Detections
Analytics

CIS MySQL 8.0 Enterprise Database L1 v1.2.1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS MySQL 8.0 Enterprise Database L1 v1.2.1

Updated: 6/17/2024

Authority: CIS

Plugin: MySQLDB

Revision: 1.2

Estimated Item Count: 58

Audit Items

DescriptionCategories
1.1 Place Databases on Non-System Partitions
2.5 Do Not Reuse Usernames
2.7 Ensure 'password_lifetime' is Less Than or Equal to '365'
2.8 Ensure Password Resets Require Strong Passwords - password_history
2.8 Ensure Password Resets Require Strong Passwords - password_reuse_interval
2.18 Implement Connection Delays to Limit Failed Login Attempts - CONNECTION_CONTROL
2.18 Implement Connection Delays to Limit Failed Login Attempts - connection_control_failed_connections_threshold
2.18 Implement Connection Delays to Limit Failed Login Attempts - CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS
2.18 Implement Connection Delays to Limit Failed Login Attempts - connection_control_max_connection_delay
2.18 Implement Connection Delays to Limit Failed Login Attempts - connection_control_min_connection_delay
3.1 Ensure 'datadir' Has Appropriate Permissions - datadir Has Appropriate Permissions and Ownership
3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions - log_bin_basename Files Have Appropriate Permissions and Ownership
3.3 Ensure 'log_error' Has Appropriate Permissions - log_error Has Appropriate Permissions and Ownership
3.4 Ensure 'slow_query_log' Has Appropriate Permissions - slow_query_log Has Appropriate Permissions and Ownership
3.5 Ensure 'relay_log_basename' Files Have Appropriate Permissions - relay_log_basename Files Have Appropriate Permissions and Ownership
3.6 Ensure 'general_log_file' Has Appropriate Permissions - general_log_file Has Appropriate Permissions and Ownership
3.7 Ensure SSL Key Files Have Appropriate Permissions
3.8 Ensure Plugin Directory Has Appropriate Permissions
3.9 Ensure 'audit_log_file' Has Appropriate Permissions - audit_log_file has Appropriate Permissions and Ownership
4.1 Ensure Latest Security Patches Are Applied
4.2 Ensure Example or Test Databases are Not Installed on Production Servers
4.4 Harden Usage for 'local_infile' on MySQL Clients
4.6 Ensure Symbolic Links are Disabled
4.7 Ensure the 'daemon_memcached' Plugin is Disabled
4.8 Ensure the 'secure_file_priv' is Configured Correctly
5.1 Ensure Only Administrative Users Have Full Database Access - mysql.db
5.1 Ensure Only Administrative Users Have Full Database Access - mysql.user
5.2 Ensure 'FILE' is Not Granted to Non-Administrative Users
5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users
5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users
5.6 Ensure 'CREATE USER' is Not Granted to Non-Administrative Users
5.7 Ensure 'GRANT OPTION' is Not Granted to Non-Administrative Users - mysql.db
5.7 Ensure 'GRANT OPTION' is Not Granted to Non-Administrative Users - mysql.user
5.8 Ensure 'REPLICATION SLAVE' is Not Granted to Non-Administrative Users
5.9 Ensure DML/DDL Grants are Limited to Specific Databases and Users
5.10 Securely Define Stored Procedures and Functions DEFINER and INVOKER
6.1 Ensure 'log_error' is configured correctly
6.2 Ensure Log Files are Stored on a Non-System Partition
6.5 Ensure Audit Filters Capture Connection Attempts
6.8 Ensure the Audit Plugin Can't be Unloaded
7.1 Ensure default_authentication_plugin is Set to a Secure Option
7.3 Ensure Passwords are Set for All MySQL Accounts
7.4 Set 'default_password_lifetime' to Require a Yearly Password Change
7.5 Ensure Password Complexity Policies are in Place - 'validate_password_length'
7.5 Ensure Password Complexity Policies are in Place - 'validate_password_mixed_case_count'
7.5 Ensure Password Complexity Policies are in Place - 'validate_password_number_count'
7.5 Ensure Password Complexity Policies are in Place - 'validate_password_policy'
7.5 Ensure Password Complexity Policies are in Place - 'validate_password_special_char_count'
7.6 Ensure No Users Have Wildcard Hostnames
7.7 Ensure No Anonymous Accounts Exist