CIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0

Audit Details

Name: CIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.5

Estimated Item Count: 45

File Details

Filename: CIS_MySQL_5.7_Enterprise_Benchmark_v2.0.0_Level_1_OS_Linux.audit

Size: 114 kB

MD5: 27f8baed0b442ff66737dd0570d389b8
SHA256: df3f9eb04aeb61d8913fdcfb7c371c68246d68c505a7ad18b3de86e71efb5ef9

Audit Items

DescriptionCategories
1.1 Place Databases on Non-System Partitions

SYSTEM AND COMMUNICATIONS PROTECTION

1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service

ACCESS CONTROL

1.4 Verify That the MYSQL_PWD Environment Variable Is Not In Use

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles - .bash_profile

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles - .bashrc

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles - .profile

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1 Backup Policy in Place

CONTINGENCY PLANNING

2.1.2 Verify Backups are Good

CONTINGENCY PLANNING

2.1.3 Secure Backup Credentials

ACCESS CONTROL, CONTINGENCY PLANNING, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.4 The Backups Should be Properly Secured

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.6 Disaster Recovery (DR) Plan

CONTINGENCY PLANNING

2.1.7 Backup of Configuration and Related Files

CONTINGENCY PLANNING

2.2 Dedicate the Machine Running MySQL

SYSTEM AND COMMUNICATIONS PROTECTION

2.3 Do Not Specify Passwords in Command Line

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.5 Ensure Non-Default, Unique Cryptographic Material is in Use

CONFIGURATION MANAGEMENT

3.1 Ensure 'datadir' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.3 Ensure 'log_error' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.4 Ensure 'slow_query_log' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.5 Ensure 'relay_log_basename' Files Have Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.6 Ensure 'general_log_file' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.7 Ensure SSL Key Files Have Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.8 Ensure Plugin Directory Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.9 Ensure 'audit_log_file' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.10 Secure MySQL Keyring - keyring_aws_conf_file

ACCESS CONTROL, MEDIA PROTECTION

3.10 Secure MySQL Keyring - keyring_encrypted_file_data_path

ACCESS CONTROL, MEDIA PROTECTION

3.10 Secure MySQL Keyring - keyring_file_data_path

ACCESS CONTROL, MEDIA PROTECTION

3.10 Secure MySQL Keyring - keyring_okv_path

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started With '--skip-grant-tables' - --skip-grant-tables

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started With '--skip-grant-tables' - /etc/my.cnf

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started With '--skip-grant-tables' - /etc/mysql/my.cnf

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started With '--skip-grant-tables' - SYSCONFDIR/my.cnf

ACCESS CONTROL, MEDIA PROTECTION

6.4 Ensure 'log-raw' is Set to 'OFF' - /etc/my.cnf

MEDIA PROTECTION

6.4 Ensure 'log-raw' is Set to 'OFF' - /etc/mysql/my.cnf

MEDIA PROTECTION

6.4 Ensure 'log-raw' is Set to 'OFF' - SYSCONFDIR/my.cnf

MEDIA PROTECTION

6.4 Ensure 'log-raw' is Set to 'OFF' - SYSCONFDIRmy.cnf

MEDIA PROTECTION

7.2 Ensure Passwords are Not Stored in the Global Configuration

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Passwords are Not Stored in the Global Configuration - /etc/my.cnf

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Passwords are Not Stored in the Global Configuration - /etc/mysql/my.cnf

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Passwords are Not Stored in the Global Configuration - SYSCONFDIR/my.cnf

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER'

PLANNING, SYSTEM AND SERVICES ACQUISITION

7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - /etc/my.cnf

PLANNING, SYSTEM AND SERVICES ACQUISITION

7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - SYSCONFDIR/my.cnf

PLANNING, SYSTEM AND SERVICES ACQUISITION

9.1 Ensure Replication Traffic Is Secured

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

CIS_MySQL_5.7_Enterprise_Benchmark_v2.0.0_Level_1_OS_Linux.audit from CIS Oracle MySQL 5.7 Enterprise Edition Benchmark