GCP Introduction
GCP Pricing
GCP Threats
GCP Misconfigurations
- Getting Started with GCP Audit
- CloudSql Audit
- Cloud Tasks Monitoring
- Dataflow Monitoring
- Function Monitoring
- Monitoring Compliance
- PubSubLite Monitoring
- Spanner Monitoring
- NoSQL Monitoring
- Compute Audit
- IAM Audit
- BigQuery Monitoring
- CDN Monitoring
- DNS Monitoring
- KMS Monitoring
- Kubernetes Audit
- Load Balancer Monitoring
- Log Monitoring
- Storage Audit
- Pub/Sub Monitoring
- VPC Audit
- IAM Deep Dive
GCP Threats
RPC Port Should Not Be Open
More Info:
Determines if TCP port 135 for RPC is open to the public.
Risk Level
Medium
Address
Security
Compliance Standards
SOC2, GDPR, ISO27001, HIPAA, HITRUST, NISTCSF, PCIDSS, FedRAMP
Triage and Remediation
Remediation
Here are the step-by-step instructions to remediate the “RPC Port Should Not Be Open” misconfiguration in GCP using the GCP console:
- Log in to the GCP console (console.cloud.google.com).
- Navigate to the GCP project that has the misconfiguration.
- In the left-hand menu, click on the “Compute Engine” option.
- Click on the “VM instances” option to see a list of all the virtual machines in the project.
- Identify the virtual machine that has the open RPC port.
- Click on the name of the virtual machine to open its details page.
- Click on the “Edit” button at the top of the page to edit the VM instance settings.
- Scroll down to the “Firewall” section and click on “Network interfaces”.
- Under “Firewall rules”, click on “default-allow-rpc”.
- Click the “Delete” button to remove the rule.
- Click the “Save” button to save the changes.
This will remove the RPC port from being open on the virtual machine and remediate the misconfiguration.
To remediate the RPC Port Should Not Be Open misconfiguration on GCP using GCP CLI, follow these steps:
-
Open the Cloud Shell in your GCP console.
-
Run the following command to list all the firewall rules in your project:
gcloud compute firewall-rules list -
Identify the firewall rule that allows RPC traffic. You can identify it by looking at the
allowedsection of the rule and checking if it allowstcp:135ortcp:49152-65535. -
Once you have identified the firewall rule, run the following command to delete it:
gcloud compute firewall-rules delete [FIREWALL_RULE_NAME]Replace [FIREWALL_RULE_NAME] with the name of the firewall rule you want to delete.
-
Confirm the deletion by typing
Ywhen prompted. -
Verify that the firewall rule has been deleted by running the following command:
gcloud compute firewall-rules listThe firewall rule that allowed RPC traffic should no longer be listed.
By following these steps, you have successfully remediated the RPC Port Should Not Be Open misconfiguration on GCP using GCP CLI.
To remediate the RPC Port Should Not Be Open misconfiguration in GCP using Python, you can follow these steps:
- First, you need to identify the project and the instance that has the open RPC port. You can use the GCP Python SDK to list all the instances and their firewall rules in the project.
from google.cloud import compute_v1
compute = compute_v1.InstancesClient()
project = 'your-project-id'
zones = compute.zones().list(project=project).execute()
for zone in zones['items']:
instances = compute.instances().list(project=project, zone=zone['name']).execute()
for instance in instances['items']:
print(f"Instance Name: {instance['name']}")
firewall_rules = compute.firewalls().list(project=project).execute()
for rule in firewall_rules['items']:
if 'allowed' in rule and 'tcp' in rule['allowed']:
for port in rule['allowed']['tcp']:
if port == '135':
print(f"Firewall Rule Name: {rule['name']}")
- Once you have identified the instance and the firewall rule that has the open RPC port, you can use the GCP Python SDK to delete the firewall rule.
firewall_rule_name = 'rpc-firewall-rule'
compute.firewalls().delete(project=project, firewall=firewall_rule_name).execute()
- After deleting the firewall rule, you should verify that the RPC port is no longer open. You can use the GCP Python SDK to list the firewall rules again and verify that the RPC port is not allowed anymore.
firewall_rules = compute.firewalls().list(project=project).execute()
for rule in firewall_rules['items']:
if 'allowed' in rule and 'tcp' in rule['allowed']:
for port in rule['allowed']['tcp']:
if port == '135':
print(f"Firewall Rule Name: {rule['name']} still allows RPC port")
Note: Make sure you have the appropriate permissions to manage instances and firewall rules in your GCP project.