Security list restricts ingress from 0.0.0.0/0 to port 22 (SSH)
network_security_list_ingress_from_internet_to_ssh_port
OCI security lists are evaluated for rules that permit inbound SSH from 0.0.0.0/0. Any rule where the destination includes TCP 22-or broader rules allowing all TCP or all protocols from 0.0.0.0/0-indicates public SSH exposure.
Risk
Public SSH access enables Internet-wide brute force and credential stuffing, risking unauthorized shell access. Compromise can cause data exfiltration (confidentiality), command tampering (integrity), service disruption (availability), and lateral movement in the VCN.
prowler oraclecloud --checks network_security_list_ingress_from_internet_to_ssh_port
Recommendation
Restrict SSH to trusted sources using least-privilege network rules; avoid 0.0.0.0/0. Prefer private access via VPN/peering or a hardened bastion. Apply network segmentation (NSGs/security lists) to narrow scope. Enforce key-based authentication, disable password login, and monitor access.
Remediation
oci network security-list update --security-list-id <example_resource_id> --ingress-security-rules '[{"protocol":"6","source":"<ALLOWED_CIDR>","tcp-options":{"destination-port-range":{"min":22,"max":22}}}]'
- In the OCI Console, go to Networking > Virtual Cloud Networks and open your VCN
- Click Security Lists, then select <example_resource_name>
- In Ingress Rules, locate any rule with Source CIDR 0.0.0.0/0 and Protocol TCP (or All) that includes port 22
- Edit the rule: change Source CIDR to a specific allowed range (e.g., your office IP/CIDR) and set Destination Port Range to 22, or delete the rule
- Click Save changes
Source Code
Resource Type
SecurityList