6.2 Ensure Log Files are Stored on a Non-System Partition

Information

MariaDB log files can be set in the MariaDB configuration to exist anywhere on the filesystem. It is common practice to ensure that the system filesystem is left uncluttered by application logs. System filesystems include the root (/), /var, or /usr.

Rationale:

Moving the MariaDB logs off the system partition will reduce the probability of denial of service via the exhaustion of available disk space to the operating system.

Solution

Perform the following actions to remediate this setting:

Open the MariaDB configuration file (mariadb.cnf)

Locate the log_bin entry and set it to a file not on root (/), /var, or /usr

See Also

https://workbench.cisecurity.org/benchmarks/16527

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4, CSCv7|6.4

Plugin: MySQLDB

Control ID: 619ea7cd944589f49984671fd13bc8e088bdc801c69aff5c5bbd2160c06de136