6.4 Ensure Audit Logging Is Enabled

Information

Enabling audit logging is an important consideration for a production environment, and MariaDB plugin exist to help with this. Enable audit logging for

Connect events

Query and Table events (optional)

Rationale:

Audit logging helps to identify who changed what and when. The audit log might be used as evidence in investigations. It might also help to identify what an attacker was able to accomplish.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Although the plugin's shared library is distributed with MariaDB, the plugin is not actually installed by default.
Add the following to MariaDB's config file.

[mariadb]
...
#MariaDB plugin
plugin_load_add = server_audit
server_audit_logging=ON
server_audit_events=CONNECT

Reboot the instance.

See Also

https://workbench.cisecurity.org/benchmarks/16527

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2, 800-53|AU-7, 800-53|AU-12, CSCv7|6.2

Plugin: Unix

Control ID: 93369a07dfd7608dddfb2f14a916eb83d88dd56ea9fa25f8acd4b49780d585b6