Loading controls...
Benchmark: SQL
Description
This benchmark provides a set of controls that detect Terraform GCP Cloud SQL resources deviating from security best practices.
Usage
Browse dashboards and select SQL:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check terraform_gcp_compliance.benchmark.sqlSnapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share terraform_gcp_compliance.benchmark.sqlControls
- Ensure that Cloud SQL database instances are configured with automated backups
- Ensure that the 'local_infile' database flag for a Cloud SQL Mysql instance is set to 'off'
- Ensure 'skip_show_database' database flag for Cloud SQL Mysql instance is set to 'on'
- Ensure that the 'log_checkpoints' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- Ensure that the 'log_connections' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- Ensure that the 'log_disconnections' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- Ensure 'log_duration' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- Ensure 'log_executor_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'
- Ensure 'log_hostname' database flag for Cloud SQL PostgreSQL instance is set appropriately
- Ensure that the 'log_lock_waits' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- Ensure that the 'log_min_duration_statement' database flag for Cloud SQL PostgreSQL instance is set to '-1' (disabled)
- Ensure 'log_parser_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'
- Ensure 'log_planner_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'
- Ensure 'log_statement_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'
- Ensure that the 'log_temp_files' database flag for Cloud SQL PostgreSQL instance is set to '0'
- Ensure that the Cloud SQL database instance requires all incoming connections to use SSL
- Ensure '3625 (trace flag)' database flag for Cloud SQL SQL Server instance is set to 'off'
- Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off'
- Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'
- Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off'
- Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'
- Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured