More Info:
Ensure that the local_infile database flag for a Cloud SQL Mysql instance is set to off.Risk Level
MediumAddress
SecurityCompliance Standards
CISGCP, CBPTriage and Remediation
Remediation
Using Console
Using Console
To remediate the MySQL Local Infile Flag Should Be Disabled misconfiguration for GCP using GCP console, follow these steps:
- Open the GCP Console and navigate to the Cloud SQL instances page.
- Select the instance for which you want to remediate the misconfiguration.
- Click on the “Edit” button at the top of the instance details page.
- Scroll down to the “Flags” section and click on the “Add item” button.
- In the “Name” field, enter “local_infile” (without quotes).
- In the “Value” field, enter “0” (without quotes).
- Click on the “Save” button at the bottom of the page to save the changes.
- Wait for the instance to restart with the new configuration.
-
Verify that the MySQL Local Infile Flag is disabled by running the following command in the Cloud Shell:
gcloud sql instances describe [INSTANCE_NAME] --format="get(settings.mysqlFlags)"
Replace [INSTANCE_NAME] with the name of your instance. The output should show the “local_infile” flag with a value of “0”.
Using CLI
Using CLI
To remediate the MySQL Local Infile Flag Should Be Disabled misconfiguration in GCP using GCP CLI, you can follow these steps:Replace Replace
- Open the Cloud Shell in the GCP Console.
- Run the following command to check the current status of the local_infile flag:
[INSTANCE_NAME]
with the name of your Cloud SQL instance.-
If the output is
ON
, then the local_infile flag is enabled and needs to be disabled. - Run the following command to disable the local_infile flag:
[INSTANCE_NAME]
with the name of your Cloud SQL instance.-
Verify that the local_infile flag is now disabled by running the first command again. The output should be
0
. - Repeat these steps for any other Cloud SQL instances that have the local_infile flag enabled.
Using Python
Using Python
To remediate the MySQL Local Infile Flag misconfiguration in GCP using Python, you can follow the below steps:Note: Replace
- Connect to the GCP project where the instance is running using the Python client library.
- Get the instance details using the
compute.instances().get()
method. - Check if the MySQL instance is running on the instance.
- If MySQL is running, SSH into the instance using the
paramiko
library. - Execute the following command to edit the MySQL configuration file:
- Add the following line to the
[mysqld]
section of the file: - Save and close the file.
- Restart the MySQL service using the following command:
- Verify that the MySQL Local Infile Flag is disabled by running the following command:
If the output is
local_infile | OFF
, then the MySQL Local Infile Flag is disabled.
your-project-id
, your-instance-name
, path/to/key.json
, your-username
, and path/to/key.pem
with your actual values. Also, make sure to install the paramiko
and google-auth
libraries.