SSL validation disabled within Ansible DNF module
Description
This policy detects whether SSL certificate validation is enforced when using the DNF module in Ansible. SSL verifies the authenticity of the server's SSL certificate, ensuring that HTTPS connections are secure and the server's identity is validated. This is critical for preventing Man-in-the-Middle attacks.
Code Example
yaml
- name: Example
ansible.builtin.dnf:
name: nginx
state: latest
sslverify: trueRemediation
Ansible
- Module: dnf
- Attribute: sslverify
To mitigate this risk, ensure that the sslverify attribute is not set to 'false' in your DNF tasks. If not explicitly set, the default behavior is to perform SSL validation. It is recommended to explicitly set sslverify to 'true' to enforce clarity and intent in the code.
Secure Code Example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0052 |
| Severity | MEDIUM |
| IaC Type | Ansible |
| Frameworks | Ansible |
| Checkov ID | CKV2_ANSIBLE_5 |