CIS MySQL 5.7 Community Windows OS L1 v2.0.0

Audit Details

Name: CIS MySQL 5.7 Community Windows OS L1 v2.0.0

Updated: 6/17/2024

Authority: CIS

Plugin: Windows

Revision: 1.5

Estimated Item Count: 57

File Details

Filename: CIS_MySQL_5.7_Community_Benchmark_v2.0.0_OS_MS_L1.audit

Size: 182 kB

MD5: 1178480cf0436af0111becfa546cb0de

SHA256: a2a1dd12fc350c838d8705ce4103ef45a46be68eaba34e2317ab94a5bae7d8f9

Audit Items

Description	Categories
1.1 Place Databases on Non-System Partitions	SYSTEM AND COMMUNICATIONS PROTECTION
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service	ACCESS CONTROL
1.4 Verify That the MYSQL_PWD Environment Variable Is Not In Use	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.1.1 Backup Policy in Place	CONTINGENCY PLANNING
2.1.2 Verify Backups are Good	CONTINGENCY PLANNING
2.1.3 Secure Backup Credentials	ACCESS CONTROL, CONTINGENCY PLANNING, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION
2.1.4 The Backups Should be Properly Secured	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
2.1.6 Disaster Recovery (DR) Plan	CONTINGENCY PLANNING
2.1.7 Backup of Configuration and Related Files	CONTINGENCY PLANNING
2.2 Dedicate the Machine Running MySQL	SYSTEM AND COMMUNICATIONS PROTECTION
2.3 Do Not Specify Passwords in Command Line	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
2.5 Ensure Non-Default, Unique Cryptographic Material is in Use
3.1 Ensure 'datadir' Has Appropriate Permissions	ACCESS CONTROL, MEDIA PROTECTION
3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions	ACCESS CONTROL, MEDIA PROTECTION
3.3 Ensure 'log_error' Has Appropriate Permissions	ACCESS CONTROL, MEDIA PROTECTION
3.4 Ensure 'slow_query_log' Has Appropriate Permissions	ACCESS CONTROL, MEDIA PROTECTION
3.5 Ensure 'relay_log_basename' Files Have Appropriate Permissions	ACCESS CONTROL, MEDIA PROTECTION
3.6 Ensure 'general_log_file' Has Appropriate Permissions	ACCESS CONTROL, MEDIA PROTECTION
3.7 Ensure SSL Key Files Have Appropriate Permissions	ACCESS CONTROL, MEDIA PROTECTION
3.8 Ensure Plugin Directory Has Appropriate Permissions	ACCESS CONTROL, MEDIA PROTECTION
3.9 Secure MySQL Keyring - keyring_file_data_path	ACCESS CONTROL, MEDIA PROTECTION
4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.cnf	ACCESS CONTROL, MEDIA PROTECTION
4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.ini	ACCESS CONTROL, MEDIA PROTECTION
4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - %WINDIR%\my.cnf	ACCESS CONTROL, MEDIA PROTECTION
4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - %WINDIR%\my.ini	ACCESS CONTROL, MEDIA PROTECTION
4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - C:\my.cnf	ACCESS CONTROL, MEDIA PROTECTION
4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - C:\my.ini	ACCESS CONTROL, MEDIA PROTECTION
4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - Doesn't exist	ACCESS CONTROL, MEDIA PROTECTION
4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - MYSQL_INSTALL\my.cnf	ACCESS CONTROL, MEDIA PROTECTION
4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - MYSQL_INSTALL\my.ini	ACCESS CONTROL, MEDIA PROTECTION
6.4 Ensure 'log-raw' is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.cnf	MEDIA PROTECTION
6.4 Ensure 'log-raw' is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.ini	MEDIA PROTECTION
6.4 Ensure 'log-raw' is Set to 'OFF' - %WINDIR%\my.cnf	MEDIA PROTECTION
6.4 Ensure 'log-raw' is Set to 'OFF' - %WINDIR%\my.ini	MEDIA PROTECTION
6.4 Ensure 'log-raw' is Set to 'OFF' - C:\my.cnf	MEDIA PROTECTION
6.4 Ensure 'log-raw' is Set to 'OFF' - C:\my.ini	MEDIA PROTECTION
6.4 Ensure 'log-raw' is Set to 'OFF' - MYSQL_INSTALL\my.cnf	MEDIA PROTECTION
6.4 Ensure 'log-raw' is Set to 'OFF' - MYSQL_INSTALL\my.ini	MEDIA PROTECTION
7.2 Ensure Passwords are Not Stored in the Global Configuration	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.2 Ensure Passwords are Not Stored in the Global Configuration - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.cnf	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.2 Ensure Passwords are Not Stored in the Global Configuration - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.ini	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.2 Ensure Passwords are Not Stored in the Global Configuration - %WINDIR%\my.cnf	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.2 Ensure Passwords are Not Stored in the Global Configuration - %WINDIR%\my.ini	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.2 Ensure Passwords are Not Stored in the Global Configuration - C:\my.ini	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.2 Ensure Passwords are Not Stored in the Global Configuration - MYSQL_INSTALL\my.cnf	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.2 Ensure Passwords are Not Stored in the Global Configuration - MYSQL_INSTALL\my.ini	IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.cnf	PLANNING, SYSTEM AND SERVICES ACQUISITION
7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.ini	PLANNING, SYSTEM AND SERVICES ACQUISITION
7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - %WINDIR%\my.cnf	PLANNING, SYSTEM AND SERVICES ACQUISITION

Detections

Analytics

CIS MySQL 5.7 Community Windows OS L1 v2.0.0

Audit Details

File Details

Audit Items