Log Buckets Should Have Retention Policies
More Info:
Ensure that retention policies on log buckets are configured using Bucket Locks.Risk Level
LowAddress
SecurityCompliance Standards
CISGCP, CBPTriage and Remediation
Remediation
Using Console
Using Console
Sure, I can help you with that. Here are the step-by-step instructions to remediate the misconfiguration “Log Buckets Should Have Retention Policies” in GCP using the GCP console:
- Open the GCP Console in your web browser and log in to your account.
- Navigate to the Cloud Storage section by clicking on the hamburger menu (☰) in the top-left corner of the console, then selecting “Storage” and “Browser” from the dropdown menu.
- Locate the log bucket that needs to have a retention policy added.
- Click on the name of the bucket to open its details page.
- Click on the “Edit bucket retention” button located in the “Bucket metadata” section.
- In the “Retention period” section, select the desired retention period for the logs. You can choose a custom period or select from the predefined options.
- Click on the “Save” button to apply the retention policy to the bucket.
Using CLI
Using CLI
To remediate the issue of log buckets not having retention policies in GCP using GCP CLI, follow the below steps:
- Open the Cloud Shell in the GCP console.
- Run the command
gsutil retention set <retention_period> gs://<bucket_name>to set the retention policy for the log bucket. Replace<retention_period>with the desired retention period in seconds, and<bucket_name>with the name of the log bucket. - Run the command
gsutil retention get gs://<bucket_name>to confirm that the retention policy has been set for the log bucket. Replace<bucket_name>with the name of the log bucket.
Using Python
Using Python
To remediate the misconfiguration of log buckets not having retention policies in GCP using Python, follow these steps:
- First, you need to authenticate to GCP using the Google Cloud SDK. You can install the SDK using this link: https://cloud.google.com/sdk/docs/install
-
Once you have installed the SDK, run the following command to authenticate:
-
Next, you need to install the Google Cloud Storage Python library. You can install it using the following command:
-
After installing the library, you can use the following Python code to set a retention policy on a log bucket:
-
Replace
your-bucket-namewith the name of the log bucket you want to set the retention policy on. -
Replace
retention_periodwith the desired retention period in seconds. For example, 604800 seconds is equivalent to 7 days. -
Save the code to a Python file and run it using the following command:
- Verify that the retention policy has been set by checking the bucket’s properties in the GCP console.