Control: 4.3 Ensure no security groups allow ingress from 0.0.0.0/0 to port 22
Description
Security groups provide stateful filtering of ingress/egress network traffic to Alibaba Cloud resources. It is recommended that no security group allows unrestricted ingress access to port 22.
Remediation
From Console
- Logon to ECS Console.
- In the left pane, click to expand
Network and Security
, clickSecurity Groups
. - For each security group, perform the following:
- Select the security group.
- Click
Add Rules
. - Click the
Inbound
tab. - Identify the rules to be removed.
- Click
Delete
in theRemove column
. - Click
OK
.
Usage
Run the control in your terminal:
powerpipe control run alicloud_compliance.control.cis_v100_4_3
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run alicloud_compliance.control.cis_v100_4_3 --share
SQL
This control uses a named query:
ecs_security_group_restrict_ingress_ssh_all