Skip to content

Ensure MySQL 'log_error' Is Not Empty

Description

The error log contains information about events such as mysqld starting and stopping, when a table needs to be checked or repaired, and, depending on the host operating system, stack traces when mysqld fails.

Rationale

Enabling error logging may increase the ability to detect malicious attempts against MySQL, and other critical messages, such as if the error log is not enabled then connection error might go unnoticed.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine mysql

Default Rule

const { getServerSetting, isEmpty } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the database instance has a path configured in log_error option that's not empty
 */
function validate(databaseSettings) {
    const settingName = "log_error"
    const currentValue = getServerSetting(databaseSettings, settingName)
    const success = !(isEmpty(currentValue))

    return {
        success,
    }
}

// invoke
validate(databaseSettings);