Detections
Analytics

CIS MariaDB 10.6 on Linux L1 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS MariaDB 10.6 on Linux L1 v1.0.0

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.3

Estimated Item Count: 57

File Details

Filename: CIS_MariaDB_10.6_Benchmark_v1.0.0_L1_Linux_OS.audit

Size: 91 kB

MD5: 70698d7671d3146bb7606f3779cf8348
SHA256: 55cdd9dc31bd517cd9e9372ccc24a989755d96a4b338463badfca1fe2ac1ed1b

Audit Items

DescriptionCategories
1.1 Place Databases on Non-System Partitions
1.2 Use Dedicated Least Privileged Account for MariaDB Daemon/Service
1.4 Verify That the MYSQL_PWD Environment Variable is Not in Use
1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles
2.1.1 Backup Policy in Place
2.1.2 Verify Backups are Good
2.1.3 Secure Backup Credentials
2.1.4 The Backups Should be Properly Secured
2.1.6 Disaster Recovery (DR) Plan
2.1.7 Backup of Configuration and Related Files
2.2 Dedicate the Machine Running MariaDB
2.3 Do Not Specify Passwords in the Command Line
2.4 Do Not Reuse Usernames
2.5 Ensure Non-Default, Unique Cryptographic Material is in Use
2.6 Ensure 'password_lifetime' is Less Than or Equal to '365'
3.1 Ensure 'datadir' Has Appropriate Permissions
3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions
3.3 Ensure 'log_error' Has Appropriate Permissions
3.4 Ensure 'slow_query_log' Has Appropriate Permissions
3.5 Ensure 'relay_log_basename' Files Have Appropriate Permissions
3.6 Ensure 'general_log_file' Has Appropriate Permissions
3.7 Ensure SSL Key Files Have Appropriate Permissions
3.8 Ensure Plugin Directory Has Appropriate Permissions
3.9 Ensure 'server_audit_file_path' Has Appropriate Permissions
3.10 Ensure File Key Management Encryption Plugin files have appropriate permissions
4.1 Ensure the Latest Security Patches are Applied
4.2 Ensure Example or Test Databases are Not Installed on Production Servers
4.4 Harden Usage for 'local_infile' on MariaDB Clients
4.5 Ensure mariadb is Not Started With 'skip-grant-tables'
4.6 Ensure Symbolic Links are Disabled
4.7 Ensure the 'secure_file_priv' is Configured Correctly
5.1 Ensure Only Administrative Users Have Full Database Access
5.2 Ensure 'FILE' is Not Granted to Non-Administrative Users
5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users
5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users
5.6 Ensure 'CREATE USER' is Not Granted to Non-Administrative Users
5.7 Ensure 'GRANT OPTION' is Not Granted to Non-Administrative Users
5.8 Ensure 'REPLICATION SLAVE' is Not Granted to Non-Administrative Users
5.9 Ensure DML/DDL Grants are Limited to Specific Databases and Users
5.10 Securely Define Stored Procedures and Functions DEFINER and INVOKER
6.1 Ensure 'log_error' is configured correctly
6.2 Ensure Log Files are Stored on a Non-System Partition
6.5 Ensure the Audit Plugin Can't be Unloaded
7.1 Disable use of the mysql_old_password plugin
7.2 Ensure Passwords are Not Stored in the Global Configuration
7.3 Ensure strong authentication is utilized for all accounts
7.4 Ensure Password Complexity Policies are in Place
7.5 Ensure No Users Have Wildcard Hostnames
7.6 Ensure No Anonymous Accounts Exist
8.1 Ensure 'require_secure_transport' is Set to 'ON' and 'have_ssl' is Set to 'YES'