9.3 Ensure 'master_info_repository' Is Set to 'TABLE'

Information

The master_info_repository setting determines to where a SLAVE logs MASTER status and connection information. The options are FILE or TABLE. Note also that this setting is associated with the sync_master_info setting as well.

Rationale:

The password which the client uses is stored in the MASTER info repository, which by default is a plaintext file. The TABLE MASTER info repository is a bit safer, but with filesystem access it's still possible to gain access to the password the SLAVE is using.

Solution

Perform the following actions to remediate this setting:

Open the MySQL configuration file (my.cnf)

Locate master_info_repository

Set the master_info_repository value to TABLE

Note: If master_info_repository does not exist, add it to the configuration file.

Default Value:

FILE

See Also

https://workbench.cisecurity.org/files/3844

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: MySQLDB

Control ID: 17d5032fbfb5b8f79470fc8c8e84a1b5e50f37a6707e3a54baf4f681e3a7415d