Security Command Center of GCP

GCP SCC

------------- 

Security Command Center is Google Cloud's centralized vulnerability and threat reporting service. Security Command Center helps you strengthen your security posture by evaluating your security and data attack surface; providing asset inventory and discovery; identifying misconfigurations, vulnerabilities and threats; and helping you mitigate and remediate risks

To use Security Command Center, you must have an Identity and Access Management (IAM) role that includes appropriate permissions:

• Security Center Admin Viewer lets you view Security Command Center.
• Security Center Admin Editor lets you view Security Command Center and make changes.

The Threats dashboard helps you review potentially harmful events in your organization's Google Cloud resources.

• Threats by severity shows the number of threats in each severity level.
• Threats by category shows the number of findings in each category across all projects.
• Threats by resource shows the number of findings for each resource in your organization.

The threats dashboard displays results for the time period you specify in the drop-down list. The drop-down list has several options between 1 hour and "all time," which shows all findings since the service was activated. The time period you select is saved between sessions.

Scan with SCC and store logs will store in Cloud storage ->

** Security Health Analytics scans run in three modes:

Batch scan: All detectors are scheduled to run for all enrolled organizations two or more times a day. Detectors run on different schedules to meet specific service level objectives (SLO). To meet 12- and 24-hour SLOs, detectors run batch scans every six hours or 12 hours, respectively. Resource and policy changes that occur in between batch scans are not immediately captured and are applied in the next batch scan. Note: Batch scan schedules are performance objectives, not service guarantees.

Real-time scan: Supported detectors start scans whenever CAI reports a change in an asset's configuration. Findings are immediately written to Security Command Center.

Mixed-mode: Some detectors that support real-time scans might not detect changes in real time in all supported assets. In those cases, configuration changes for some assets are captured immediately and others are captured in batch scans. Exceptions are noted in the tables on this page.

Route GWS MAILBOXes from On prem postfix mail server // Hybrid Google GWS Solution

Edit transport file for ON-PREM POSTFIX

-----------------------------------

vi /etc/postfix/transport

#########################################

########### GWS MAIL Boxes ##############

#########################################

tayab.khan@tayabkhan.com   smtp:[ASPMX.L.GOOGLE.com]:25

#tayabkhan.com          smtp:[ASPMX.L.GOOGLE.com]

postmap /etc/postfix/transport

----------------------------------------------

Edit transport file for ON-PREM ZIMBRA server

-------------------------------------------

su - zimbra

vi /opt/zimbra/common/conf/transportfile [Create new file]

tayab.khan@tayabkhan.com   smtp:[ASPMX.L.GOOGLE.com]:25

postmap /opt/zimbra/common/conf/transportfile

zmprov ms `zmhostname` zimbraMtaTransportMaps "lmdb:/opt/zimbra/common/conf/transportfile,proxy:ldap:/opt/zimbra/conf/ldap-transport.cf"

[For Checking : zmlocalconfig   |grep -i postfix_transport_maps]

postfix reload

tail -f /var/log/zimbra.log

=-------------------------------------

From GWS admin panel use Route and also Default route for the incoming route

Check USB Port Speed from Linux Server

 

#Check USB Port Speed from Linux Server: 

 cat /sys/bus/usb/devices/usbX/speed

Here X will be 1 or 2 or 3 , usb1 or usb2 or usb3 

if  give you the bus speed of the root hub(s) in Mbps: 

either 1.5, 12, indicate USB1 (low speed or full speed)

either 480, indicate USB2

either 5000 or 10000, indicate USB3

#Create specific size file and check read write speed in linux

dd if=/dev/zero of=test bs=1G count=1

this will carete a 1Gb file name will be test

How to mount a Google Cloud Bucket in Linux using gcsfuse

 

========================

Mounting a Google Cloud Storage bucket into CentOS/Debian

================================================

So here are the steps;

Create a GCP Cloud Storage bucket

Add a service account to which has access to that bucket

Install GCSFuse (The software that actually does the job) on the server

Prepare to mount (like we were doing bungee jumping up-to this point)

[Optional] Configure HTTP proxy settings

Mount the bucket

------------

key.json create

enable api

https://console.cloud.google.com/apis/enableflow?apiid=iam.googleapis.com&redirect=https:%2F%2Fconsole.cloud.google.com&_ga=2.231830424.623026834.1668416683-356279560.1666504556&_gac=1.84295403.1667475992.Cj0KCQjwqoibBhDUARIsAH2OpWgkL2zPs1B-deHAoIRedHDdgqrlFzJDsyKyG1fqB1l6tVO7MIxrWNcaArfrEALw_wcB&authuser=1&project=stl-tms

from the top area click the Create Service Account button.

Add a unique name, and press Create

In the grant service account access step, select Cloud Storage > Storage Object Admin

Goto Console-> IAM -> service account -> create Service account -> (... Actions) -> Manage Key -> create json file ->

upload this key.json file to linux instance

gcsfuse --key-file /home/khan/stl-td2e879f.json --foreground /bucketdata

============================

----------------------

Mount in a Ubuntu instance

------------------------

** Install gcsfuse

Enter the following commands one by one

sudo apt-get update

sudo apt-get install curl -y

export GCSFUSE_REPO=gcsfuse-`lsb_release -c -s`

echo "deb http://packages.cloud.google.com/apt $GCSFUSE_REPO main" | sudo tee /etc/apt/sources.list.d/gcsfuse.list

curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -

sudo apt-get update

sudo apt-get install gcsfuse

As of now, you should have gcsfuse installed and ready for action. But we will need google-cloud-sdk for authenticating to the Google Storage

** Install Google Cloud SDK

export CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)"

echo "deb http://packages.cloud.google.com/apt $CLOUD_SDK_REPO main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list

curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -

sudo apt-get update && sudo apt-get install google-cloud-sdk

Authenticate with Google Cloud Storage

Switch to the user you will be mounting your bucket with. And issue the following command

gcloud auth application-default login

This will present you with a URL. Copy that URL and paste it in your browser, login with your Google account. You should see a token on your browser window. Copy it and paste it in the Terminal prompt asking for the verification code.

Once you give the token, you should be authenticated and you can now mount your Bucket.

Mount the bucket

Again, switch to the user you want to mount the bucket as. This is important because you cannot change the ownership of the mount. If you mount it with root user, then the mount can only be used by the root user.

mkdir /mnt/google-cloud-bucket

gcsfuse your_bucket_name /mnt/google-cloud-bucket

That’s it, you should have your bucket mounted on your system. You can verify the mount using the df -h command

===========================

Linux Users command save in a log file

 If you want to keep a trace all Linux user commands in a log file, 

Follow below-mentioned steps:

1)** Edit /etc/rsyslog.d/bash.conf

vi /etc/rsyslog.d/bash.conf

and add the following: 

local6.*    /var/log/commands.log

2)** Open /root/.bashrc:

sudo -e /etc/bashrc

and add this line:

export PROMPT_COMMAND='RETRN_VAL=$?;logger -p local6.debug "$(whoami) [$$]: $(history 1 | sed "s/^[ ]*[0-9]\+[ ]*//" )"'

Run the following to load the changes:

source /etc/bashrc

3)** Edit /etc/logrotate.d/syslog:

sudo -e /etc/logrotate.d/syslog

and add the following line:

/var/log/commands.log

4)** Restart rsyslog service:

sudo service rsyslog restart 

5)** With the above, the logs are saved in /var/log/commands.log in the following format:

Enjoy.... @taybkhan@

tail -f /var/log/commands.log