Triage and Remediation
Remediation
Using Console
Using Console
To remediate the MySQL port open misconfiguration on GCP using the GCP console, please follow the below steps:
- Log in to the GCP Console (https://console.cloud.google.com/).
- Navigate to the GCP project that has the misconfigured MySQL port.
- In the navigation menu, click on “Compute Engine”.
- Select the VM instance that has the open MySQL port.
- Click on the “Edit” button at the top of the page.
- Scroll down to the “Firewall” section and click on “Networking”.
- Under the “Firewall rules” section, click on “default-allow-mysql”.
- Click on the “Delete” button to remove the rule.
- Click on the “Save” button at the bottom of the page to apply the changes.
Using CLI
Using CLI
To remediate the MySQL port being open on GCP using GCP CLI, follow these steps:
- Open the GCP Console and go to the Cloud Shell.
- Run the following command to list all the instances in your project:
gcloud compute instances list- Identify the instance that has the open MySQL port.
- Run the following command to SSH into the instance:
gcloud compute ssh [INSTANCE_NAME]Replace [INSTANCE_NAME] with the name of the instance that you identified in step 3.- Once you are logged in to the instance, run the following command to edit the
mysqld.cnffile:
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf- Look for the following line in the file:
bind-address = 0.0.0.0- Comment out this line by adding a
#at the beginning of the line:
# bind-address = 0.0.0.0- Save the changes and exit the file.
- Restart the MySQL service by running the following command:
sudo service mysql restart- Exit the SSH session by running the following command:
exitWith these steps, you have successfully remediated the MySQL port being open on your GCP instance using GCP CLI.Using Python
Using Python
To remediate the MySQL Port open misconfiguration in GCP using Python, you can follow the below steps:This will remove the MySQL port from the instance’s metadata, effectively closing the port.
- Import the necessary libraries:
- Authenticate and create a client object:
- Define the project and zone where the instance is located:
- Define the instance name and the network tag associated with the instance:
- Get the instance details using the
getmethod:
- Check if the MySQL port is open by looking at the instance’s network tags:
- If the MySQL port is open, remove it from the instance’s metadata: