CIS MySQL 5.7 Community Database L1 v2.0.0

Audit Details

Name: CIS MySQL 5.7 Community Database L1 v2.0.0

Updated: 6/17/2024

Authority: CIS

Plugin: MySQLDB

Revision: 1.1

Estimated Item Count: 62

File Details

Filename: CIS_MySQL_5.7_Community_Benchmark_v2.0.0_LEVEL_1_Database.audit

Size: 134 kB

MD5: b840491189f0c2052707885214fd6015
SHA256: eea142e024fe284685cb4b815b4859c63de972f328da280835ada17470221068

Audit Items

DescriptionCategories
1.1 Place Databases on Non-System Partitions

SYSTEM AND COMMUNICATIONS PROTECTION

2.4 Do Not Reuse Usernames

ACCESS CONTROL

2.6 Ensure 'password_lifetime' is Less Than or Equal to '365'

IDENTIFICATION AND AUTHENTICATION

2.7 Ensure Password Complexity is Configured - validate_password_check_user_name

IDENTIFICATION AND AUTHENTICATION

2.7 Ensure Password Complexity is Configured - validate_password_dictionary_file

IDENTIFICATION AND AUTHENTICATION

2.7 Ensure Password Complexity is Configured - validate_password_length

IDENTIFICATION AND AUTHENTICATION

2.7 Ensure Password Complexity is Configured - validate_password_mixed_case_count

IDENTIFICATION AND AUTHENTICATION

2.7 Ensure Password Complexity is Configured - validate_password_number_count

IDENTIFICATION AND AUTHENTICATION

2.7 Ensure Password Complexity is Configured - validate_password_policy

IDENTIFICATION AND AUTHENTICATION

2.7 Ensure Password Complexity is Configured - validate_password_special_char_count

IDENTIFICATION AND AUTHENTICATION

2.15 Implement Connection Delays to Limit Failed Login Attempts - CONNECTION_CONTROL

ACCESS CONTROL

2.15 Implement Connection Delays to Limit Failed Login Attempts - connection_control_failed_connections_threshold

ACCESS CONTROL

2.15 Implement Connection Delays to Limit Failed Login Attempts - CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS

ACCESS CONTROL

2.15 Implement Connection Delays to Limit Failed Login Attempts - connection_control_max_connection_delay

ACCESS CONTROL

2.15 Implement Connection Delays to Limit Failed Login Attempts - connection_control_min_connection_delay

ACCESS CONTROL

3.1 Ensure 'datadir' Has Appropriate Permissions
3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.3 Ensure 'log_error' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.4 Ensure 'slow_query_log' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.5 Ensure 'relay_log_basename' Files Have Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.6 Ensure 'general_log_file' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.7 Ensure SSL Key Files Have Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.8 Ensure Plugin Directory Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

4.1 Ensure the Latest Security Patches are Applied

SYSTEM AND SERVICES ACQUISITION

4.2 Ensure Example or Test Databases are Not Installed on Production Servers

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.4 Harden Usage for 'local_infile' on MySQL Clients

CONFIGURATION MANAGEMENT

4.6 Ensure Symbolic Links are Disabled

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.7 Ensure the 'daemon_memcached' Plugin Is Disabled

CONFIGURATION MANAGEMENT

4.8 Ensure the 'secure_file_priv' is Configured Correctly

ACCESS CONTROL, MEDIA PROTECTION

5.1 Ensure Only Administrative Users Have Full Database Access

ACCESS CONTROL

5.2 Ensure 'FILE' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.6 Ensure 'CREATE USER' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.7 Ensure 'GRANT OPTION' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.8 Ensure 'REPLICATION SLAVE' is Not Granted to Non-Administrative Users

ACCESS CONTROL, MEDIA PROTECTION

5.9 Ensure DML/DDL Grants Are Limited to Specific Databases and Users

ACCESS CONTROL, MEDIA PROTECTION

5.10 Securely Define Stored Procedures and Functions DEFINER and INVOKER

PLANNING, SYSTEM AND SERVICES ACQUISITION

6.1 Ensure 'log_error' is configured correctly

AUDIT AND ACCOUNTABILITY

6.2 Ensure Log Files Are Stored on a Non-System Partition

AUDIT AND ACCOUNTABILITY

7.1 Ensure default_authentication_plugin is Set to a Secure Option

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - '@@global.sql_mode'

PLANNING, SYSTEM AND SERVICES ACQUISITION

7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - '@@session.sql_mode'

PLANNING, SYSTEM AND SERVICES ACQUISITION

7.4 Ensure Passwords are Set for All MySQL Accounts

IDENTIFICATION AND AUTHENTICATION

7.5 Set 'default_password_lifetime' to Require a Yearly Password Change

ACCESS CONTROL

7.6 Ensure Password Complexity Policies are in Place - validate_password_check_user_name

IDENTIFICATION AND AUTHENTICATION

7.6 Ensure Password Complexity Policies are in Place - validate_password_dictionary_file

IDENTIFICATION AND AUTHENTICATION

7.6 Ensure Password Complexity Policies are in Place - validate_password_length

IDENTIFICATION AND AUTHENTICATION

7.6 Ensure Password Complexity Policies are in Place - validate_password_mixed_case_count

IDENTIFICATION AND AUTHENTICATION

7.6 Ensure Password Complexity Policies are in Place - validate_password_number_count

IDENTIFICATION AND AUTHENTICATION