Control: Use check mode for Tailscale SSH

Description

Verify high-risk Tailscale SSH connections with check mode.

Usage

Run the control in your terminal:

powerpipe control run tailscale_compliance.control.security_best_practices_acl_ssh_check_mode_enabled

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run tailscale_compliance.control.security_best_practices_acl_ssh_check_mode_enabled --share

Steampipe Tables

tailscale_acl_ssh

tailscale_tailnet

SQL

with tailscale_users as (
  select
    tailnet_name
  from
    tailscale_acl_ssh
  where
    users ?| array['root'] and action = 'check' and check_period is not null
  group by
    tailnet_name
)
select
  t.tailnet_name as resource,
  case
    when tu.tailnet_name is not null then 'ok'
    else 'alarm'
  end as status,
  case
    when tu.tailnet_name is not null then t.tailnet_name || ' SSH connections for root have check mode enabled.'
    else t.tailnet_name || ' SSH connections for root have check mode disabled.'
  end as reason,
  t.tailnet_name
from
  tailscale_tailnet as t
  left join tailscale_users as tu on t.tailnet_name = tu.tailnet_name;