Disable Serial Port Access Support at Organization Level

More Info:

Ensure that “Disable VM serial port access” constraint policy is enabled for your Google Cloud Platform (GCP) organizations. Due to security and compliance regulations, the serial port access to your Compute Engine virtual machine (VM) instances must be disabled.

Risk Level

Medium

Address

Security, Operational Maturity

Compliance Standards

CISGCP, CBP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration “Disable Serial Port Access Support at Organization Level” for GCP using GCP CLI, follow these steps:

Open the GCP CLI and log in to your GCP account using your credentials.
Run the following command to disable serial port access support at the organization level:

gcloud alpha compute organizations update --disable-serial-port-access

Once the command is executed successfully, the serial port access support will be disabled at the organization level.
Verify the changes by running the following command:

gcloud alpha compute organizations describe

This command will display the organization’s details, including the serial port access support status. If the serial port access support is disabled, it will be reflected in the output.Note: The above command is in alpha state and may change in the future. It is recommended to check the latest documentation before executing the command.

Using Python

To disable Serial Port Access Support at the Organization Level in GCP using Python, you can follow these steps:

First, you need to authenticate with the GCP API using a Service Account. You can create a Service Account with the necessary permissions in the GCP Console and download the Service Account Key as a JSON file.
Install the Google Cloud SDK and the necessary Python libraries for interacting with the GCP API. You can do this by running the following command in your terminal:

pip install google-cloud google-auth google-auth-oauthlib google-auth-httplib2

Import the necessary libraries and authenticate with the GCP API using the Service Account Key:

from google.oauth2 import service_account
from googleapiclient.discovery import build

credentials = service_account.Credentials.from_service_account_file(
    'path/to/service_account_key.json')
service = build('cloudresourcemanager', 'v1', credentials=credentials)

Use the organizations.patch method to update the enableSerialPortAccess field of the Organization resource. Set the value of enableSerialPortAccess to False to disable Serial Port Access Support at the Organization Level:

org_id = 'your_organization_id'
org = service.organizations().get(name=f'organizations/{org_id}').execute()
org['enableSerialPortAccess'] = False
updated_org = service.organizations().patch(name=f'organizations/{org_id}', body=org).execute()

Verify that Serial Port Access Support has been disabled at the Organization Level by checking the enableSerialPortAccess field of the Organization resource:

print(f'Serial Port Access Support is now disabled at the Organization Level: {updated_org["enableSerialPortAccess"]}')

And that’s it! You have successfully remediated the misconfiguration by disabling Serial Port Access Support at the Organization Level in GCP using Python.

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

Disable Serial Port Access Support at Organization Level

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation