6.5 Ensure 'audit_log_connection_policy' is Not Set to 'NONE' - NONE

Information

The audit_log_connection_policy variable controls how the audit plugin writes connection events to the audit log file.

Rationale:

The audit_log_connection_policy offers three options: NONE, ERRORS, and ALL. Each option determines whether connection events are logged and the type of connection events that are logged. Setting a non 'NONE' value for audit_log_connection_policy ensures at a minimum, failed connection events are being logged. The ERRORS setting will log failed connection events and the ALL setting will log all connection events.

Impact:

If audit_log_connection_policy is set to NONE, the MySQL server will not log failed connections, successful connections or any other connection related events.

Solution

To remediate this configuration setting, execute one of the following SQL statements:

set global audit_log_connection_policy = ERRORS

Or

set global audit_log_connection_policy = ALL

To ensure this remediation remains indefinite for the life of the MySQL Server, set audit_log_connection_policy in the server's assigned MySQL configuration file (usually named my.cnf, but not always).

Default Value:

The default value for audit_log_connection_policy is ALL.

See Also

https://workbench.cisecurity.org/files/3848