3.9 Secure MySQL Keyring - keyring_okv_path

Information

When configured to use a Keyring plugin, internal MySQL components and plugins may securely store sensitive information for later retrieval. Associated files for the selected keyring type should have proper permissions.

Rationale:

Limiting the accessibility of these objects will protect the confidentiality, integrity, and availability of internal MySQL component and plugin information.

Solution

If no keyring plugin or keyring file plugin is configured, instructions for configuring a keyring plugin or keyring file plugin may found at:

KMIP - https://dev.mysql.com/doc/refman/5.7/en/keyring-okv-plugin.html#keyring-okv-configuration

AWS - https://dev.mysql.com/doc/refman/5.7/en/keyring-aws-plugin.html#keyring-aws-plugin-configuration

Execute the following command for each Keyring file location requiring corrected permissions:

chmod 750 <keyring file>
chown mysql:mysql <keyring file>

See Also

https://workbench.cisecurity.org/files/3844

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Unix

Control ID: f9697d9efe573a40c5b891bdb4dae29c1a0865cbd640e84d12fd91df2b888198