1.1 Place Databases on Non-System Partitions | SYSTEM AND COMMUNICATIONS PROTECTION |
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | ACCESS CONTROL |
1.4 Verify That the MYSQL_PWD Environment Variable is Not in Use | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .bash_profile | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .bashrc | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .profile | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.1 Backup Policy in Place | CONTINGENCY PLANNING |
2.1.2 Verify Backups are Good | CONTINGENCY PLANNING |
2.1.3 Secure Backup Credentials | ACCESS CONTROL, CONTINGENCY PLANNING, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.4 The Backups Should be Properly Secured | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.6 Disaster recovery plan | CONTINGENCY PLANNING |
2.1.7 Backup of Configuration and Related Files | CONTINGENCY PLANNING |
2.2 Dedicate the Machine Running MySQL | SYSTEM AND COMMUNICATIONS PROTECTION |
2.3 Do Not Specify Passwords in Command Line | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.1 Ensure 'datadir' Has Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
3.3 Ensure 'log_error' Has Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
3.4 Ensure 'slow_query_log' Has Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
3.5 Ensure 'relay_log_basename' Files Have Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
3.6 Ensure 'general_log_file' Has Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
3.7 Ensure SSL Key Files Have Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
3.8 Ensure Plugin Directory Has Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
3.9 Ensure 'audit_log_file' Has Appropriate Permissions - audit_log_file has Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - --skip-grant-tables | ACCESS CONTROL, MEDIA PROTECTION |
4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - /etc/my.cnf | ACCESS CONTROL, MEDIA PROTECTION |
4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - /etc/mysql/my.cnf | ACCESS CONTROL, MEDIA PROTECTION |
4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - mysqld process | ACCESS CONTROL, MEDIA PROTECTION |
4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - SYSCONFDIR/my.cnf | ACCESS CONTROL, MEDIA PROTECTION |
6.4 Ensure 'log-raw' Is Set to 'OFF' - /etc/my.cnf | MEDIA PROTECTION |
6.4 Ensure 'log-raw' Is Set to 'OFF' - /etc/mysql/my.cnf | MEDIA PROTECTION |
6.4 Ensure 'log-raw' Is Set to 'OFF' - SYSCONFDIR/my.cnf | MEDIA PROTECTION |
6.4 Ensure 'log-raw' Is Set to 'OFF' - SYSCONFDIRmy.cnf | MEDIA PROTECTION |
7.3 Ensure Passwords Are Not Stored in the Global Configuration | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
7.3 Ensure Passwords Are Not Stored in the Global Configuration - /etc/my.cnf | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
7.3 Ensure Passwords Are Not Stored in the Global Configuration - /etc/mysql/my.cnf | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
7.3 Ensure Passwords Are Not Stored in the Global Configuration - SYSCONFDIR/my.cnf | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
CIS_MySQL_5.6_Enterprise_Benchmark_v2.0.0_OS_UNIX_L1.audit from CIS Oracle MySQL 5.6 Enterprise Edition Benchmark | |