CIS MariaDB 10.6 Database L1 v1.1.0

Audit Details

Name: CIS MariaDB 10.6 Database L1 v1.1.0

Updated: 6/17/2024

Authority: CIS

Plugin: MySQLDB

Revision: 1.1

Estimated Item Count: 38

File Details

Filename: CIS_MariaDB_10.6_Benchmark_v1.1.0_L1_Database.audit

Size: 99 kB

MD5: af45e943d2d9cef4555184be226b2e41

SHA256: c94f4b56f5959a284e53938af6125ba0f0e53ca9bd0c9c1113ae88a5c83ea9c3

Audit Items

Description	Categories
2.1.1 Backup Policy in Place	CONTINGENCY PLANNING
2.1.2 Verify Backups are Good	CONTINGENCY PLANNING
2.1.3 Secure Backup Credentials	ACCESS CONTROL, CONTINGENCY PLANNING, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION
2.1.4 The Backups Should be Properly Secured	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
2.1.6 Disaster Recovery (DR) Plan	CONTINGENCY PLANNING
2.1.7 Backup of Configuration and Related Files	CONTINGENCY PLANNING
2.2 Dedicate the Machine Running MariaDB	SYSTEM AND COMMUNICATIONS PROTECTION
2.4 Do Not Reuse Usernames	ACCESS CONTROL
2.6 Ensure 'password_lifetime' is Less Than or Equal to '365'	IDENTIFICATION AND AUTHENTICATION
4.2 Ensure Example or Test Databases are Not Installed on Production Servers	PLANNING, SYSTEM AND SERVICES ACQUISITION
4.4 Harden Usage for 'local_infile' on MariaDB Clients	CONFIGURATION MANAGEMENT
4.6 Ensure Symbolic Links are Disabled	PLANNING, SYSTEM AND SERVICES ACQUISITION
4.7 Ensure the 'secure_file_priv' is Configured Correctly	ACCESS CONTROL, MEDIA PROTECTION
5.1 Ensure Only Administrative Users Have Full Database Access	ACCESS CONTROL
5.2 Ensure 'FILE' is Not Granted to Non-Administrative Users	ACCESS CONTROL
5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users	ACCESS CONTROL
5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users	ACCESS CONTROL
5.6 Ensure 'CREATE USER' is Not Granted to Non-Administrative Users	ACCESS CONTROL
5.7 Ensure 'GRANT OPTION' is Not Granted to Non-Administrative Users	ACCESS CONTROL
5.8 Ensure 'REPLICATION SLAVE' is Not Granted to Non-Administrative Users	ACCESS CONTROL, MEDIA PROTECTION
5.9 Ensure DML/DDL Grants are Limited to Specific Databases and Users	ACCESS CONTROL, MEDIA PROTECTION
5.10 Securely Define Stored Procedures and Functions DEFINER and INVOKER	PLANNING, SYSTEM AND SERVICES ACQUISITION
6.1 Ensure 'log_error' is configured correctly	AUDIT AND ACCOUNTABILITY
6.2 Ensure Log Files are Stored on a Non-System Partition	AUDIT AND ACCOUNTABILITY
6.5 Ensure the Audit Plugin Can't be Unloaded	AUDIT AND ACCOUNTABILITY
7.1 Disable use of the mysql_old_password plugin	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.3 Ensure strong authentication is utilized for all accounts	IDENTIFICATION AND AUTHENTICATION
7.4 Ensure Password Complexity Policies are in Place	IDENTIFICATION AND AUTHENTICATION
7.5 Ensure No Users Have Wildcard Hostnames	ACCESS CONTROL, MEDIA PROTECTION
7.6 Ensure No Anonymous Accounts Exist	ACCESS CONTROL
8.1 Ensure 'require_secure_transport' is Set to 'ON' and 'have_ssl' is Set to 'YES'	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
8.2 Ensure 'ssl_type' is Set to 'ANY', 'X509', or 'SPECIFIED' for All Remote Users	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
8.3 Set Maximum Connection Limits for Server and per User	SYSTEM AND COMMUNICATIONS PROTECTION
9.1 Ensure Replication Traffic is Secured	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
9.2 Ensure 'MASTER_SSL_VERIFY_SERVER_CERT' is enabled	CONFIGURATION MANAGEMENT
9.3 Ensure 'super_priv' is Not Set to 'Y' for Replication Users	ACCESS CONTROL
9.5 Ensure mutual TLS is enabled	CONFIGURATION MANAGEMENT
CIS_MariaDB_10.6_Benchmark_v1.1.0_L1_Database.audit from CIS MariaDB 10.6 Benchmark

Detections

Analytics

CIS MariaDB 10.6 Database L1 v1.1.0

Audit Details

File Details

Audit Items