v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/azure_compliance
Overview
13Dashboards
1311Controls
430Queries
2Variables
GitHub

Control: 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server

Description

Ensure TLS version on MySQL flexible servers is set to the default value.

TLS connectivity helps to provide a new layer of security by connecting database server to client applications using Transport Layer Security (TLS). Enforcing TLS connections between database server and client applications helps protect against "man in the middle" attacks by encrypting the data stream between the server and application.

Remediation

From Azure Portal

  1. Login to Azure Portal using https://portal.azure.com
  2. Go to Azure Database for MySQL flexible servers
  3. For each database, click on Server parameters under Settings
  4. In the search box, type in tls_version
  5. Click on the VALUE dropdown, and ensure only TLSV1.2 is selected for tls_version

From Azure CLI

Use the below command to set MYSQL flexible databases to used version 1.2 for the tls_version parameter.

az mysql flexible-server parameter set --name tls_version --resource- group <resourceGroupName> --server-name <serverName> --value TLSV1.2

Default Value

By default, TLS is set to v1.2 for MySQL Flexible servers.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v200_4_4_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v200_4_4_2 --share

SQL

This control uses a named query:

mysql_server_min_tls_1_2

Tags

category = Compliance
cis = true
cis_item_id = 4.4.2
cis_level = 1
cis_section_id = 4.4
cis_type = automated
cis_version = v2.0.0
plugin = azure
service = Azure/MySQL