1.3 Disable MariaDB Command History - .mysql_history | MEDIA PROTECTION |
1.3 Disable MariaDB Command History - ~/.mysql_history | MEDIA PROTECTION |
1.5 Ensure Interactive Login is Disabled | ACCESS CONTROL |
1.7 Ensure MariaDB is Run Under a Sandbox Environment | SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.5 Point-in-Time Recovery | CONTINGENCY PLANNING |
2.7 Lock Out Accounts if Not Currently in Use | ACCESS CONTROL |
2.8 Ensure Socket Peer-Credential Authentication is Used Appropriately | CONFIGURATION MANAGEMENT |
2.9 Ensure MariaDB is Bound to an IP Address | PLANNING, SYSTEM AND SERVICES ACQUISITION |
2.10 Limit Accepted Transport Layer Security (TLS) Versions | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.11 Require Client-Side Certificates (X.509) | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.12 Ensure Only Approved Ciphers are Used | SYSTEM AND SERVICES ACQUISITION |
4.3 Ensure 'allow-suspicious-udfs' is Set to 'OFF' | PLANNING, SYSTEM AND SERVICES ACQUISITION |
4.8 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' | PLANNING, SYSTEM AND SERVICES ACQUISITION |
4.9 Enable data-at-rest encryption in MariaDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users | ACCESS CONTROL |
6.3 Ensure 'log_warnings' is Set to '2' | AUDIT AND ACCOUNTABILITY |
6.4 Ensure Audit Logging Is Enabled | AUDIT AND ACCOUNTABILITY |
6.6 Ensure Binary and Relay Logs are Encrypted | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
9.4 Ensure only approved ciphers are used for Replication | SYSTEM AND SERVICES ACQUISITION |
CIS_MariaDB_10.6_Benchmark_v1.1.0_L2_Linux_OS.audit from CIS MariaDB 10.6 Benchmark | |