![Screenshot 2024-03-12 at 11.34.19 AM.png]](https://cloud-kb.sentinelone.com/hs-fs/hubfs/Screenshot%202024-03-12%20at%2011.34.19%20AM.png?height=40&name=Screenshot%202024-03-12%20at%2011.34.19%20AM.png){kind=small}
GCP Knowledge Base
Security checks and vulnerability fixes for GCP.
Google Cloud VPC
- Open RPC
- Metadata Included In Firewall Logging
- Open Oracle
- Open NetBIOS
- All Ports Open
- Open SSH
- Open Kibana
- Open SMTP
- Open Hadoop HDFS NameNode WebUI
- Open FTP
- Open VNC Client
- Open RDP
- Open Salt
- Open SMBoTCP
- Open Hadoop HDFS NameNode Metadata Service
- Firewall Rule Logs Disabled
- Open Telnet
- Open MYSQL
- Open Cassandra
- Open Docker
- Private Access Disabled
- Open PostgreSQL
- Open Oracle Auto Data Warehouse
- Open SQL Server
- Open Redis
- Open MSSQL
- Sub Networks Flow Logs Disabled
- Open MongoDB
- Open DNS
- Open VNC Server
- Open CIFS
Google Cloud IAM
- Service Account Keys Not Generated By Google
- Service Over Per Account Failure Limit
- Personal Accounts are in Use
- IAM Users With Both Service Account User And Service Account Admin Role
- Managed Service Accounts With Admin Access
- User With IAM Service Account User Role
- Service Account Key Rotation Due
- Users with Admin and CryptoKey Roles
Google Cloud Load Balancing
Google Cloud Logging
- Audit Logging Not Configured Properly
- VPC Network Log Alert Missing
- Log Encryption Disabled
- Project Ownership Log Alert Missing
- Audit Configuration Log Alert Missing
- VPC Network Route Log Alert Missing
- Dangling Log Sink Bucket
- Log Sinks Disabled
- VPC Firewall Rule Log Alert Missing
- Audit Logging Exempted Members
- Custom Role Log Alert Missing
- SQL Configuration Log Alert Missing
- Storage Permissions Log Alert Missing
Google Cloud Kubernetes Engine
- Cluster Not Using Least Privilege
- Master Authorized Network Disabled
- Logging Disabled
- Basic Authentication Enabled
- Web Dashboard Enabled
- Legacy Authorization Enabled
- Secure Boot Disabled
- Cluster Encryption Not Desired Level
- Node Encryption Not On Desired Protection Level
- Automatic Node Repair Disabled
- Alias IP Ranges Disabled
- Shielded Nodes Disabled
- Monitoring Disabled
- Default Service Account Used
- Private Endpoint Disabled
- COS Image Disabled
- Integrity Monitoring Disabled
- Network Policy Disabled
- Kubernetes Alpha Enabled
- Automatic Node Upgrades Disabled
- Private Cluster Disabled
Google Cloud Pub/Sub
Google Compute Engine
- Old Persistent Disk Snapshots Used
- VM Max Instances Limit Reached
- Instance Default Service Account Used
- IP Forwarding Enabled
- Instance Not Using Desired Machine Image
- VM Disk Image Publicly Accessible
- VM Instance On Host Maintenance Not Configured
- Instance Template Machine Type Not Desired
- Instance Automatic Restart Disabled
- Shielded VM Disabled
- Instance Disk Encryption Not As Desired
- Instances Not Multi Zonal
- Autoscale Disabled
- Instance Is Not Desired Machine Type
- Preemptible VM Instance Used
- Project Wide SSH Enabled
- VM Instance Disks Auto Delete Enabled
- VM Instances Default Privilege
- Managed VM Instance Group Automatic Healing Disabled
- VM Instance Deletion Protection Missing
- OS Login 2FA Disabled
- OS Login Disabled
- Connect Serial Ports Enabled
- Instance Public Access Enabled
Google Cloud Key Management Service (KMS)
Google Cloud DNS
Google Cloud Storage
- Bucket Logging Disabled
- Bucket Customer-Managed Encryption Disabled
- Lifecycle Management Rules Missing
- Storage Bucket Retention Policy Not Locked
- Bucket Uniform Level Access Disabled
- Cloud Storage Bucket Versioning Disabled
- Storage Bucket Retention Policy Expired
- Storage Bucket Retention Policy About to Expire
- Storage Bucket Retention Policy Not Set
- Storage Bucket Publicly Accessible
Google Cloud Dataproc
Google Cloud SQL
- SQL Server Certificates About To Expire
- Any Host Access For Root User Enabled
- SQL Cross DB Ownership Chaining Enabled
- MySQL Local Infile Enabled
- PostgreSQL Checkpoint Logs Disabled
- PostgreSQL Min Duration Logs Enabled
- PostgreSQL Disconnection Logs Disabled
- Root Password Not Set For MySQL Instances
- Mysql Version Not As Desired
- PostgreSQL Version Not As Desired
- SQL Automated Backups Disabled
- Public IP is attached to SQL instances
- PostgreSQL Max Connections Not As Desired
- SQL Contained Database Authentication Enabled
- PostgreSQL Undesired Error Logging Level
- SSL Disabled For SQL Databases
- MySQL Slow Query Logs Disabled
- SQL Database Publicly Accessible
- SQL Server Certificates Expired
- DB Non-Restorable
- SQL Automatic Storage Increase Disabled
- PostgreSQL Temp File Logs Disabled
- SQL Automatic Failover To Another Zone Missing
- SQL Instance Customer-Managed Encryption Disabled
- PostgreSQL Connection Logs Disabled
- PostgreSQL Lock Wait Logs Disabled