Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of VNC Server Port being open in GCP using the GCP console, follow the below steps:
- Login to the GCP Console.
- Navigate to the Compute Engine section.
- Select the VM instance that has the open VNC server port.
- Click on the “Edit” button at the top of the page.
- Scroll down to the “Firewall” section.
- In the “Firewall” section, uncheck the “Allow HTTP traffic” and “Allow HTTPS traffic” options.
- Scroll down to the “Cloud API access scopes” section.
- In the “Cloud API access scopes” section, uncheck the “Allow default access” option.
- Click on the “Save” button to apply the changes.
- Verify that the VNC server port is no longer open by running a port scan on the VM instance.
- If the VNC server port is still open, repeat the above steps and check for any misconfiguration or errors.
Using CLI
Using CLI
To remediate the misconfiguration of having the VNC server port open on a GCP instance, you can follow the below steps using GCP CLI:
- Open the Cloud Shell in the GCP Console.
-
Identify the instance that has the VNC server port open. You can use the following command to list all instances in your project:
-
Once you have identified the instance, connect to it using SSH. You can use the following command to connect to the instance:
-
Once you are connected to the instance, you need to find the VNC server process ID. You can use the following command to find the process ID:
-
Once you have found the process ID, you can use the following command to kill the process:
-
Next, you need to disable the VNC server from starting automatically on boot. You can use the following command to remove the VNC server startup script:
-
Finally, you need to ensure that the VNC server port is closed in the firewall. You can use the following command to remove the firewall rule that allows access to the VNC server port:
Replace [FIREWALL_RULE_NAME] with the name of the firewall rule that allows access to the VNC server port.
Using Python
Using Python
To remediate the misconfiguration of VNC Server Port being open in GCP using Python, you can follow the below steps:
-
First, you need to authenticate and authorize the GCP account using the Google Cloud SDK. You can do this by running the following command in the terminal:
-
Next, you need to install the Python client library for GCP. You can do this by running the following command in the terminal:
-
Once the library is installed, you can create a Python script to remediate the misconfiguration. The script should perform the following steps:
a. Get a list of all the instances running in the GCP project using the Compute Engine API.
b. For each instance, check if the VNC server port is open. You can do this by using the
googleapiclient.discoverylibrary to make a request to the Compute Engine API. c. If the VNC server port is open, use thegoogleapiclient.discoverylibrary to make a request to the Compute Engine API to update the firewall rule and close the port. -
Here is a sample Python script that you can use to remediate the misconfiguration:
Note: Replace
your-project-idwith the actual project ID. -
Save the script and run it in the terminal using the following command:
This will remediate the misconfiguration by closing the VNC server port in all the instances running in the GCP project.