Ensure security rule is configured for protection against Apache Log4j2 in Google Compute Security Policy

HIGH

Description

Google Cloud has provided a Web Application Firewall (WAF) rule configuration that can help mitigate the Apache Log4j vulnerability in CVE-2021-44228. For more information, including additional configuration examples, see the GCP documentation.
References:
https://cloud.google.com/blog/products/identity-security/recommendations-for-apache-log4j2-vulnerability

Remediation

In GCP Console -

Open the Network Security Page.
Click on Cloud Armor
Select the name of the policy to edit.
Click Add Rule, select Advanced mode .
In the match block Typee valuatePreconfiguredExpr('cve-canary') and choose a priority.
Click Add.

In Terraform -

In the google_compute_ssl_policy resource, add an action set to deny having match block with the exp having expression = evaluatePreconfiguredExpr('cve-canary').

References:
https://registry.terraform.io/providers/hashicorp/google/4.50.0/docs/resources/compute_security_policy#expr
https://cloud.google.com/load-balancing/docs/ssl-policies-concepts

Policy Details

Rule Reference ID: AC_GCP_0302

CSP: GCP

Remediation Available: No

Domain: Infrastructure Security

Resource: google_compute_security_policy

Resource Category: Compute

Resource Type: Virtual Machine

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0