CIS MariaDB 10.6 on Linux L2 v1.1.0

Audit Details

Name: CIS MariaDB 10.6 on Linux L2 v1.1.0

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 20

File Details

Filename: CIS_MariaDB_10.6_Benchmark_v1.1.0_L2_Linux_OS.audit

Size: 43.3 kB

MD5: e3afe2801746e97d6ece144a2af160c0
SHA256: b455bb0a9c14c81950ed3ec14cbc102a20d52466104ebad0e0c932a687d0d52b

Audit Items

DescriptionCategories
1.3 Disable MariaDB Command History - .mysql_history

MEDIA PROTECTION

1.3 Disable MariaDB Command History - ~/.mysql_history

MEDIA PROTECTION

1.5 Ensure Interactive Login is Disabled

ACCESS CONTROL

1.7 Ensure MariaDB is Run Under a Sandbox Environment

SYSTEM AND COMMUNICATIONS PROTECTION

2.1.5 Point-in-Time Recovery

CONTINGENCY PLANNING

2.7 Lock Out Accounts if Not Currently in Use

ACCESS CONTROL

2.8 Ensure Socket Peer-Credential Authentication is Used Appropriately

CONFIGURATION MANAGEMENT

2.9 Ensure MariaDB is Bound to an IP Address

PLANNING, SYSTEM AND SERVICES ACQUISITION

2.10 Limit Accepted Transport Layer Security (TLS) Versions

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Require Client-Side Certificates (X.509)

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.12 Ensure Only Approved Ciphers are Used

SYSTEM AND SERVICES ACQUISITION

4.3 Ensure 'allow-suspicious-udfs' is Set to 'OFF'

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.8 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES'

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.9 Enable data-at-rest encryption in MariaDB

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users

ACCESS CONTROL

6.3 Ensure 'log_warnings' is Set to '2'

AUDIT AND ACCOUNTABILITY

6.4 Ensure Audit Logging Is Enabled

AUDIT AND ACCOUNTABILITY

6.6 Ensure Binary and Relay Logs are Encrypted

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

9.4 Ensure only approved ciphers are used for Replication

SYSTEM AND SERVICES ACQUISITION

CIS_MariaDB_10.6_Benchmark_v1.1.0_L2_Linux_OS.audit from CIS MariaDB 10.6 Benchmark