[Bug]: False negative in Azure NSG checks
varunupps opened this issue · comments
Steps to Reproduce
- Command run: prowler azure --az-cli-auth
- Running on ubuntu workstation
- Run against a single Azure account and subscription
- az cli credentials have Admin Permissions
- A VM created in Azure subscription with NSG that allows traffic to TCP port 22 from anywhere
- Verified that SSH works and is accessible from anywhere
Expected behavior
The status of the "network_ssh_internet_access_restricted " check for the NSG should be "FAIL". But it's "PASS" as shown in the screenshot. Also attaching screenshot from Azure console to confirm misconfiguration.
Actual Result with Screenshots or Logs
How did you install Prowler?
From pip package (pip install prowler)
Environment Resource
Workstation
OS used
Ubuntu 22.0
Prowler version
v4.0.1
Pip version
22.0.2
Context
No response
Hi! @varunupps thanks for the report, I´ll work on this issue and reach you with a solution!
Thanks for using Prowler!!!
awesome. if you need more details, just gimme a shout. ta
@varunupps I´m trying to replicate your issue but I´m getting this:
@varunupps To ensure that we have the same configuration, can you check that this configuration?:
"securityRules": [
{
"name": "SSH",
"id": "/subscriptions/<subscription_id>/resourceGroups/<resource_group>/providers/Microsoft.Network/networkSecurityGroups/<nsg>/securityRules/SSH",
"etag": "W/\"<etag>\"",
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
"properties": {
"provisioningState": "Succeeded",
"protocol": "TCP",
"sourcePortRange": "*",
"destinationPortRange": "22",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1000,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
}
],
hello @pedrooot . Please see below. Only variation I can see is the case of 'Tcp'
"securityRules": [
{
"name": "SSH",
"id": "/subscriptions/<subscription_id>/resourceGroups/<resource_group>/providers/Microsoft.Network/networkSecurityGroups/<NSG>/securityRules/SSH",
"etag": "W/\"<ETAG>\"",
"type": "Microsoft.Network/networkSecurityGroups/securityRules",
"properties": {
"provisioningState": "Succeeded",
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "22",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1000,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
}
],
Yes, I´m pretty sure that changing this line wuould resolve the issue, I´ll do it asap
Hey! @varunupps you can try here the new fix. If the error persists just tell me!
Thanks for using Prowler 😄