7.6 Ensure No Users Have Wildcard Hostnames

Information

MySQL can make use of host wildcards when granting permissions to users on specific databases. For example, you may grant a given privilege to '<user>'@'%'.

Rationale:

Avoiding the use of wildcards within hostnames helps control the specific locations from which a given user may connect to and interact with the database.

Solution

Perform the following actions to remediate this setting:

Enumerate all users returned after running the audit procedure.

Either ALTER the user's host to be specific or DROP the user.

See Also

https://workbench.cisecurity.org/benchmarks/15112

Item Details

Category: ACCESS CONTROL, MEDIA PROTECTION

References: 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|MP-2, CSCv7|14.6

Plugin: MySQLDB

Control ID: 4fbb16b1a9b012ca947a1c7e6bac3c35e391201153e4d7fb72aea65d40975198