6.5 Ensure Audit Logging Is Enabled - audit_log_user

Information

Audit logging is not really included in the Community Edition of MySQL - only the general log. Using the general log is possible, but not practical, because it grows quickly and has an adverse impact on server performance.

Nevertheless, enabling audit logging is an important consideration for a production environment, and third-party tools do exist to help with this. Enable audit logging for

Interactive user sessions

Application sessions (optional)

Rationale:

Audit logging helps to identify who changed what and when. The audit log might be used as evidence in investigations. It might also help to identify what an attacker was able to accomplish.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Acquire a third-party MySQL logging solution as available from a variety of sources including, but not necessarily limited to, the following:

The General Query Log

MySQL Enterprise Audit

MariaDB Audit Plugin for MySQL

McAfee MySQL Audit

See Also

https://workbench.cisecurity.org/files/3844

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2, 800-53|AU-7, 800-53|AU-12, CSCv7|6.2

Plugin: MySQLDB

Control ID: a72354f13fb061e74daa4554bc5f7f0b6563c59a41708da5c56e6253528e1d94