CIS MariaDB 10.6 Database L1 v1.1.0

Audit Details

Name: CIS MariaDB 10.6 Database L1 v1.1.0

Updated: 6/17/2024

Authority: CIS

Plugin: MySQLDB

Revision: 1.1

Estimated Item Count: 38

File Details

Filename: CIS_MariaDB_10.6_Benchmark_v1.1.0_L1_Database.audit

Size: 99 kB

MD5: af45e943d2d9cef4555184be226b2e41
SHA256: c94f4b56f5959a284e53938af6125ba0f0e53ca9bd0c9c1113ae88a5c83ea9c3

Audit Items

DescriptionCategories
2.1.1 Backup Policy in Place

CONTINGENCY PLANNING

2.1.2 Verify Backups are Good

CONTINGENCY PLANNING

2.1.3 Secure Backup Credentials

ACCESS CONTROL, CONTINGENCY PLANNING, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.4 The Backups Should be Properly Secured

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.6 Disaster Recovery (DR) Plan

CONTINGENCY PLANNING

2.1.7 Backup of Configuration and Related Files

CONTINGENCY PLANNING

2.2 Dedicate the Machine Running MariaDB

SYSTEM AND COMMUNICATIONS PROTECTION

2.4 Do Not Reuse Usernames

ACCESS CONTROL

2.6 Ensure 'password_lifetime' is Less Than or Equal to '365'

IDENTIFICATION AND AUTHENTICATION

4.2 Ensure Example or Test Databases are Not Installed on Production Servers

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.4 Harden Usage for 'local_infile' on MariaDB Clients

CONFIGURATION MANAGEMENT

4.6 Ensure Symbolic Links are Disabled

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.7 Ensure the 'secure_file_priv' is Configured Correctly

ACCESS CONTROL, MEDIA PROTECTION

5.1 Ensure Only Administrative Users Have Full Database Access

ACCESS CONTROL

5.2 Ensure 'FILE' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.6 Ensure 'CREATE USER' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.7 Ensure 'GRANT OPTION' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.8 Ensure 'REPLICATION SLAVE' is Not Granted to Non-Administrative Users

ACCESS CONTROL, MEDIA PROTECTION

5.9 Ensure DML/DDL Grants are Limited to Specific Databases and Users

ACCESS CONTROL, MEDIA PROTECTION

5.10 Securely Define Stored Procedures and Functions DEFINER and INVOKER

PLANNING, SYSTEM AND SERVICES ACQUISITION

6.1 Ensure 'log_error' is configured correctly

AUDIT AND ACCOUNTABILITY

6.2 Ensure Log Files are Stored on a Non-System Partition

AUDIT AND ACCOUNTABILITY

6.5 Ensure the Audit Plugin Can't be Unloaded

AUDIT AND ACCOUNTABILITY

7.1 Disable use of the mysql_old_password plugin

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure strong authentication is utilized for all accounts

IDENTIFICATION AND AUTHENTICATION

7.4 Ensure Password Complexity Policies are in Place

IDENTIFICATION AND AUTHENTICATION

7.5 Ensure No Users Have Wildcard Hostnames

ACCESS CONTROL, MEDIA PROTECTION

7.6 Ensure No Anonymous Accounts Exist

ACCESS CONTROL

8.1 Ensure 'require_secure_transport' is Set to 'ON' and 'have_ssl' is Set to 'YES'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.2 Ensure 'ssl_type' is Set to 'ANY', 'X509', or 'SPECIFIED' for All Remote Users

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

8.3 Set Maximum Connection Limits for Server and per User

SYSTEM AND COMMUNICATIONS PROTECTION

9.1 Ensure Replication Traffic is Secured

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

9.2 Ensure 'MASTER_SSL_VERIFY_SERVER_CERT' is enabled

CONFIGURATION MANAGEMENT

9.3 Ensure 'super_priv' is Not Set to 'Y' for Replication Users

ACCESS CONTROL

9.5 Ensure mutual TLS is enabled

CONFIGURATION MANAGEMENT

CIS_MariaDB_10.6_Benchmark_v1.1.0_L1_Database.audit from CIS MariaDB 10.6 Benchmark