GCP Introduction
GCP Pricing
GCP Threats
GCP Misconfigurations
- Getting Started with GCP Audit
- CloudSql Audit
- Cloud Tasks Monitoring
- Dataflow Monitoring
- Function Monitoring
- Monitoring Compliance
- PubSubLite Monitoring
- Spanner Monitoring
- NoSQL Monitoring
- Compute Audit
- IAM Audit
- BigQuery Monitoring
- CDN Monitoring
- DNS Monitoring
- KMS Monitoring
- Kubernetes Audit
- Load Balancer Monitoring
- Log Monitoring
- Storage Audit
- Pub/Sub Monitoring
- VPC Audit
- IAM Deep Dive
GCP Threats
Bucket Versioning Should Be Enabled
More Info:
Ensures object versioning is enabled on storage buckets. Object versioning can help protect against the overwriting of objects or data loss in the event of a compromise.
Risk Level
Low
Address
Security, Operational Maturity, Reliability
Compliance Standards
PCIDSS, HITRUST, SOC2, NISTCSF
Triage and Remediation
Remediation
To remediate the “Bucket Versioning Should Be Enabled” misconfiguration in GCP using GCP console, follow these steps:
-
Go to the GCP console and select the project where the misconfigured bucket is located.
-
In the top navigation bar, click on the “Storage” option.
-
Click on the name of the bucket that needs to be remediated.
-
In the left-hand menu, click on the “Versions” option.
-
Click on the “Enable versioning” button.
-
A pop-up window will appear asking you to confirm that you want to enable versioning. Click on the “Enable” button.
-
Once versioning is enabled, you will see a message confirming that versioning has been enabled for the bucket.
-
You can now exit the GCP console.
By following these steps, you will have successfully remediated the misconfiguration “Bucket Versioning Should Be Enabled” for the specified bucket in GCP using GCP console.
To remediate the bucket versioning misconfiguration in GCP using GCP CLI, you can follow the below steps:
- Open Cloud Shell from the GCP console.
- Run the following command to enable versioning for a specific bucket:
gsutil versioning set on gs://[BUCKET_NAME]
Note: Replace [BUCKET_NAME] with the name of the bucket you want to enable versioning for.
- Verify that versioning is enabled for the bucket by running the following command:
gsutil versioning get gs://[BUCKET_NAME]
Note: Replace [BUCKET_NAME] with the name of the bucket you enabled versioning for.
- The output of the above command should show “Enabled: True” indicating that versioning has been enabled for the bucket.
By following these steps, you can remediate the misconfiguration of bucket versioning not being enabled in GCP using GCP CLI.
To remediate the “Bucket Versioning Should Be Enabled” misconfiguration in GCP using Python, you can follow these steps:
- Install the
google-cloud-storagelibrary using pip:
pip install google-cloud-storage
- Import the necessary modules:
from google.cloud import storage
- Initialize the client object:
client = storage.Client()
- Get the bucket object:
bucket = client.get_bucket('bucket-name')
- Enable versioning for the bucket:
bucket.versioning_enabled = True
bucket.patch()
- Verify that versioning is enabled:
bucket.reload()
print(bucket.versioning_enabled)
This will enable versioning for the specified GCP bucket and ensure that all objects uploaded to the bucket have a unique version ID.