3.9 Secure MySQL Keyring - keyring_file_data_path

Information

When configured to use a Keyring plugin, internal MySQL components and plugins may securely store sensitive information for later retrieval. Associated files for the selected keyring type should have proper permissions.

Rationale:

Limiting the accessibility of these objects will protect the confidentiality, integrity, and availability of internal MySQL component and plugin information.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

If no keyring plugin or keyring file plugin is configured, instructions for configuring a keyring plugin or keyring file plugin may found at:

KMIP - https://dev.mysql.com/doc/refman/5.7/en/keyring-okv-plugin.html#keyring-okv-configuration

AWS - https://dev.mysql.com/doc/refman/5.7/en/keyring-aws-plugin.html#keyring-aws-plugin-configuration

Execute the following command for each Keyring file location requiring corrected permissions:

chmod 750 <keyring file>
chown mysql:mysql <keyring file>

See Also

https://workbench.cisecurity.org/files/3844

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Windows

Control ID: f9697d9efe573a40c5b891bdb4dae29c1a0865cbd640e84d12fd91df2b888198