GCP Introduction
GCP Pricing
GCP Threats
GCP Misconfigurations
- Getting Started with GCP Audit
- CloudSql Audit
- Cloud Tasks Monitoring
- Dataflow Monitoring
- Function Monitoring
- Monitoring Compliance
- PubSubLite Monitoring
- Spanner Monitoring
- NoSQL Monitoring
- Compute Audit
- IAM Audit
- BigQuery Monitoring
- CDN Monitoring
- DNS Monitoring
- KMS Monitoring
- Kubernetes Audit
- Load Balancer Monitoring
- Log Monitoring
- Storage Audit
- Pub/Sub Monitoring
- VPC Audit
- IAM Deep Dive
GCP Threats
Serial Ports Connection Should Be Disabled
More Info:
Serial ports connection should not be enabled for VM instances. As serial console does not allow restricting IP Addresses, so then it allows any IP address to connect to instance and should therefore be disabled.
Risk Level
Low
Address
Security
Compliance Standards
CISGCP, CBP, HITRUST, SOC2, NISTCSF, PCIDSS
Triage and Remediation
Remediation
To remediate the misconfiguration “Serial Ports Connection Should Be Disabled” for GCP using GCP console, you can follow the below steps:
-
Login to the GCP console.
-
Select the project in which you want to remediate the misconfiguration.
-
Click on the “Compute Engine” option from the left-hand side menu.
-
Select the instance for which you want to disable the serial port connection.
-
Click on the “Edit” button at the top of the page.
-
Scroll down to the “Cloud API access scopes” section.
-
In the “Cloud API access scopes” section, click on the “Allow full access to all Cloud APIs” option to expand it.
-
Uncheck the “Enable connecting to serial ports” option.
-
Click on the “Save” button at the bottom of the page to apply the changes.
-
Once the changes are applied, the serial port connection will be disabled for the selected instance.
By following the above steps, you can remediate the misconfiguration “Serial Ports Connection Should Be Disabled” for GCP using GCP console.
To remediate the misconfiguration of serial ports connection being enabled in GCP using GCP CLI, you can follow the below steps:
- Open the Cloud Shell in the GCP Console.
- Run the following command to list all the instances in your project:
gcloud compute instances list - Choose the instance for which you want to disable serial port connection.
- Run the following command to disable serial port connection for the chosen instance:
Replace [INSTANCE_NAME] with the name of the instance you want to remediate.
gcloud compute instances update [INSTANCE_NAME] --no-enable-serial-port - Verify that the serial port connection is disabled for the instance by running the following command:
This command should not return any output.
gcloud compute instances describe [INSTANCE_NAME] | grep -i serial
By following these steps, you can remediate the misconfiguration of serial ports connection being enabled in GCP using GCP CLI.
To remediate the “Serial Ports Connection Should Be Disabled” misconfiguration for GCP using Python, you can use the Cloud Asset Inventory and Cloud Asset API to identify and disable serial ports connections on all Compute Engine instances in your project. Here are the step-by-step instructions:
-
First, you need to enable the Cloud Asset API for your project. You can do this by going to the Google Cloud Console, selecting your project, and navigating to APIs & Services > Dashboard. Then, click on the ”+ ENABLE APIS AND SERVICES” button, search for “Cloud Asset API”, and click on the “ENABLE” button.
-
Next, you need to install the Google Cloud SDK and the Python client library for the Cloud Asset API. You can do this by running the following command in your terminal:
pip install google-cloud-sdk google-cloud-asset
- Once you have installed the necessary tools, you can use the following Python code to identify and disable serial ports connections on all Compute Engine instances in your project:
from google.cloud import asset_v1
# Create a client object for the Cloud Asset API
client = asset_v1.AssetServiceClient()
# Define the project ID for your GCP project
project_id = 'YOUR_PROJECT_ID'
# Define the query to search for Compute Engine instances with serial ports connections enabled
query = 'resource:"//cloudresourcemanager.googleapis.com/projects/{}/" ' \
'AND resource_type="compute.googleapis.com/Instance" ' \
'AND (serialPortConfigs.accessible=true OR serialPortConfigs.enable=true)'.format(project_id)
# Execute the query and get the results
response = client.search_all_resources(scope='projects/{}'.format(project_id), query=query)
# Loop through the results and disable serial ports connections on each Compute Engine instance
for result in response:
if result.asset.resource_type == 'compute.googleapis.com/Instance':
instance_name = result.asset.name.split('/')[-1]
zone = result.asset.resource_data['zone'].split('/')[-1]
instance_client = compute_v1.InstancesClient()
instance = instance_client.get(project=project_id, zone=zone, instance=instance_name)
if instance.serial_port_configs:
instance.serial_port_configs = []
instance_client.update(project=project_id, zone=zone, instance=instance_name, body=instance)
-
Replace “YOUR_PROJECT_ID” with your actual GCP project ID in the code.
-
Run the code in your terminal or in a Python IDE.
This code will search for Compute Engine instances in your project that have serial ports connections enabled, and disable them by removing all serial port configurations. This will remediate the “Serial Ports Connection Should Be Disabled” misconfiguration for your GCP project.