Detections
Analytics

CIS MariaDB 10.11 v1.0.0 L1 MariaDB RDBMS MySQLDB

Audit Details

Name: CIS MariaDB 10.11 v1.0.0 L1 MariaDB RDBMS MySQLDB

Updated: 3/30/2026

Authority: CIS

Plugin: MySQLDB

Revision: 1.0

Estimated Item Count: 32

File Details

Filename: CIS_MariaDB_10.11_v1.0.0_L1_MariaDB_RDBMS_MySQLDB.audit

Size: 95.2 kB

MD5: 13f08416f1c8526b45a2f013e11e565b
SHA256: bf1e4b3b513bc1ba8cb0ab6dd033b64b6e13d931ab3fe71ebb8030ee5b3e43ab

Audit Items

DescriptionCategories
2.4 Do Not Reuse Usernames

ACCESS CONTROL

2.6 Ensure 'password_lifetime' is Less Than or Equal to '365'

IDENTIFICATION AND AUTHENTICATION

4.2 Ensure Example or Test Databases are Not Installed on Production Servers

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.4 Harden Usage for 'local_infile' on MariaDB Clients

CONFIGURATION MANAGEMENT

4.6 Ensure Symbolic Links are Disabled

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.7 Ensure the 'secure_file_priv' is Configured Correctly

ACCESS CONTROL, MEDIA PROTECTION

5.1 Ensure Only Administrative Users Have Full Database Access

ACCESS CONTROL

5.2 Ensure 'FILE' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.6 Ensure 'CREATE USER' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.7 Ensure 'GRANT OPTION' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.8 Ensure 'REPLICATION SLAVE' is Not Granted to Non-Administrative Users

ACCESS CONTROL, MEDIA PROTECTION

5.9 Ensure DML/DDL Grants are Limited to Specific Databases and Users

ACCESS CONTROL, MEDIA PROTECTION

5.10 Securely Define Stored Procedures and Functions DEFINER and INVOKER

PLANNING, SYSTEM AND SERVICES ACQUISITION

6.1 Ensure 'log_error' is configured correctly

AUDIT AND ACCOUNTABILITY

6.2 Ensure Log Files are Stored on a Non-System Partition

AUDIT AND ACCOUNTABILITY

6.5 Ensure the Audit Plugin Can't be Unloaded

AUDIT AND ACCOUNTABILITY

7.1 Disable use of the mysql_old_password plugin

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure strong authentication is utilized for all accounts

IDENTIFICATION AND AUTHENTICATION

7.4 Ensure Password Complexity Policies are in Place

IDENTIFICATION AND AUTHENTICATION

7.5 Ensure No Users Have Wildcard Hostnames

ACCESS CONTROL, MEDIA PROTECTION

7.6 Ensure No Anonymous Accounts Exist

ACCESS CONTROL

7.7 Prevent Password Reuse

IDENTIFICATION AND AUTHENTICATION

8.1 Ensure 'require_secure_transport' is Set to 'ON' and 'have_ssl' is Set to 'YES'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.2 Ensure 'ssl_type' is Set to 'ANY', 'X509', or 'SPECIFIED' for All Remote Users

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.3 Set Maximum Connection Limits for Server and per User

SYSTEM AND COMMUNICATIONS PROTECTION

9.1 Ensure Replication Traffic is Secured

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

9.2 Ensure 'MASTER_SSL_VERIFY_SERVER_CERT' is enabled

CONFIGURATION MANAGEMENT

9.3 Ensure 'super_priv' is Not Set to 'Y' for Replication Users

ACCESS CONTROL

9.5 Ensure mutual TLS is enabled

CONFIGURATION MANAGEMENT

CIS_MariaDB_10.11_v1.0.0_L1_MariaDB_RDBMS_MySQLDB.audit from CIS MariaDB 10.11 1.0.0