Skip to main content

πŸ“ Google Cloud MySQL Instance Skip_show_database Database Flag is not set to on 🟒

  • Contextual name: πŸ“ MySQL Instance Skip_show_database Database Flag is not set to on 🟒
  • ID: /ce/ca/google/sql/mysql-instance-skip-show-database-flag
  • Located in: πŸ“ Google Cloud SQL

Flags​

Our Metadata​

  • Policy Type: COMPLIANCE_POLICY
  • Policy Category:
    • SECURITY

Similar Policies​

Logic​

Description​

Open File

Description​

It is recommended to set skip_show_database database flag for Cloud SQL Mysql instance to on

Rationale​

skip_show_database database flag prevents people from using the SHOW DATABASES statement if they do not have the SHOW DATABASES privilege. This can improve security if you have concerns about users being able to see databases belonging to other users. Its effect depends on the SHOW DATABASES privilege: If the variable value is ON, the SHOW DATABASES statement is permitted only to users who have the SHOW DATABASES privilege, and the statement displays all database names. If the value is OFF, SHOW DATABASES is permitted to all users, but displays the names of only those databases for which the user has the SHOW DATABASES or other privilege. This recommendation is applicable to Mysql database instances.

Audit​

From Google Cloud Console​
  1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
  2. Select the instance to open its Instance Overview page

... see more

Remediation​

Open File

Remediation​

From Google Cloud Console​

  1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
  2. Select the Mysql instance for which you want to enable to database flag.
  3. Click Edit.
  4. Scroll down to the Flags section.
  5. To set a flag that has not been set on the instance before, click Add a Database Flag, choose the flag skip_show_database from the drop-down menu, and set its value to on.
  6. Click Save to save your changes.
  7. Confirm your changes under Flags on the Overview page.

From Google Cloud CLI​

  1. List all Cloud SQL database Instances

         gcloud sql instances list

  2. Configure the skip_show_database database flag for every Cloud SQL Mysql database instance using the below command.

         gcloud sql instances patch <INSTANCE_NAME> --database-flags skip_show_database=on

Note: This command will overwrite all database flags previously set. To keep those and add new ones, include the values for all flags you want set on the instance; any flag not specifically included is set to its default value. For flags that do not take a value, specify the flag name followed by an equals sign ("=").

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό CIS GCP v3.0.0 β†’ πŸ’Ό 6.1.2 Ensure β€˜Skip_show_database’ Database Flag for Cloud SQL MySQL Instance Is Set to β€˜On’ - Level 1 (Automated)1
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Secure Access43