Ensure that your Google Cloud MySQL database instances do not allow anyone to connect with administrative privileges only, without needing a root password. To prevent unauthorized access to your MySQL database instances and follow security best practices, make sure that the administrative user (root by default) has a password set.
This rule resolution is part of the Conformity Security & Compliance tool for GCP.
By enabling "No Password" setting during MySQL instance creation and choose not to provide an administrative (root) password allows anyone to connect to the MySQL database instance using only Google Cloud administrative privileges. To adhere to security best practices, set a root password to ensure only authorized users have these privileges.
Audit
To determine if your MySQL database instances allow anyone to connect with administrative privileges only, without needing a password, perform the following operations:
Note: The "No Password" setting is exposed only at the time of MySQL instance creation. Once the instance is created, the Google Cloud Platform (GCP) Console does not expose the setting to confirm whether a password for an administrative user is set to a MySQL instance. Therefore, checking for the existence of the administrative (root) password using GCP Management Console is not supported.Remediation / Resolution
To configure a password for the administrative (root) user in order to deny MySQL database access to anyone that is trying to connect with administrative privileges, perform the following operations:
References
- Google Cloud Platform (GCP) Documentation
- Cloud SQL for MySQL
- Creating instances
- Creating and managing MySQL users
- Connecting from external applications
- CIS Security Documentation
- Securing Google Cloud Computing Platform
- MySQL Database Documentation
- 4.5.1 mysql — The MySQL Command-Line Client
- GSutil Documentation
- gcloud projects list
- gcloud sql instances list
- gcloud sql users set-password
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Configure Root Password for MySQL Database Access
Risk Level: High