Exposed MySQL Config
Description
Detects publicly accessible MySQL initial configuration file.
Remediation
- Ensure the MySQL configuration file (my.cnf or my.ini) has proper file permissions set to restrict access to authorized users only, typically with chmod 600 on Linux systems.
- Store the configuration file in a secure location and avoid placing it in publicly accessible directories.
- Use firewall rules to restrict access to the MySQL server from unauthorized IP addresses.
- Implement strong passwords for all MySQL accounts and avoid using default credentials.
- Regularly update MySQL to the latest version to address any security vulnerabilities.
- Disable remote root login and create specific user accounts with limited privileges for remote access.
- Use SSL connections for remote MySQL access to encrypt data in transit.
- Audit your MySQL configuration and remove any unnecessary or insecure settings.
- Consider using MySQL configuration management tools to maintain and deploy secure configurations.
- Regularly review and monitor access logs for any unauthorized access attempts.
Configuration
Identifier:
information_disclosure/exposed_mysql_config
Examples
Ignore this check
checks:
information_disclosure/exposed_mysql_config:
skip: true
Score
- Escape Severity: HIGH
Compliance
- OWASP: API8:2023
- pci: 2.2.2
- gdpr: Article-32
- soc2: CC6
- psd2: Article-95
- iso27001: A.12.6
- nist: SP800-123
- fedramp: AC-22