Triage and Remediation
Remediation
Using Console
Using Console
To remediate the PostgreSQL port being open on GCP using the GCP console, follow these steps:
- Open the GCP Console and navigate to the GCP project where the PostgreSQL instance is located.
- In the left-hand menu, click on “SQL” to open the Cloud SQL Instances page.
- Locate the PostgreSQL instance that has the open port and click on its name to open the instance details page.
- Click on the “Edit” button at the top of the page to open the Edit instance page.
- Scroll down to the “Connections” section and locate the “Authorized networks” field.
- Click on the “Add network” button to add a new network.
- In the “Network” field, enter the IP address range or CIDR block that you want to authorize to access the instance.
- Click on the “Save” button to save the changes.
- Repeat steps 6-8 for any additional networks that need to be authorized.
- Scroll down to the bottom of the Edit instance page and click on the “Save” button to apply the changes.
Using CLI
Using CLI
The following are the step-by-step instructions to remediate the PostgreSQL port open misconfiguration for GCP using GCP CLI:
- Open the Google Cloud Console and select the project where the PostgreSQL instance is running.
- Open the Cloud Shell by clicking on the button located on the top right corner of the console.
-
Run the following command to list all the instances in the project:
- Identify the instance running PostgreSQL and note down its name.
-
Run the following command to SSH into the instance:
Replace [INSTANCE_NAME] with the name of the instance running PostgreSQL.
-
Once you are logged into the instance, open the PostgreSQL configuration file using the following command:
Replace [POSTGRESQL_VERSION] with the version of PostgreSQL installed on the instance.
-
Look for the following line in the configuration file:
Uncomment the line by removing the ’#’ at the beginning and change the value to ‘localhost’ as shown below:
- Save the changes to the configuration file by pressing Ctrl+O and then exit the editor by pressing Ctrl+X.
-
Restart the PostgreSQL service using the following command:
- Exit the SSH session by typing ‘exit’ in the terminal.
-
Finally, run the following command to verify that the PostgreSQL port is not open:
The output should show that the port is closed.
Using Python
Using Python
To remediate the PostgreSQL port open misconfiguration in GCP using Python, you can use the following steps:
-
Import the necessary libraries:
-
Authenticate with Google Cloud:
-
Define the project ID, zone, and instance name:
-
Get the instance details:
-
Check if the PostgreSQL port is open:
-
If the PostgreSQL port is open, delete the firewall rule:
This will delete the firewall rule named “postgresql” that allows traffic on port 5432.
-
If the PostgreSQL port is not open, no action is required.
This will print a message indicating that the PostgreSQL port is not open. The complete Python code to remediate the PostgreSQL port open misconfiguration in GCP is as follows:Replace the
your_project_idandyour_instance_nameplaceholders with the appropriate values for your GCP project and instance.