Information
Enabling audit logging is an important consideration for a production environment, and MariaDB plugin exist to help with this. Enable audit logging for
Connect events
Query and Table events (optional)
Rationale:
Audit logging helps to identify who changed what and when. The audit log might be used as evidence in investigations. It might also help to identify what an attacker was able to accomplish.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Although the plugin's shared library is distributed with MariaDB, the plugin is not actually installed by default.
Add the following to MariaDB's config file.
[mariadb]
...
#MariaDB plugin
plugin_load_add = server_audit
server_audit_logging=ON
server_audit_events=CONNECT
Reboot the instance.