turbot/gcp_compliance

Control: 6.1.1 Ensure that a MySQL database instance does not allow anyone to connect with administrative privileges

Description

It is recommended to set a password for the administrative user (root by default) to prevent unauthorized access to the SQL database instances. This recommendation is applicable only for MySQL Instances*. PostgreSQL does not offer any setting for No Password from the cloud console.

At the time of MySQL Instance creation, not providing an administrative password allows anyone to connect to the SQL database instance with administrative privileges. The root password should be set to ensure only authorized users have these privileges.

Remediation

From Console:

  1. Login to GCP console and navigate to Cloud SQL Instances.
  2. Select the instance to open its Overview page.
  3. From left navigation pane, select Users.
  4. Click the 3-dots icon for the user to be updated.
  5. Select Change password, specify a new password, and click OK.

From Command Line:

Set a password to a MySql instance:

gcloud sql users set-password [USER_NAME] [HOST] --instance=[INSTANCE_NAME] - -password=[PASSWORD]

Usage

steampipe check gcp_compliance.control.cis_v120_6_1_1

SQL

This control uses a named query:

manual_control

Tags