Ensure Oslogin Is Enabled for a Project

Risk Level: Medium
Cloud Entity: GCP Project
CloudGuard Rule ID: D9.GCP.CRY.03
Covered by Spectral: Yes
Category: Security, Identity, & Compliance

GSL LOGIC

Project should have metadata.items contain [ key='enable-oslogin' and value regexMatch /TRUE/i ]

REMEDIATION

From Portal

1. Go to the VM compute metadata page using https://console.cloud.google.com/compute/metadata?
2. Click Edit.
3. Add a metadata entry where the key is enable-oslogin and the value is TRUE.
4. Click Save to apply the changes.

From TF
Set the enable-oslogin to true in metadata node:

resource 'google_compute_project_metadata' 'default' {
	..
	metadata = {
		enable-oslogin = true
	}
	..
}

From Command Line
Run

gcloud compute project-info add-metadata --metadata enable-oslogin=TRUE

References

1. https://cloud.google.com/compute/docs/storing-retrieving-metadata
2. https://cloud.google.com/sdk/gcloud/reference/compute/project-info/add-metadata

GCP Project

A project organizes all your Google Cloud Platform resources. A project consists of a set of users; a set of APIs; and billing, authentication, and monitoring settings for those APIs. So, for example, all of your Cloud Storage buckets and objects, along with user permissions for accessing them, reside in a project. You can have one project, or you can create multiple projects and use them to organize your Google Cloud Platform resources, including your Cloud Storage data, into logical groups

Compliance Frameworks

• CloudGuard GCP All Rules Ruleset
• GCP CIS Controls V 8
• GCP CIS Foundations v. 1.0.0
• GCP CIS Foundations v. 1.1.0
• GCP CIS Foundations v. 1.2.0
• GCP CIS Foundations v. 1.3.0
• GCP CIS Foundations v. 2.0
• GCP CloudGuard Best Practices
• GCP CloudGuard CheckUp
• GCP GDPR Readiness
• GCP HIPAA
• GCP ISO 27001:2013
• GCP LGPD regulation
• GCP MITRE ATT&CK Framework v12.1
• GCP NIST 800-53 Rev 4
• GCP NIST 800-53 Rev 5
• GCP NIST CSF v1.1
• GCP PCI-DSS 3.2
• GCP PCI-DSS 4.0