PostgreSQL Port Should Not Be Open

More Info:

Determines if TCP port 5432 for PostgreSQL is open to the public

Risk Level

Medium

Address

Security

Compliance Standards

SOC2, GDPR, HITRUST, NISTCSF, PCIDSS, FedRAMP

Triage and Remediation

Remediation

Using Console

Using CLI

The following are the step-by-step instructions to remediate the PostgreSQL port open misconfiguration for GCP using GCP CLI:

Open the Google Cloud Console and select the project where the PostgreSQL instance is running.
Open the Cloud Shell by clicking on the button located on the top right corner of the console.
Run the following command to list all the instances in the project:
```
gcloud compute instances list
```
Identify the instance running PostgreSQL and note down its name.
Run the following command to SSH into the instance:
```
gcloud compute ssh [INSTANCE_NAME]
```
Replace [INSTANCE_NAME] with the name of the instance running PostgreSQL.
Once you are logged into the instance, open the PostgreSQL configuration file using the following command:
```
sudo nano /etc/postgresql/[POSTGRESQL_VERSION]/main/postgresql.conf
```
Replace [POSTGRESQL_VERSION] with the version of PostgreSQL installed on the instance.
Look for the following line in the configuration file:
```
#listen_addresses = 'localhost'
```
Uncomment the line by removing the ’#’ at the beginning and change the value to ‘localhost’ as shown below:
```
listen_addresses = 'localhost'
```
Save the changes to the configuration file by pressing Ctrl+O and then exit the editor by pressing Ctrl+X.
Restart the PostgreSQL service using the following command:
```
sudo service postgresql restart
```
Exit the SSH session by typing ‘exit’ in the terminal.
Finally, run the following command to verify that the PostgreSQL port is not open:
```
nmap -p 5432 localhost
```
The output should show that the port is closed.

By following these steps, you have successfully remediated the PostgreSQL port open misconfiguration for GCP using GCP CLI.

Using Python

To remediate the PostgreSQL port open misconfiguration in GCP using Python, you can use the following steps:

Import the necessary libraries:

from google.cloud import compute_v1
import google.auth

Authenticate with Google Cloud:

credentials, project = google.auth.default()
compute = compute_v1.InstancesClient(credentials=credentials)

Define the project ID, zone, and instance name:

project_id = 'your_project_id'
zone = 'us-central1-a'
instance_name = 'your_instance_name'

Get the instance details:

instance = compute.get(project=project_id, zone=zone, instance=instance_name)

Check if the PostgreSQL port is open:

postgresql_open = False
for firewall in instance['networkInterfaces'][0]['accessConfigs'][0]['natIP']:
    if firewall['name'] == 'postgresql':
        postgresql_open = True
        break

If the PostgreSQL port is open, delete the firewall rule:

if postgresql_open:
    firewall_body = {
        "name": "postgresql",
        "network": "global/networks/default",
        "direction": "INGRESS",
        "priority": 1000,
        "sourceRanges": ["0.0.0.0/0"],
        "allowed": [{
            "IPProtocol": "tcp",
            "ports": ["5432"]
        }]
    }
    compute.firewalls().delete(project=project_id, firewall='postgresql').execute()

This will delete the firewall rule named “postgresql” that allows traffic on port 5432.

If the PostgreSQL port is not open, no action is required.

else:
    print("PostgreSQL port is not open.")

This will print a message indicating that the PostgreSQL port is not open. The complete Python code to remediate the PostgreSQL port open misconfiguration in GCP is as follows:

from google.cloud import compute_v1
import google.auth

credentials, project = google.auth.default()
compute = compute_v1.InstancesClient(credentials=credentials)

project_id = 'your_project_id'
zone = 'us-central1-a'
instance_name = 'your_instance_name'

instance = compute.get(project=project_id, zone=zone, instance=instance_name)

postgresql_open = False
for firewall in instance['networkInterfaces'][0]['accessConfigs'][0]['natIP']:
    if firewall['name'] == 'postgresql':
        postgresql_open = True
        break

if postgresql_open:
    firewall_body = {
        "name": "postgresql",
        "network": "global/networks/default",
        "direction": "INGRESS",
        "priority": 1000,
        "sourceRanges": ["0.0.0.0/0"],
        "allowed": [{
            "IPProtocol": "tcp",
            "ports": ["5432"]
        }]
    }
    compute.firewalls().delete(project=project_id, firewall='postgresql').execute()
else:
    print("PostgreSQL port is not open.")

Replace the your_project_id and your_instance_name placeholders with the appropriate values for your GCP project and instance.

Additional Reading:

https://cloud.google.com/vpc/docs/using-firewalls

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

PostgreSQL Port Should Not Be Open

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: