Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value
The 'user connections' option specifies the maximum number of simultaneous user connections that are allowed on an instance of SQL Server. The actual number of user connections allowed also depends on the version of SQL Server that you are using, and also the limits of your application or applications and hardware. SQL Server allows a maximum of 32,767 user connections. Because user connections is a dynamic (self-configuring) option, SQL Server adjusts the maximum number of user connections automatically as needed, up to the maximum value allowable. For example, if only 10 users are logged in, 10 user connection objects are allocated. In most cases, you do not have to change the value for this option. The default is 0, which means that the maximum (32,767) user connections are allowed.
Risk Level: Medium
Cloud Entity: GCP CloudSql
CloudGuard Rule ID: D9.GCP.VLN.09
Covered by Spectral: Yes
Category: Database
GSL LOGIC
CloudSql where databaseVersion like 'SQLSERVER%' should have settings.databaseFlags contain [ name like 'user connections' and value length()>0]
REMEDIATION
From Portal
- Navigate to the instance where the flag needs to be set: https://console.cloud.google.com/sql/instances
- Click Edit Configurations
- Under flags section, choose add flag, look for 'user connections' and set its value to your organization recommended value.
- Save and review your changes
From TF
Set the flag 'user connections' with your organization recommended value:
resource 'google_sql_database_instance' 'default' {
...
settings {
database_flags {
name = 'user connections'
value = *your organization recommended value*
}
}
}
From Command Line
- First retrieve all existing flags values:
gcloud sql instances describe INSTANCE_NAME
- Add all existing flags and their value to the patch request - otherwise they will get set to their default value.
gcloud sql instances patch INSTANCE_NAME --database-flags (ExistingFlag1=Value1,ExistingFlag2=Value2,...),'user connections'= *your organization recommended value*
References
- https://cloud.google.com/sql/docs/sqlserver/flags
- https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/configure-the-user-connections-server-configuration-option?view=sql-server-ver15
- https://www.stigviewer.com/stig/ms_sql_server_2016_instance/2018-03-09/finding/V-79119
GCP CloudSql
Cloud SQL is a fully managed database service that makes it easy to set up, maintain, manage, and administer your relational PostgreSQL, MySQL, and SQL Server databases in the cloud.
Compliance Frameworks
- CloudGuard GCP All Rules Ruleset
- GCP CIS Controls V 8
- GCP CIS Foundations v. 1.2.0
- GCP CIS Foundations v. 1.3.0
- GCP CIS Foundations v. 2.0
- GCP CloudGuard Best Practices
- GCP MITRE ATT&CK Framework v12.1
- GCP NIST 800-53 Rev 5
Updated about 1 year ago