6.5 Ensure 'log-raw' Is Set to 'OFF' - /etc/my.cnf

Information

The log-raw MySQL option determines whether passwords are rewritten by the server so as not to appear in log files as plain text. If log-raw is enabled, then passwords are written to the various log files (general query log, slow query log, and binary log) in plain text.

Solution

Perform the following actions to remediate this setting:
- Open the MySQL configuration file (my.cnf)
- Find the log-raw entry and set it as follows

log-raw = OFF

See Also

https://workbench.cisecurity.org/files/1617