Triage and Remediation
Remediation
Using Console
Using Console
To remediate the “Web Dashboard Should Be Disabled” misconfiguration in GCP using the GCP console, follow these steps:
- Log in to the GCP Console.
- Navigate to the GCP project that has the misconfiguration.
- In the left-hand menu, select “IAM & Admin” and then click on “Dashboard.”
- In the “Dashboard” page, you will see the “Web Dashboard” option. Click on the three dots on the right-hand side of the “Web Dashboard” option and select “Disable.”
- A confirmation message will appear. Click on “Disable” to confirm.
- Once the “Web Dashboard” has been disabled, you will no longer be able to access it from the GCP Console.
- Verify that the “Web Dashboard” has been disabled by going back to the “Dashboard” page and confirming that the “Web Dashboard” option is no longer available.
Using CLI
Using CLI
To remediate the “Web Dashboard Should Be Disabled” misconfiguration in GCP using GCP CLI, you can follow these steps:Replace You should not see any pods with the name This will delete the
- Open the Cloud Shell in your GCP console.
- Run the following command to disable the web dashboard:
[CLUSTER_NAME] with the name of your GCP cluster.- Verify that the web dashboard is disabled by running the following command:
kubernetes-dashboard in the output.- (Optional) If you want to completely remove the web dashboard, run the following command:
kubernetes-dashboard deployment from the kube-system namespace.By following these steps, you can remediate the “Web Dashboard Should Be Disabled” misconfiguration in GCP using GCP CLI.Using Python
Using Python
To remediate the misconfiguration “Web Dashboard Should Be Disabled” in GCP using Python, you can follow these steps:Note: Make sure to replace
- Import the necessary libraries:
- Set up the credentials and the API client:
- Get the project ID:
- Get the project IAM policy:
- Check if the “roles/viewer” role is granted to “allUsers” or “allAuthenticatedUsers”:
- Remove the “roles/viewer” role from “allUsers” or “allAuthenticatedUsers”:
<path_to_service_account_file> and <your_project_id> with the actual values. Also, ensure that the service account used has the necessary permissions to modify IAM policies.