Other Articles
- Cloud SQL – Configure Private IP
- Cloud SQL – Monitor CPU Utilization
- Cloud SQL – Enable Deletion Protection
- Cloud SQL – Enable Disk Encryption
- Cloud SQL – Enable Automated Backups
- Cloud SQL – Enable Log Export
- Cloud SQL – Enforce Password Validation
- Cloud SQL – Protect From Internet Access
- Cloud SQL – Enforce Secure Transport
- Compute Engine – Block Project-Wide SSH Keys
- Compute Engine – Disable IP Forwarding
- Compute Engine – Disable Public IP Addresses
- Compute Engine – Enable Confidential Computing
- Compute Engine – Enable OS Login
- Compute Engine – Enable Shielded VM
- Compute Engine – Restrict Default Service Account
- General – Deny Public Access to KMS Keys
- General – Enforce Duties Separation
- General – Enforce KMS Key Rotation
- General – Restrict Admin Roles on Service Accounts
- Cloud Run – Configure Timeout Settings
- Cloud Storage – Enable Bucket Encryption
- Cloud Storage – Enable Bucket Logging
- Cloud Storage – Enable Bucket Versioning
- Cloud Storage – Enforce Uniform Bucket-Level Access
- Cloud Storage – Restrict Public Access
- IAM Users – Enforce GCP-Managed Keys
- IAM Users – Rotate External User-Managed Service Account Keys
Compute Engine – Disable Serial Port Access
This check ensures that connecting to serial ports is disabled for Google Cloud Compute Engine VM instances. Disabling serial port access helps prevent unrestricted interactive access that could bypass standard authentication mechanisms.
Check Details
- Resource: Compute Engine VM Instance
- Check: Disable serial port access
- Risk: Enabled serial port access can allow users to gain interactive access to VM instances, potentially bypassing IAM and SSH controls
Remediation via Google Cloud Console
-
Log in to the Google Cloud Console and navigate to
Compute Engine → VM instances.
- Click on the affected VM instance to open its details page.
-
Click Edit at the top of the page.
- Scroll down to the Remote access section.
-
Uncheck Enable connecting to serial ports.
- Click Save to apply the changes.
Remediation via gcloud CLI
-
Open the Google Cloud Console and click the
Cloud Shell icon (
>_) in the top-right corner.
-
Disable serial port access for the VM instance by running:
gcloud compute instances add-metadata <INSTANCE_NAME> \ --zone=<ZONE> \ --metadata=serial-port-enable=false -
Alternatively, you can use:
gcloud compute instances add-metadata <INSTANCE_NAME> \ --zone=<ZONE> \ --metadata=serial-port-enable=0
Replace <INSTANCE_NAME> and <ZONE> with the
appropriate values for your VM.
Default Value
By default, connecting to serial ports is not enabled for Compute Engine VM instances.