Skip to content

Ensure 'log_error_verbosity' Is Not Set to '1'

Description

The log_error_verbosity system variable provides additional information to the MySQL log.

1 - Enables logging of error messages.

2 - Enables logging of error and warning messages.

3 - Enables logging of error, warning and note messages.

Rationale

This might help to detect malicious behavior by logging communication errors and aborted connections.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine mysql

Default Rule

const { checkRdsVersion, OK_SKIP_VERSION, getServerSetting } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the database instance has a correct value for log_error_verbosity option
 */
function validate(databaseSettings) {
    supportedVersions = ["5.7"]
    const supported = checkRdsVersion(databaseSettings, supportedVersions)
    if (!supported){
        return OK_SKIP_VERSION
    }

    const settingName = "log_error_verbosity"
    const expectedValues = ["2", "3"]
    const currentValue = getServerSetting(databaseSettings, settingName)
    const success = expectedValues.includes(currentValue)
    return {
        success,
    }
}

// invoke
validate(databaseSettings);