Benchmark: 10.5 Secure audit trails so they cannot be altered
Description
GCP Customers are responsible for setting permissions and access controls for audit logs. Identity Access Management (IAM) can be used to set permissions for accounts with access to online and offline log storage locations. Customers are responsible to log and monitor their GCE and GKE systems and instances in alignment with PCI DSS requirements.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-compliance
Start the Powerpipe server:
steampipe service startpowerpipe server
Open http://localhost:9033 in your browser and select 10.5 Secure audit trails so they cannot be altered.
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321_requirement_10_5
Snapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321_requirement_10_5 --share
Controls
- Ensure that Cloud Storage bucket used for exporting logs is not anonymously or publicly accessible
- Ensure that Cloud Storage buckets used for exporting logs have object versioning enabled
- Ensure that Cloud Storage buckets used for exporting logs have retention policy enabled