# NOTE: this file contains the default configuration for the 'mysql' hardening
#       code. If you want to override any settings you must add them to a file
#       called hardening.yaml in the root directory of your charm using the
#       name 'mysql' as the root key followed by any of the following with new
#       values.

hardening:
    mysql-conf: /etc/mysql/my.cnf
    hardening-conf: /etc/mysql/conf.d/hardening.cnf

security:
    # @see http://www.symantec.com/connect/articles/securing-mysql-step-step
    # @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_chroot
    chroot: None

    # @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_safe-user-create
    safe-user-create: 1

    # @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_secure-auth
    secure-auth: 1

    # @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_symbolic-links
    skip-symbolic-links: 1

    # @see http://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_skip-show-database
    skip-show-database: True

    # @see http://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_local_infile
    local-infile: 0

    # @see https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_allow-suspicious-udfs
    allow-suspicious-udfs: 0

    # @see https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_automatic_sp_privileges
    automatic-sp-privileges: 0

    # @see https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_secure-file-priv
    secure-file-priv: /tmp