SQL Instances Should Not Be Configured with Barred Usernames
More Info:
Ensure that SQL Instances are not configured with Barred UsernamesRisk Level
LowAddress
SecurityCompliance Standards
CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “SQL Instances Should Not Be Configured with Barred Usernames” in GCP using GCP console, follow these steps:
- Open the Google Cloud Console and select the project where the SQL instance is located.
- In the left navigation menu, select SQL.
- Select the SQL instance that you want to remediate.
- In the SQL instance details page, click on the “Users” tab.
- Review the list of users and check if there are any barred usernames (e.g., root, admin, etc.).
- If there are any barred usernames, click on the username to select it.
- Click on the “Delete” button to remove the user from the SQL instance.
- Repeat steps 6 and 7 for all barred usernames.
- Once all barred usernames have been removed, click on the “Add user account” button to create a new user account with a strong password.
- Follow the prompts to create a new user account, ensuring that the username and password meet the recommended security standards.
- Once the new user account has been created, click on the “Done” button to save the changes.
Using CLI
Using CLI
To remediate the misconfiguration of SQL instances being configured with barred usernames in GCP using GCP CLI, follow these steps:
- Open the Google Cloud Console and select the project where the SQL instance is located.
- Open the Cloud Shell by clicking on the icon on the top right corner of the console.
- In the Cloud Shell, run the following command to list all the SQL instances in the project:
gcloud sql instances list- Identify the SQL instance that is configured with barred usernames.
- Run the following command to update the instance:
gcloud sql instances patch INSTANCE_NAME --database-flags=ignore_builtin_usernames=USER1,USER2Replace INSTANCE_NAME with the name of the SQL instance that you identified in step 4.Replace USER1,USER2 with the list of barred usernames that you want to ignore. You can add more usernames to the list by separating them with a comma.- Verify that the configuration has been updated by running the following command:
gcloud sql instances describe INSTANCE_NAME- Check the output for the ignore_builtin_usernames flag and verify that the barred usernames have been added to the list.
- Repeat the above steps for all the SQL instances in the project that are configured with barred usernames.
Using Python
Using Python
To remediate the SQL Instances Should Not Be Configured with Barred Usernames misconfiguration for GCP using Python, follow these steps:This code snippet will remove the
- First, you need to identify the SQL instances that are configured with barred usernames. You can use the GCP Python Client Library to list all the SQL instances in your project and check if any of them are configured with barred usernames.
- Once you have identified the SQL instances that are configured with barred usernames, you need to update their configurations to remove the barred usernames. You can use the
patchmethod of theCloudSqlInstancesServiceClientto update the instance configuration.
barred_usernames from the instance settings and update the instance configuration.- Finally, you need to verify that the SQL instances are no longer configured with barred usernames. You can use the same code snippet from step 1 to list all the SQL instances and check their configurations.