Skip to content

Example Request: Automate ad-hoc scans thru bastion/jump-box #9

New issue
New issue
Open
Open
Example Request: Automate ad-hoc scans thru bastion/jump-box#9
@danielcbright

Description

@danielcbright
danielcbright
opened on Dec 6, 2018

Example Request

This example request includes usage of the following Chef products (select one
or more):

  • Chef Automate
    • Includes Chef Server, Client, Backend, ChefDK and Supermarket
  • Chef Workstation
    • Includes Chef Workstation only
  • Habitat
    • Includes Habitat, Habitat Builder (on-prem and SaaS)
  • InSpec
    • Includes InSpec, Ad-hoc Automate jobs, Audit Cookbook

Problem Statement

Currently, if using Automate to perform ad-hoc scans, you must allow network access to the target ip's directly. This means allowing port 22 for Linux, and 5985/5986 for WinRM, which is ok when Automate is behind the DMZ, however, when Automate is used aaS, then it will be reaching out to targets from a public IP. If you could use a bastion to act as an in-between for these scans, then it would help to limit the exposure of sensitive ports.

External References

  • N/A

Additional Notes

N/A

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions