MYS8-00-009600 - The MySQL Database Server 8.0 must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

Information

To ensure sufficient storage capacity for the audit logs, the Database Management System (DBMS) must be able to allocate audit record storage capacity. Although another requirement (SRG-APP-000515-DB-000318) mandates that audit data be off-loaded to a centralized log management system, it remains necessary to provide space on the database server to serve as a buffer against outages and capacity limits of the off-loading mechanism.

The task of allocating audit record storage capacity is usually performed during initial installation of the DBMS and is closely associated with the DBA and system administrator roles. The DBA or system administrator will usually coordinate the allocation of physical drive space with the application owner/installer and the application will prompt the installer to provide the capacity information, the physical location of the disk, or both.

In determining the capacity requirements, consider such factors as: total number of users; expected number of concurrent users during busy periods; number and type of events being monitored; types and amounts of data being captured; the frequency/speed with which audit records are off-loaded to the central log management system; and any limitations that exist on the DBMS's ability to reuse the space formerly occupied by off-loaded records.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Review the MySQL Audit file location, ensure the destination has enough space available to accommodate the maximum total size of all files that could be written.

Use a script or third-party tool to manage the maximum number of audit log files that are to be stored, staying within the number of logs the system was sized to support.

Use compression and JSON format to reduce file growth.

Update the location for audit_log_file in the MySQL configuration file, for example:
[mysqld]
audit-log-file=/var/log/mysql/audit.log
audit-log-format=JSON
audit-log-compression=GZIP

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_MySQL_8-0_V2R2_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4, CAT|II, CCI|CCI-001849, Rule-ID|SV-235173r961392_rule, STIG-ID|MYS8-00-009600, Vuln-ID|V-235173

Plugin: MySQLDB

Control ID: 886f03092e899a2fa709a1840cc5294b959d4e3a64b7e0a494af3ed3aa3e7233