5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The SHUTDOWN privilege simply enables use of the shutdown option to the mysqladmin command, which allows a user with the SHUTDOWN privilege the ability to shut down the MariaDB server.

Rationale:

The SHUTDOWN privilege allows principals to shutdown MariaDB. This may be leveraged by an attacker to negatively impact the availability of MariaDB.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Perform the following steps to remediate this setting:

Enumerate the non-administrative users found in the result set of the audit procedure.

For each user, issue the following SQL statement (replace <user> with the non-administrative user):

REVOKE SHUTDOWN ON *.* FROM '<user>';

See Also

https://workbench.cisecurity.org/benchmarks/12270