Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var CheckNoPlaintextPassword = rules.Register( rules.Rule{ AVDID: "AVD-OPNSTK-0001", Provider: provider.OpenStackProvider, Service: "compute", ShortCode: "no-plaintext-password", Summary: "No plaintext password for compute instance", Impact: "Including a plaintext password could lead to compromised instance", Resolution: "Do not use plaintext passwords in terraform files", Explanation: `Assigning a password to the compute instance using plaintext could lead to compromise; it would be preferable to use key-pairs as a login mechanism`, Links: []string{}, Severity: severity.Medium, }, func(s *state.State) (results rules.Results) { for _, instance := range s.OpenStack.Compute.Instances { if instance.AdminPassword.IsNotEmpty() { results.Add( "Instance has admin password set.", instance.AdminPassword, ) } } return }, )
View Source
var CheckNoPublicAccess = rules.Register( rules.Rule{ AVDID: "AVD-OPNSTK-0002", Provider: provider.OpenStackProvider, Service: "compute", ShortCode: "no-public-access", Summary: "A firewall rule allows traffic from/to the public internet", Impact: "Exposure of infrastructure to the public internet", Resolution: "Employ more restrictive firewall rules", Explanation: `Opening up ports to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that explicitly require it where possible.`, Links: []string{}, Severity: severity.Medium, }, func(s *state.State) (results rules.Results) { for _, rule := range s.OpenStack.Compute.Firewall.AllowRules { if rule.Enabled.IsFalse() { continue } if rule.Destination.IsEmpty() { results.Add( "Firewall rule does not restrict destination address internally.", rule.Destination, ) } else if cidr.IsPublic(rule.Destination.Value()) { results.Add( "Firewall rule allows public egress.", rule.Destination, ) } if rule.Source.IsEmpty() { results.Add( "Firewall rule does not restrict source address internally.", rule.Source, ) } else if cidr.IsPublic(rule.Source.Value()) { results.Add( "Firewall rule allows public ingress.", rule.Source, ) } } return }, )
Functions ¶
This section is empty.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.