3.9 Ensure 'audit_log_file' has Appropriate Permissions and Ownership

Information

Limiting the accessibility of these objects will protect the confidentiality, integrity, and availability of the MySQL logs.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Execute the following commands for the audit_log_file discovered in the audit procedure: chmod 660 <audit_log_file>chown mysql:mysql <audit_log_file> Impact: Changing the permissions and ownership of the audit log file may have impact on who can access and edit the the audit log. Such changes can affect monitoring tools which maybe using a logfile adapter or scripted alternatives. Also the audit log may be used by alerting by infrastructure teams which can affect real-time audit capability.

See Also

https://workbench.cisecurity.org/files/1619