CIS MySQL 8.0 Community Linux OS L1 v1.0.0

Audit Details

Name: CIS MySQL 8.0 Community Linux OS L1 v1.0.0

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 26

File Details

Filename: CIS_MySQL_8.0_Community_Benchmark_v1.0.0_Level_1_OS_Linux.audit

Size: 61.1 kB

MD5: 5f761ae4f3b52dec224986a9b851dc2a
SHA256: bad5a29dc907fcf31bd56d63aa36c2e9882a7036f879292dba8b03014a6189f2

Audit Items

DescriptionCategories
1.1 Place Databases on Non-System Partitions

SYSTEM AND COMMUNICATIONS PROTECTION

1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service

ACCESS CONTROL

1.4 Verify That the MYSQL_PWD Environment Variable is Not in Use

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1 Backup Policy in Place

CONTINGENCY PLANNING

2.1.2 Verify Backups are Good

CONTINGENCY PLANNING

2.1.3 Secure Backup Credentials

ACCESS CONTROL, CONTINGENCY PLANNING, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.5 Disaster Recovery (DR) Plan

CONTINGENCY PLANNING

2.1.6 Backup of Configuration and Related Files

CONTINGENCY PLANNING

2.3 Dedicate the Machine Running MySQL

SYSTEM AND COMMUNICATIONS PROTECTION

2.4 Do Not Specify Passwords in the Command Line

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.6 Ensure Non-Default, Unique Cryptographic Material is in Use

CONFIGURATION MANAGEMENT

3.1 Ensure 'datadir' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.3 Ensure 'log_error' Has Appropriate Permissions

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Ensure 'slow_query_log' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.5 Ensure 'relay_log_basename' Files Have Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.6 Ensure 'general_log_file' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.7 Ensure SSL Key Files Have Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.8 Ensure Plugin Directory Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.9 Ensure 'audit_log_file' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

4.4 Harden Usage for 'local_infile' on MySQL Clients

CONFIGURATION MANAGEMENT

4.5 Ensure 'mysqld' is Not Started With '--skip-grant-tables'

ACCESS CONTROL, MEDIA PROTECTION

6.4 Ensure 'log-raw' is Set to 'OFF'

MEDIA PROTECTION

7.2 Ensure Passwords are Not Stored in the Global Configuration

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

CIS_MySQL_8.0_Community_Benchmark_v1.0.0_Level_1_OS_Linux.audit from CIS Oracle MySQL 8.0 Community Edition Benchmark