Untitled

avatar
unknown
plain_text
6 months ago
2.1 kB
3
Indexable
Here are the CLI commands to check for the firewall misconfigurations described in the report:


---

1. Check for Firewall INGRESS Rule Allowing Public Access (0.0.0.0/0) to a Sensitive Port

CLI Command:

gcloud compute firewall-rules list --filter="direction=INGRESS AND sourceRanges:0.0.0.0/0 AND (allowed:tcp:22 OR allowed:tcp:3389)"

Explanation:

This command filters for INGRESS rules that allow access from all IPs (0.0.0.0/0) to sensitive ports like SSH (22) and RDP (3389).



---

2. Check for Firewall Rule Allowing a Broad Port Range

CLI Command:

gcloud compute firewall-rules list --filter="direction=INGRESS AND sourceRanges:0.0.0.0/0 AND allowed:tcp" --format="table(name, allowed, sourceRanges)"

Explanation:

This command lists all INGRESS rules with a source of 0.0.0.0/0 and allowed TCP ports. The output can be used to identify rules with broad port ranges like tcp:0-65535 or large port ranges.



---

3. Check for Firewall Rule Allowing Public Access (0.0.0.0/0)

CLI Command:

gcloud compute firewall-rules list --filter="sourceRanges:0.0.0.0/0"

Explanation:

This command checks for firewall rules that allow public access from 0.0.0.0/0 for any ports, exposing resources to the public internet.



---

4. Check for Firewall Rule Opening All Ports (0-65535)

CLI Command:

gcloud compute firewall-rules list --filter="allowed:tcp:0-65535 AND sourceRanges:0.0.0.0/0"

Explanation:

This command filters firewall rules that allow all TCP ports (tcp:0-65535) to be accessed from any IP (0.0.0.0/0), exposing all services.



---

General Command for Listing All Firewall Rules

To list all firewall rules and check for any issues manually:

gcloud compute firewall-rules list --format="table(name, direction, sourceRanges, allowed)"

This will list all firewall rules with their name, direction, source ranges, and allowed ports, allowing for manual inspection of any misconfigurations.



---

These commands will allow you to check for the existence of the misconfigurations mentioned in the report without creating new issues.
Editor is loading...
Leave a Comment