Re: How to detect disabled os config agent

erict · 05-10-2023 04:18 AM

Hello,

I want to let some users of my project to have the permission to create VM instances restricted to images that include by default the os config agent.

As the users have all the permissions on these VM, they can disable the os agent later during runtime and so VMs will not be managed and can present some security risks among other things.

How can I:
- detect a VM instance that doesn't have the os agent enabled, I was thinking about a cloud scheduler that starts every 5 minutes a cloud function that checks all the VMs in a project and take some actions if the agent is not enabled like shutdown the VM. Is there a better way to do?

- put in place a conditional access with a GCP service, I don't know which one and if it exists, that requires that the VM from which the HTTP request is performed has the os config agent enabled. I don't know if it's possible to do stuffs like that?

Thank you in advance

Eric

VishalBulbule

@erict

There is a simple and cost effective solution can be implemented for this requirement.

Create alerting policy to monitor OS agent process , if process is down or not found , it will throw an alert.

You can refer my youtube video for this implementation demo.

https://youtu.be/aaa_kwM7zkA

Let me know if additional help needed.

erict

thanks for your answer

but the problem is the same because this solution is based on the os agent that should be enabled on each VM to be able to monitor services and create alerting policies.

How to detect and fix VM automatically that don't have the os agent ?