Triage and Remediation
Remediation
Using Console
Using Console
The “Require OS Login” misconfiguration in GCP means that instances in your project do not require OS Login to access the instance. OS Login is a feature that lets you use your Google Cloud identity to manage access to Linux instances running on Compute Engine.To remediate this misconfiguration, you can follow these steps:
- Open the Google Cloud Console and select your project.
- In the left-hand menu, click on “Compute Engine” and then “VM instances”.
- Select the instance for which you want to enable OS Login.
- Click on “Edit” at the top of the page.
- Scroll down to the “Cloud API access scopes” section.
- Click on “Change” next to “Access scopes”.
- In the “Access scopes” dialog box, select “Allow full access to all Cloud APIs” and click “Save”.
- Scroll down to the “OS Login” section and select “Enable OS Login”.
- Click “Save” at the bottom of the page.
Using CLI
Using CLI
The “Require OS Login” feature in GCP ensures that all users who need to access an instance must have a valid user account on the instance. It can be remediated using the following steps:
- Open the Cloud Shell in GCP console.
-
Run the following command to enable the “Require OS Login” feature for all instances in the project:
-
Run the following command to update all existing instances in the project to use the “Require OS Login” feature:
-
If you create a new instance, the “Require OS Login” feature will be enabled by default. However, if you want to disable it for a specific instance, you can do so by running the following command:
Replace INSTANCE_NAME with the name of the instance you want to disable the feature for.
Using Python
Using Python
To remediate the “Require OS Login” misconfiguration in GCP using Python, you can follow the below steps:Step 1: Import the required libraries and authenticate the user credentials using Google Cloud SDK.Step 2: Get the list of all instances in the project.Step 3: Iterate through the list of instances and update the metadata to enable “Require OS Login”.Step 4: Verify if the “Require OS Login” is enabled for all instances.Note: Make sure to replace the
<path_to_service_account_file>, <project_id> and <zone> with the actual values in the code.