Information
The encrypt_binlog system variable may be used to configure encryption of the binary and relay logs. This may be configured to ON even if binary logging is not enabled in order to encrypt relay log files.
Rationale:
The database, and thus the binary and relay logs, may contain sensitive information. Encrypting the binary and relay logs protects all data stored in these logs from internal and external threats.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Encryption of binary logs is configured by the encrypt_binlog system variable.
To remediate misconfiguration, add encrypt_binlog and restart MariaDB.
[mariadb]
...
# Binary Log Encryption
encrypt_binlog=ON
Default Value:
The default Default Value: OFF