Any Host Root Access
Ensures SQL instances root user cannot be accessed from any host
Root access for SQL instance should only be allowed from whitelisted IPs to ensure secure access only from trusted entities.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
-
Log in to the Google Cloud Platform Console.
-
Scroll down the left navigation panel and choose the “SQL” option under the “Storage.”
-
On the “SQL” page , click on the “Instance ID” as a link option to select the “SQL” instance.
-
On the “SQL” page, click on the “Connections” under the “MASTER INSTANCE.”
-
On the “Conenctions” page, scroll down the Conenctivity and check whether any “Authorised Network” is configured or it’s open to the “Public IP” to access for everyone.
-
Repeat steps number 2 - 5 to check other “SQL Instances” in the account.
-
Navigate to the “SQL” option under the “Storage”, choose the “SQL Instance” and click on the “Edit” button at the top.
-
On the “Edit instance” page, scroll down and click on the “Conenctivity” under the “Configuration options.”
-
On the “Conenctivity” tab, click on the “Add network” option under the “Public IP.”
-
On the “New Network” tab, enter the “Network Name” and “IP Details” as per the requirement and click on the “Done” button to make the changes.
-
Click on the “Save” button at the bottom of the page to make the changes.
-
Repeat steps number 7 - 11 to ensure that root access for SQL instances are not allowed from any host.