blockstorage_block_volume_backup_enabledblockstorage_block_volume_encryption_enabledblockstorage_boot_volume_backup_encryption_enabledblockstorage_boot_volume_encryption_enabledcloudguard_enabledcompute_instance_boot_volume_encryption_in_transit_enabledcompute_instance_metadata_service_disabledcompute_instance_monitoring_enableddatabase_db_encryption_enableddatabase_db_home_encryption_enableddatabase_db_system_encryption_enabledfile_storage_file_system_encryption_enabledidentity_authentication_password_policy_contains_lowercase_charactersidentity_authentication_password_policy_contains_numeric_charactersidentity_authentication_password_policy_contains_special_charactersidentity_authentication_password_policy_contains_uppercase_charactersidentity_authentication_password_policy_strong_min_length_14objectstorage_bucket_encryption_enabledobjectstorage_bucket_object_events_enabledobjectstorage_bucket_public_access_blockedobjectstorage_bucket_versioning_enabledvcn_default_security_group_allow_icmp_onlyvcn_has_inbound_security_list_configuredvcn_inbound_security_lists_are_statelessvcn_network_security_group_restrict_ingress_rdp_allvcn_network_security_group_restrict_ingress_ssh_allvcn_security_group_has_stateless_ingress_security_rulesvcn_security_list_restrict_ingress_rdp_allvcn_security_list_restrict_ingress_ssh_allvcn_subnet_public_access_blocked
Query: vcn_network_security_group_restrict_ingress_ssh_all
Usage
powerpipe query terraform_oci_compliance.query.vcn_network_security_group_restrict_ingress_ssh_all
Steampipe Tables
SQL
with all_sg_security_rule as ( select * from terraform_resource where type = 'oci_core_network_security_group_security_rule'), all_sg as ( select * from terraform_resource where type = 'oci_core_network_security_group'), non_complaint as ( select attributes_std ->> 'network_security_group_id' as nsg_id, count(*) as count from all_sg_security_rule where attributes_std ->> 'direction' = 'INGRESS' and attributes_std ->> 'source_type' = 'CIDR_BLOCK' and attributes_std ->> 'source' = '0.0.0.0/0' and ( attributes_std ->> 'protocol' = 'all' or ( (attributes_std -> 'tcp_options' -> 'destination_port_range' ->> 'min')::integer <= 22 and (attributes_std -> 'tcp_options' -> 'destination_port_range' ->> 'max')::integer >= 22 ) ) group by nsg_id)select a.address as resource, case when (split_part(b.nsg_id , '.', 2)) is null then 'ok' else 'alarm' end as status, split_part(a.address, '.', 2) || case when (split_part(b.nsg_id , '.', 2)) is null then ' ingress restricted for SSH from 0.0.0.0/0' else ' ingress rule(s) allowing SSH from 0.0.0.0/0' end || '.' reason , path || ':' || start_linefrom all_sg as a left join non_complaint as b on a.name = (split_part(b.nsg_id , '.', 2));
Controls
The query is being used by the following controls: