Kibana Port Should Not Be Open

More Info:

Determines if TCP port 5601 for Kibana is open to the public

Risk Level

Medium

Address

Security

Compliance Standards

HITRUST, GDPR, SOC2, NISTCSF, PCIDSS, FedRAMP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the Kibana Port Should Not Be Open misconfiguration on GCP using GCP CLI, you can follow these steps:

Open the GCP Console and go to the Cloud Shell.
Run the following command to get the list of firewall rules:
```
gcloud compute firewall-rules list
```
Identify the firewall rule that allows traffic to port 5601 (Kibana port). Note down the name of the firewall rule.
Run the following command to delete the firewall rule:
```
gcloud compute firewall-rules delete [FIREWALL_RULE_NAME]
```
Replace [FIREWALL_RULE_NAME] with the name of the firewall rule identified in step 3.
Confirm the deletion of the firewall rule by typing “y” when prompted.
Verify that the firewall rule has been deleted by running the following command:
```
gcloud compute firewall-rules list
```
The output should not include the firewall rule that allowed traffic to port 5601.
Once you have confirmed that the firewall rule has been deleted, the Kibana port will no longer be open and the misconfiguration will be remediated.

Note: Before deleting the firewall rule, make sure that it is not required for any other services or applications running on your GCP project.

Using Python

To remediate the Kibana port being open on a GCP instance, you can follow these steps using the Python programming language:

Use the google-cloud-compute library to get a list of all instances in the project.

from google.cloud import compute_v1

compute_client = compute_v1.InstancesClient()

project_id = 'your-project-id'
zone = 'us-central1-a'

instances = compute_client.list(project=project_id, zone=zone).items

Iterate over the list of instances and check if Kibana is running on any of them.

for instance in instances:
    # Get the instance's metadata
    metadata = compute_client.get_instance(project=project_id, zone=zone, instance=instance.name).metadata.items
    kibana_port_open = False
    
    # Check if Kibana is running on the instance
    for item in metadata:
        if item.key == 'startup-script' and 'kibana' in item.value:
            kibana_port_open = True
            break
    
    # If Kibana is running, remove the firewall rule
    if kibana_port_open:
        firewall_client = compute_v1.FirewallsClient()
        firewall_client.delete(project=project_id, firewall='kibana')

If Kibana is running on an instance, use the google-cloud-compute library to delete the firewall rule that allows traffic to the Kibana port.

firewall_client = compute_v1.FirewallsClient()

firewall_name = 'kibana'
firewall_rule = firewall_client.get(project=project_id, firewall=firewall_name)

firewall_client.delete(project=project_id, firewall=firewall_name)

Note: This assumes that there is a firewall rule named kibana that allows traffic to the Kibana port. If the firewall rule has a different name, you will need to modify the code accordingly.

Additional Reading:

https://cloud.google.com/vpc/docs/using-firewalls

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

Kibana Port Should Not Be Open

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: