6.6 Ensure ALL Events are Audited - audit_log_user

Information

This filter defines all events to be written to the audit log.

Rationale:

This filter to log all, and binding to all, users must be set to ensure all event information is written to the audit log.

Impact:

Logging all events can result in very large audit files. In the case where the database is extremely active it may be more appropriate to be more selective when defining audit filters.

Solution

Create Log All Filter:

SELECT audit_log_filter_set_filter('log_all', '{ 'filter': { 'log': true } }');

Apply to all logins:

SELECT audit_log_filter_set_user('%', 'log_all');

See Also

https://workbench.cisecurity.org/files/3855

Item Details

Category: AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AU-3, 800-53|AU-3(1), 800-53|AU-7, 800-53|AU-12, 800-53|IA-2(1), 800-53|IA-2(2)

Plugin: MySQLDB

Control ID: 1db9983a94d1c862f044a312308277d6bcd88a07edb28abcdf68bcd454e23596