gcloud-firewall-rule-logging-not-enabled: Enable Logging for VPC Firewall Rules

日期: 2025-08-01 | 影响软件: gcloud firewall rule logging not enabled | POC: 已公开

漏洞描述

Enable Virtual Private Cloud (VPC) firewall rule logging for each firewall rule whose connections you need to log. Firewall rule logging provides valuable insights into the source and destination of traffic, protocols, ports, and actions taken by the rules.

PoC代码[已公开]

id: gcloud-firewall-rule-logging-not-enabled

info:
  name: Enable Logging for VPC Firewall Rules
  author: princechaddha
  severity: medium
  description: |
    Enable Virtual Private Cloud (VPC) firewall rule logging for each firewall rule whose connections you need to log. Firewall rule logging provides valuable insights into the source and destination of traffic, protocols, ports, and actions taken by the rules.
  impact: |
    Without firewall rule logging, it is difficult to analyze and monitor network traffic, making it challenging to troubleshoot and ensure compliance with security policies.
  remediation: |
    Enable logging for your VPC firewall rules to capture connection details, including traffic source, destination, and actions taken by the rules.
  reference:
    - https://cloud.google.com/vpc/docs/using-firewall-rules-logging
  tags: cloud,devops,gcp,gcloud,google-cloud-vpc,firewall-logging,security,gcp-cloud-config

flow: |
  code(1)
  for(let projectId of iterate(template.projectIds)){
    set("projectId", projectId)
    code(2)
    for(let network of iterate(template.networks)){
      set("networkName", network)
      code(3)
    }
  }

self-contained: true

code:
  - engine:
      - sh
      - bash
    source: |
      gcloud projects list --format="json(projectId)"

    extractors:
      - type: json
        name: projectIds
        internal: true
        json:
          - '.[].projectId'

  - engine:
      - sh
      - bash
    source: |
      gcloud compute networks list --project $projectId --format="json(name)"

    extractors:
      - type: json
        name: networks
        internal: true
        json:
          - '.[].name'

  - engine:
      - sh
      - bash
    source: |
      gcloud compute firewall-rules list --filter="network=$networkName" --sort-by="priority" --format="json(name,disabled,direction,logConfig)"

    matchers:
      - type: word
        words:
          - '"enable": false'
          - '"disabled": false'
        condition: and

    extractors:
      - type: dsl
        dsl:
          - '"The firewall rule " + name + " in network " + networkName + " in project " + projectId + " does not have logging enabled."'
# digest: 4b0a00483046022100d5031c3dce754710cfcafe6f799a9421188b95c712f5d77b1b35c6783f1e22ad022100f9a2fbc7b3b8384572f1e2885ea08397e6567d15ead3f3208344aa4884d56f45:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./cloud/gcp/vpc/gcloud-firewall-rule-logging-not-enabled.yaml