compliance to check 22 and 3389 on security_list and network_security_group is not working

turbot / steampipe-mod-terraform-oci-compliance

Run compliance and security controls to detect Terraform OCI resources deviating from security best practices prior to deployment using Powerpipe and Steampipe.

https://hub.powerpipe.io/mods/turbot/terraform_oci_compliance

Apache License 2.0

3 stars 0 forks source link

compliance to check 22 and 3389 on security_list and network_security_group is not working #20

Closed Anoop-SecurityAssociate closed 2 years ago

Anoop-SecurityAssociate commented 2 years ago

Describe the bug steampipe network rules are not picking for post 22 and 3389

Steampipe version (steampipe -v) Example: v0.3.0

Plugin version (steampipe plugin list) Example: v0.5.0

To reproduce Steps to reproduce the behavior (please include relevant code and/or commands).

Expected behavior A clear and concise description of what you expected to happen.

Additional context Add any other context about the problem here.

rajlearner17 commented 2 years ago

Hi @Anoop-SecurityAssociate, Thanks for the issue.

I am sorry that I provided the OCI compliance link in slack to raise the issue. This should be raised in the OCI TERRAFORM COMPLIANCE? Let me know if you can submit a new issue there and close here?

e-gineer commented 2 years ago

@rajlearner17 We can just transfer the issue?

rajlearner17 commented 2 years ago

Hi @Anoop-SecurityAssociate, we have added two missing queries in this PR

Can you pls give it a try? Check out the branch with the following steps

You may be in the main branch of steampipe-mod-terraform-oci-compliance.
run git pull
git checkout add-new-control Now run the compliance check to see if the SSH & RDP ports are validated.

Let us know in case the issue persists.

hrishikeshkalita commented 2 years ago

@rajlearner17 I am checking this issue on behalf of Anoop. Unfortunately we are not able to find the branch you are mentioning. Additionally, we are actually running the Steampipe checked against a OCI terraform module and unfortunately it is not picking up any of the rules or compliance check when running against terraform module. We have tried to deliberately put port 22 in our terraform file so as to check whether Steampipe compliance is failing but it is passing and that should not be the expected result. We can share the terraform module code to reproduce the issue.

rajlearner17 commented 2 years ago

Hi @hrishikeshkalita, I Appreciate using Steampipe and reaching out to us.

We released v0.4 yesterday, which includes additional controls for the security list. Please check and let us know how this helps.

cbruno10 commented 2 years ago

Hey @hrishikeshkalita , as @rajlearner17 had mentioned, please try out the latest version of this mod, which contains the fix for the original issue. If you're still seeing any issues, please re-open the issue, thanks!