More Info:

skip_show_database’ database flag prevents people from using the SHOW DATABASES statement if they do not have the SHOW DATABASES privilege. This can improve security if you have concerns about users being able to see databases belonging to other users. Its effect depends on the SHOW DATABASES privilege: If the variable value is ON, the SHOW DATABASES statement is permitted only to users who have the SHOW DATABASES privilege, and the statement displays all database names. If the value is OFF, SHOW DATABASES is permitted to all users, but displays the names of only those databases for which the user has the SHOW DATABASES or other privilege. This recommendation is applicable to Mysql database instances.

Risk Level

Low

Address

Reliability, Security

Compliance Standards

CISGCP, CBP

Triage and Remediation

Remediation

Using Console

To remediate the MySQL Skip Show Database Flag Should Be On misconfiguration for GCP using GCP console, please follow these steps:
  1. Go to the Google Cloud Console and select your project.
  2. In the left-hand menu, select “SQL” under the “Storage” section.
  3. Select the instance that you want to remediate.
  4. Click on the “Edit” button at the top of the page.
  5. Scroll down to the “Flags” section and click on the “Add item” button.
  6. In the “Name” field, enter “skip_show_database”.
  7. In the “Value” field, enter “ON”.
  8. Click on the “Save” button at the bottom of the page.
Once you have completed these steps, the MySQL Skip Show Database Flag will be set to “ON” for your GCP instance, and the misconfiguration will be remediated.

The “skip-show-database” flag in MySQL allows users to prevent the display of the list of all databases when the “SHOW DATABASES” command is executed. However, it is recommended to keep this flag turned off for security reasons.To remediate this misconfiguration in GCP using GCP CLI, you can follow these steps:
  1. Open the Cloud Shell in the GCP console.
  2. Connect to your MySQL instance using the following command: 
    gcloud sql connect INSTANCE_NAME --user=root
    Replace INSTANCE_NAME with the name of your MySQL instance.
  3. Enter your MySQL root password when prompted.
  4. Execute the following command to edit the MySQL configuration file: 
    sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
  5. Find the line that contains “skip-show-database” and comment it out by adding a ”#” symbol at the beginning of the line.
  6. Save the changes by pressing “Ctrl + O” and then “Ctrl + X” to exit the editor.
  7. Restart the MySQL service using the following command: 
    sudo service mysql restart
  8. Verify that the “skip-show-database” flag is now turned off by executing the following command: 
    SHOW VARIABLES LIKE 'skip_show_database';
    The output should be “skip_show_database | OFF”.
By following these steps, you should be able to remediate the “MySQL Skip Show Database Flag Should Be On” misconfiguration in GCP using GCP CLI.
To remediate the MySQL Skip Show Database Flag misconfiguration in GCP using Python, follow these steps:
  1. First, connect to the Cloud SQL instance using the Cloud SQL Admin API. You can use the google-auth and google-cloud-sql libraries for this.
from google.auth import compute_engine
from google.cloud.sql.connector import connector

# Set the instance properties
INSTANCE_NAME = 'your-instance-name'
CREDENTIALS = compute_engine.Credentials()

# Connect to the instance
conn = connector.connect(
    INSTANCE_NAME,
    'pymysql',
    user='your-username',
    password='your-password',
    db='your-database',
    unix_socket='/cloudsql/{}'.format(INSTANCE_NAME),
    cursorclass=connector.cursor.DictCursor,
    autocommit=True,
    credentials=CREDENTIALS
)
  1. Once you are connected to the instance, execute the following SQL command to set the skip_show_database flag to ON.
with conn.cursor() as cursor:
    cursor.execute("SET GLOBAL skip_show_database=ON")
  1. Verify that the flag has been set correctly by executing the following SQL command.
with conn.cursor() as cursor:
    cursor.execute("SHOW GLOBAL VARIABLES LIKE 'skip_show_database'")
    result = cursor.fetchone()
    print(result)
This should output a dictionary containing the name and value of the skip_show_database flag.That’s it! You have successfully remediated the MySQL Skip Show Database Flag misconfiguration in GCP using Python.

Additional Reading: