OCI Security List allows all traffic on SSH port (22)
Description
Security list are stateful and provide filtering of ingress/egress network traffic to OCI resources. We recommend that security groups do not allow unrestricted ingress access to port 22. Removing unfettered connectivity to remote console services, such as SSH, reduces a server's exposure to risk.
Code Example
go
resource "oci_core_security_list" "pass0" {
...
ingress_security_rules {
...
source = "0.0.0.0/0"
tcp_options {
max = 25
+ min = 25
- min = 22
...
}
}
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1246 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_OCI_19 |