diff --git a/SUMMARY.md b/SUMMARY.md index b3ad79b179..d751431e74 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -154,7 +154,7 @@ * [GCP - Monitoring Enum](pentesting-cloud/gcp-security/gcp-services/gcp-monitoring-enum.md) * [GCP - Pub/Sub Enum](pentesting-cloud/gcp-security/gcp-services/gcp-pub-sub.md) * [GCP - Secrets Manager Enum](pentesting-cloud/gcp-pentesting/gcp-services/gcp-secrets-manager-enum.md) - * [GCP - Security](pentesting-cloud/gcp-security/gcp-services/gcp-security.md) + * [GCP - Security Enum](pentesting-cloud/gcp-security/gcp-services/gcp-security-enum.md) * [GCP - Source Repositories Enum](pentesting-cloud/gcp-security/gcp-services/gcp-source-repositories-enum.md) * [GCP - Spanner Enum](pentesting-cloud/gcp-security/gcp-services/gcp-spanner-enum.md) * [GCP - Stackdriver Enum](pentesting-cloud/gcp-security/gcp-services/gcp-stackdriver-enum.md) diff --git a/pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-security-post-exploitation.md b/pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-security-post-exploitation.md index 4a4cfb33c3..bab167c25f 100644 --- a/pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-security-post-exploitation.md +++ b/pentesting-cloud/gcp-security/gcp-post-exploitation/gcp-security-post-exploitation.md @@ -18,8 +18,8 @@ Other ways to support HackTricks: For more information check: -{% content-ref url="../gcp-services/gcp-security.md" %} -[gcp-security.md](../gcp-services/gcp-security.md) +{% content-ref url="../gcp-services/gcp-security-enum.md" %} +[gcp-security-enum.md](../gcp-services/gcp-security-enum.md) {% endcontent-ref %} ### `securitycenter.muteconfigs.create` diff --git a/pentesting-cloud/gcp-security/gcp-services/gcp-logging-enum.md b/pentesting-cloud/gcp-security/gcp-services/gcp-logging-enum.md index 50a94abfa1..e8e482d780 100644 --- a/pentesting-cloud/gcp-security/gcp-services/gcp-logging-enum.md +++ b/pentesting-cloud/gcp-security/gcp-services/gcp-logging-enum.md @@ -50,7 +50,7 @@ Cloud Logging is highly configurable to suit diverse operational needs: * **Retention period** of the data is configured per bucket and must be **at least 1 day.** However the **retention period of \_Required is 400 days** and cannot be modified. * Note that Log Buckets are **not visible in Cloud Storage.** 2. **Log Sinks (Log router in the web):** Create sinks to **export log entries** to various destinations such as Pub/Sub, BigQuery, or Cloud Storage based on a **filter**. - * By **default** sinks fro the buckets `_Default` and `_Required` are created: + * By **default** sinks for the buckets `_Default` and `_Required` are created: * ```bash _Required logging.googleapis.com/projects//locations/global/buckets/_Required LOG_ID("cloudaudit.googleapis.com/activity") OR LOG_ID("externalaudit.googleapis.com/activity") OR LOG_ID("cloudaudit.googleapis.com/system_event") OR LOG_ID("externalaudit.googleapis.com/system_event") OR LOG_ID("cloudaudit.googleapis.com/access_transparency") OR LOG_ID("externalaudit.googleapis.com/access_transparency") _Default logging.googleapis.com/projects//locations/global/buckets/_Default NOT LOG_ID("cloudaudit.googleapis.com/activity") AND NOT LOG_ID("externalaudit.googleapis.com/activity") AND NOT LOG_ID("cloudaudit.googleapis.com/system_event") AND NOT LOG_ID("externalaudit.googleapis.com/system_event") AND NOT LOG_ID("cloudaudit.googleapis.com/access_transparency") AND NOT LOG_ID("externalaudit.googleapis.com/access_transparency") @@ -60,10 +60,9 @@ Cloud Logging is highly configurable to suit diverse operational needs: 4. **Log views:** Log views give advanced and **granular control over who has access** to the logs within your log buckets. * Cloud Logging **automatically creates the `_AllLogs` view for every bucket**, which shows all logs. Cloud Logging also creates a view for the `_Default` bucket called `_Default`. The `_Default` view for the `_Default` bucket shows all logs except Data Access audit logs. The `_AllLogs` and `_Default` views are not editable. - - It's possible to allow a principal **only to use a specific Log view** with an IAM policy like: +{% code overflow="wrap" %} ```json { "bindings": [ @@ -84,6 +83,7 @@ It's possible to allow a principal **only to use a specific Log view** with an I "version": 3 } ``` +{% endcode %} ### Default Logs diff --git a/pentesting-cloud/gcp-security/gcp-services/gcp-security.md b/pentesting-cloud/gcp-security/gcp-services/gcp-security-enum.md similarity index 100% rename from pentesting-cloud/gcp-security/gcp-services/gcp-security.md rename to pentesting-cloud/gcp-security/gcp-services/gcp-security-enum.md