Remediate AWS CIS v3.0 and v4.0 with Flowpipe's interactive wizard →
Flowpipe Hub 
Hub
standard
turbot/azure_cis
Overview
170
Pipelines
0
Triggers
5
VariablesGitHub

Pipeline: 5.3.2 Ensure server parameter 'tls_version' is set to 'TLSv1.2' (or higher) for MySQL flexible server

Description

Ensure tls_version on MySQL flexible servers is set to use TLS version 1.2 or higher.

TLS connectivity helps to provide a new layer of security by connecting database server to client applications using Transport Layer Security (TLS). Enforcing TLS connections between database server and client applications helps protect against "man in the middle" attacks by encrypting the data stream between the server and application.

Remediation

From Azure Portal

  1. Login to Azure Portal using https://portal.azure.com.
  2. Go to Azure Database for MySQL flexible servers.
  3. For each database, under Settings, click Server parameters.
  4. In the filter bar, type tls_version.
  5. Click on the VALUE dropdown next to tls_version, and check TLSv1.2 (or higher).
  6. Uncheck anything lower than TLSv1.2.
  7. Click Save.

From Azure CLI

Use the below command to update MySQL flexible servers to use TLS version 1.2:

az mysql flexible-server parameter set --resource-group <resourceGroup> --server-name <serverName> --name tls_version --value TLSv1.2

From PowerShell

Use the below command to update MySQL flexible servers to use TLS version 1.2:

Update-AzMySqlFlexibleServerConfiguration -ResourceGroupName <resourceGroup> -ServerName <serverName> -Name tls_version -Value TLSv1.2

Default Value

By default, TLS is set to v1.2 for MySQL Flexible servers.

Run the pipeline

To run this pipeline from your terminal:

flowpipe pipeline run azure_cis.pipeline.cis_v300_5_3_2

Use this pipeline

To call this pipeline from your pipeline, use a step:

step "pipeline" "step_name" {
  pipeline = azure_cis.pipeline.cis_v300_5_3_2  
}

Params

NameTypeRequiredDescriptionDefault
database
connection.steampipe
YesDatabase connection string.connection.steampipe.default
notifier
notifier
YesThe name of the notifier to use for sending notification messages.notifier.default
notification_level
string
YesThe verbosity level of notification messages to send. Valid options are 'verbose', 'info', 'error'.info
approvers
list(notifier)
YesList of notifiers to be used for obtaining action/approval decisions.notifier.default

Outputs

This pipeline has no outputs.

Tags

folder = CIS v3.0.0/5 Database Services/5.3 Azure Database for MySQL