Skip to content

compliance-framework/plugin-apt-versions-policies

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.github/workflows
.github/workflows
 
 
policies
policies
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

SSH policies for use in Compliance Framework Local SSH Plugin

Requirements

Install opa for testing & building the bundles.

Testing

opa test policies

Bundling

Policies are built into bundle to make distribution easier.

You can easily build the policies by running

opa build -b policies -o dist/bundle.tar.gz

Running policies locally

opa eval -I -b policies -f pretty data.compliance_framework.local_ssh <<EOF 
{
  "passwordauthentication": [
    "yes"
  ],
  "permitrootlogin": [
    "with-password"
  ],
  "pubkeyauthentication": [
    "no"
  ]
}
EOF

Writing policies.

Policies are written in the Rego language.

package ssh.deny_password_auth

import future.keywords.in

violation[{
    "title": "Host SSH is using password authentication.",
    "description": "Host SSH should not use password, as this is insecure to brute force attacks from external sources.",
    "remarks": "Migrate to using SSH Public Keys, and switch off password authentication."
}] {
	"yes" in input.passwordauthentication
}

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases 34

0.2.5 Latest
Jan 21, 2025
+ 33 releases

Packages

 
 
 

Languages