your apt module to either 'false' or 'omitted'. When you set allow_unauthenticated to 'false', Ansible strictly enforces package authentication. This enforces the authentication of package signatures, thereby safeguarding your systems against potentially harmful packages. If you omit the allow_unauthenticated attribute from your apt module, Ansible defaults to the system's behavior regarding package authentication. Typically, this behavior requires package signatures to be authenticated before installation.
Secure Code Example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0046 |
| Severity | LOW |
| IaC Type | Ansible |
| Frameworks | Ansible |
| Checkov ID | CKV_ANSIBLE_5 |