SSH Port Should Not Be Open

More Info:

Determines if TCP port 22 for SSH is open to the public.

Risk Level

Medium

Address

Security

Compliance Standards

SOC2, PCIDSS, ISO27001, HIPAA, CISGCP, CBP, HITRUST, GDPR, NISTCSF, FedRAMP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the SSH port open misconfiguration in GCP using GCP CLI, follow these steps:

Open the GCP CLI and connect to your project.
Run the following command to list all the instances in your project:
```
gcloud compute instances list
```
Identify the instance for which you want to remediate the misconfiguration.
Run the following command to get the details of the instance:
```
gcloud compute instances describe [INSTANCE_NAME]
```
Replace [INSTANCE_NAME] with the name of your instance.
Look for the metadata section in the output. If you see a ssh-keys entry, then SSH port is open. To remediate this, delete the ssh-keys entry.
Run the following command to delete the ssh-keys entry:
```
gcloud compute instances remove-metadata [INSTANCE_NAME] --keys ssh-keys
```
Replace [INSTANCE_NAME] with the name of your instance.
Verify that the ssh-keys entry has been deleted by running the gcloud compute instances describe command again.
```
gcloud compute instances describe [INSTANCE_NAME]
```
You should not see the ssh-keys entry in the output.
Repeat steps 4-7 for all the instances in your project to ensure that SSH port is not open on any of them.

By following these steps, you can remediate the SSH port open misconfiguration in GCP using GCP CLI.

Using Python

To remediate the SSH port being open misconfiguration in GCP using Python, you can follow these steps:

Import the necessary libraries:

from googleapiclient import discovery
from oauth2client.client import GoogleCredentials

Set up authentication credentials:

credentials = GoogleCredentials.get_application_default()
service = discovery.build('compute', 'v1', credentials=credentials)

Retrieve the project ID:

project = 'your-project-id'

Retrieve the list of instances:

instances = service.instances().list(project=project, zone='us-central1-a').execute()

Note: Replace the zone with the appropriate zone for your instance.

Loop through the instances and update the firewall rules to restrict SSH access:

for instance in instances['items']:
    instance_name = instance['name']
    instance_zone = instance['zone'].split('/')[-1]
    firewall_name = 'ssh-' + instance_name
    firewall_body = {
        'allowed': [],
        'description': 'Restrict SSH access to specified IP ranges',
        'name': firewall_name,
        'network': 'default',
        'priority': 1000,
        'sourceRanges': [
            '0.0.0.0/0'
        ],
        'targetTags': [
            instance_name
        ]
    }
    firewall = service.firewalls().insert(project=project, body=firewall_body).execute()
    print('Firewall rule created for instance {}: {}'.format(instance_name, firewall['id']))

Note: This code creates a new firewall rule for each instance to restrict SSH access to specified IP ranges. You can modify the sourceRanges parameter to specify the IP ranges that should be allowed to access SSH.

Remove the existing firewall rule that allows SSH access:

firewall_name = 'default-allow-ssh'
firewall = service.firewalls().delete(project=project, firewall=firewall_name).execute()
print('Firewall rule deleted: {}'.format(firewall_name))

Note: This code removes the default firewall rule that allows SSH access from any IP address.

Verify that the firewall rules have been updated:

firewalls = service.firewalls().list(project=project).execute()
for firewall in firewalls['items']:
    print(firewall['name'], firewall['sourceRanges'])

Note: This code lists all the firewall rules in the project and their associated source IP ranges. You should see that the new firewall rules restrict SSH access to specified IP ranges.

Additional Reading:

https://cloud.google.com/vpc/docs/using-firewalls

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

SSH Port Should Not Be Open

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: