3.10 Secure MySQL Keyring - keyring_file_data_path

Information

When configured to use a Keyring plugin, internal MySQL components and plugins may securely store sensitive information for later retrieval. Associated files for the selected keyring type should have proper permissions.

Rationale:

Limiting the accessibility of these objects will protect the confidentiality, integrity, and availability of internal MySQL component and plugin information.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

If no keyring plugin or keyring file plugin is configured, instructions for configuring a keyring plugin or keyring file plugin may found at:

KMIP - https://dev.mysql.com/doc/refman/5.7/en/keyring-okv-plugin.html#keyring-okv-configuration

AWS - https://dev.mysql.com/doc/refman/5.7/en/keyring-aws-plugin.html#keyring-aws-plugin-configuration

Execute the following command for each Keyring file location requiring corrected permissions:

chmod 750 <keyring file>
chown mysql:mysql <keyring file>

See Also

https://workbench.cisecurity.org/files/3855

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: Windows

Control ID: c7bdb950f43780c815f01dc75ba96db0940d5fed224d87b23a4e90100fed1ad4