2.1.4 Point-in-Time Recovery

Information

With binlogs it is possible to implement point-in-time recovery. This makes it possible to restore the changes between the last full backup and the point-in-time.

Enabling binlogs is not sufficient. The binlogs need to be backed up to separate media. The restore procedure should be created and tested. The data in the binlog files may contain sensitive information which needs be stored in the proper location with restrictive permissions and may require encryption.

Rationale:

Using binlogs can reduce the amount of information lost when recovering from a backup.

Impact:

Binlogs can grow quite large and take up a large amount of space so auto remove needs to be put into place.

Solution

Enable binlogs, then create and test a restore procedure.

Default Value:

The default for binlog-expire-logs-seconds is 2592000 seconds, or 30 days.

See Also

https://workbench.cisecurity.org/benchmarks/15112

Item Details

Category: CONTINGENCY PLANNING

References: 800-53|CP-9, 800-53|CP-10, CSCv7|10.2

Plugin: MySQLDB

Control ID: a75c5bed1125c372593526ac9152a1d3b59dbc5898128d693cbbb94872d3c273