2.1.3 Secure Backup Credentials

Information

A database user with the least amount of privileges required to perform backup is needed for backup. The credentials for this user should be protected. The password, certificate and any other credentials should be protected.

Rationale:

When the backup credentials are not properly secured then they might be abused to gain access to the server. The backup user needs an account with many privileges, so the attacker can gain (almost) complete access to the server.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Change file permissions.

See Also

https://workbench.cisecurity.org/files/3848

Item Details

Category: ACCESS CONTROL, CONTINGENCY PLANNING, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|CP-9, 800-53|MP-2, 800-53|SC-28, CSCv7|10.4

Plugin: MySQLDB

Control ID: 50ab9715695b54ce0a095e954795ba14af9c8dea2a14f6b827cdafa9a9789101