Detections
Analytics

CIS MariaDB 10.6 Database L1 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS MariaDB 10.6 Database L1 v1.0.0

Updated: 6/17/2024

Authority: CIS

Plugin: MySQLDB

Revision: 1.3

Estimated Item Count: 38

File Details

Filename: CIS_MariaDB_10.6_Benchmark_v1.0.0_L1_Database.audit

Size: 80.3 kB

MD5: f46ea4d96b9061adbec45c604a30b783
SHA256: 7cb0809151e6851648dc6d1873052250a27ec913ca986b5a7dce09d32ba80eab

Audit Items

DescriptionCategories
2.1.1 Backup Policy in Place
2.1.2 Verify Backups are Good
2.1.3 Secure Backup Credentials
2.1.4 The Backups Should be Properly Secured
2.1.6 Disaster Recovery (DR) Plan
2.1.7 Backup of Configuration and Related Files
2.2 Dedicate the Machine Running MariaDB
2.4 Do Not Reuse Usernames
2.6 Ensure 'password_lifetime' is Less Than or Equal to '365'
4.2 Ensure Example or Test Databases are Not Installed on Production Servers
4.4 Harden Usage for 'local_infile' on MariaDB Clients
4.6 Ensure Symbolic Links are Disabled
4.7 Ensure the 'secure_file_priv' is Configured Correctly
5.1 Ensure Only Administrative Users Have Full Database Access
5.2 Ensure 'FILE' is Not Granted to Non-Administrative Users
5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users
5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users
5.6 Ensure 'CREATE USER' is Not Granted to Non-Administrative Users
5.7 Ensure 'GRANT OPTION' is Not Granted to Non-Administrative Users
5.8 Ensure 'REPLICATION SLAVE' is Not Granted to Non-Administrative Users
5.9 Ensure DML/DDL Grants are Limited to Specific Databases and Users
5.10 Securely Define Stored Procedures and Functions DEFINER and INVOKER
6.1 Ensure 'log_error' is configured correctly
6.2 Ensure Log Files are Stored on a Non-System Partition
6.5 Ensure the Audit Plugin Can't be Unloaded
7.1 Disable use of the mysql_old_password plugin
7.3 Ensure strong authentication is utilized for all accounts
7.4 Ensure Password Complexity Policies are in Place - validate_password_dictionary_file
7.5 Ensure No Users Have Wildcard Hostnames
7.6 Ensure No Anonymous Accounts Exist
8.1 Ensure 'require_secure_transport' is Set to 'ON' and 'have_ssl' is Set to 'YES'
8.2 Ensure 'ssl_type' is Set to 'ANY', 'X509', or 'SPECIFIED' for All Remote Users
8.3 Set Maximum Connection Limits for Server and per User
9.1 Ensure Replication Traffic is Secured
9.2 Ensure 'MASTER_SSL_VERIFY_SERVER_CERT' is enabled
9.3 Ensure 'super_priv' is Not Set to 'Y' for Replication Users
9.5 Ensure mutual TLS is enabled
CIS_MariaDB_10.6_Benchmark_v1.0.0_L1_Database.audit from CIS MariaDB 10.6 Benchmark