Detections
Analytics

CIS MySQL 8.0 Enterprise Linux OS L1 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS MySQL 8.0 Enterprise Linux OS L1 v1.0.0

Updated: 9/21/2021

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 34

Audit Items

DescriptionCategories
1.1 Place Databases on Non-System Partitions

CONFIGURATION MANAGEMENT

1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service

ACCESS CONTROL

1.4 Verify That the MYSQL_PWD Environment Variables is Not in Use
1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles - .bash_profile
1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles - .bashrc
1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles - .profile
2.1.1 Backup Policy in Place
2.1.2 Verify Backups are Good

CONFIGURATION MANAGEMENT

2.1.3 Secure Backup Credentials

CONTINGENCY PLANNING

2.1.4 The Backups Should be Properly Secured

CONTINGENCY PLANNING

2.1.6 Disaster Recovery (DR) Plan

CONTINGENCY PLANNING

2.1.7 Backup of Configuration and Related Files

CONTINGENCY PLANNING

2.3 Dedicate the Machine Running MySQL

CONFIGURATION MANAGEMENT

2.4 Do Not Specify Passwords in the Command Line

IDENTIFICATION AND AUTHENTICATION

2.6 Ensure Non-Default, Unique Cryptographic Material is in Use
3.1 Ensure 'datadir' Has Appropriate Permissions - datadir Has Appropriate Permissions and Ownership

CONFIGURATION MANAGEMENT

3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions - log_bin_basename Files Have Appropriate Permissions and Ownership

CONFIGURATION MANAGEMENT

3.3 Ensure 'log_error' Has Appropriate Permissions - log_error Has Appropriate Permissions and Ownership

CONFIGURATION MANAGEMENT

3.4 Ensure 'slow_query_log' Has Appropriate Permissions - slow_query_log Has Appropriate Permissions and Ownership

CONFIGURATION MANAGEMENT

3.5 Ensure 'relay_log_basename' Files Have Appropriate Permissions - relay_log_basename Files Have Appropriate Permissions and Ownership

CONFIGURATION MANAGEMENT

3.6 Ensure 'general_log_file' Has Appropriate Permissions - general_log_file Has Appropriate Permissions and Ownership

CONFIGURATION MANAGEMENT

3.7 Ensure SSL Key Files Have Appropriate Permissions

CONFIGURATION MANAGEMENT

3.8 Ensure Plugin Directory Has Appropriate Permissions

CONFIGURATION MANAGEMENT

3.9 Ensure 'audit_log_file' Has Appropriate Permissions - audit_log_file has Appropriate Permissions and Ownership

CONFIGURATION MANAGEMENT

3.10 Secure MySQL Keyring - keyring_aws_conf_file
3.10 Secure MySQL Keyring - keyring_encrypted_file_data_path
3.10 Secure MySQL Keyring - keyring_file_data_path
3.10 Secure MySQL Keyring - keyring_hashicorp_store_path
3.10 Secure MySQL Keyring - keyring_oci_key_file
3.10 Secure MySQL Keyring - keyring_okv_path
4.5 Ensure 'mysqld' is Not Started With '--skip-grant-tables'

ACCESS CONTROL

6.4 Ensure 'log-raw' is Set to 'OFF'

CONFIGURATION MANAGEMENT

7.2 Ensure Passwords are Not Stored in the Global Configuration

IDENTIFICATION AND AUTHENTICATION

CIS_MySQL_8.0_Enterprise_Benchmark_v1.0.0_Level_1_OS_Linux.audit from CIS Oracle MySQL 8.0 Enterprise Edition v1.0.0