Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “VNC Client Port Should Not Be Open” in GCP using GCP console, follow the below steps:
- Login to the GCP console with your credentials.
- Navigate to the Compute Engine section from the left-hand side menu.
- Click on the name of the instance where you want to remediate the misconfiguration.
- Click on the “Edit” button at the top of the page.
- Scroll down to the “Firewall” section.
- Click on the “default-allow-rdp” rule.
- Click on the “Edit” button.
- In the “Protocols and ports” section, uncheck the “tcp:3389” checkbox.
- Click on the “Save” button to save the changes.
- Repeat steps 6-9 for “default-allow-vnc” rule.
- Click on the “Save” button at the bottom of the page to save the changes.
Using CLI
Using CLI
To remediate the VNC Client Port Should Not Be Open misconfiguration in GCP using GCP CLI, follow these steps:
- Open the Cloud Shell by clicking the Activate Cloud Shell button in the GCP Console.
-
Run the following command to list all the firewall rules in your project:
- Identify the firewall rule that allows traffic to the VNC client port (usually port 5900).
-
Run the following command to delete the firewall rule:
Replace
[FIREWALL_RULE_NAME]with the name of the firewall rule that allows traffic to the VNC client port. -
Verify that the firewall rule has been deleted by running the following command:
The output should not include the firewall rule that allowed traffic to the VNC client port.
- You have successfully remediated the VNC Client Port Should Not Be Open misconfiguration in GCP using GCP CLI.
Using Python
Using Python
To remediate the VNC Client Port open misconfiguration in GCP using Python, you can follow these steps:
- First, you need to authenticate and authorize your Google Cloud account using the Python client library. You can do this by following the instructions in the official Google Cloud documentation.
-
Next, you need to identify the GCP project and the specific instance(s) that have the VNC client port open. You can use the
google-cloud-sdkcommand-line tool or the Python client library to list all the instances in your project. -
Once you have identified the instances with the VNC client port open, you can use the Python client library to update the firewall rules for each instance to block the VNC client port. Here’s an example code snippet that uses the
google-cloud-firewalllibrary to update the firewall rules for an instance:
- Finally, you can verify that the VNC client port is no longer open by trying to connect to it from a remote machine. If the remediation was successful, the connection should be refused.