Control: 6.2.4 Ensure no VPC security groups allow ingress from 0.0.0.0/0 to port 22
Description
VPC security groups provide stateful filtering of ingress/egress network traffic to Virtual Servers. It is recommended that no security group allows unrestricted ingress access to port 22.
Remediation
From Console
- Login to the IBM Cloud Portal.
- At the Menu icon, select VPC Infrastructure-->Security Groups.
- For each security group, perform the following: a. Select the security group name. b. Identify the Inbound rule to be removed. c. Using the Options icon, select Delete.
Usage
Run the control in your terminal:
powerpipe control run ibm_compliance.control.cis_v100_6_2_4
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run ibm_compliance.control.cis_v100_6_2_4 --share
SQL
This control uses a named query:
vpc_security_group_restrict_ingress_ssh_all