Detections
Analytics

CIS MariaDB 10.6 on Linux L1 v1.1.0

Audit Details

Name: CIS MariaDB 10.6 on Linux L1 v1.1.0

Updated: 5/6/2024

Authority: CIS

Plugin: Unix

Revision: 1.0

Estimated Item Count: 24

File Details

Filename: CIS_MariaDB_10.6_Benchmark_v1.1.0_L1_Linux_OS.audit

Size: 59.9 kB

MD5: f93f5d7dd3e74fb18cfc297e81ff3105
SHA256: f8b05ec91de24cfd6922808e97bc669a1ae206509254785a4fd3d76a9f81bced

Audit Items

DescriptionCategories
1.1 Place Databases on Non-System Partitions

SYSTEM AND COMMUNICATIONS PROTECTION

1.2 Use Dedicated Least Privileged Account for MariaDB Daemon/Service

ACCESS CONTROL, MEDIA PROTECTION

1.4 Verify That the MYSQL_PWD Environment Variable is Not in Use

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1 Backup Policy in Place

CONTINGENCY PLANNING

2.3 Do Not Specify Passwords in the Command Line

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.5 Ensure Non-Default, Unique Cryptographic Material is in Use

SYSTEM AND COMMUNICATIONS PROTECTION

3.1 Ensure 'datadir' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.3 Ensure 'log_error' Has Appropriate Permissions

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.4 Ensure 'slow_query_log' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.5 Ensure 'relay_log_basename' Files Have Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.6 Ensure 'general_log_file' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.7 Ensure SSL Key Files Have Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.8 Ensure Plugin Directory Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.9 Ensure 'server_audit_file_path' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.10 Ensure File Key Management Encryption Plugin files have appropriate permissions

ACCESS CONTROL, MEDIA PROTECTION

4.1 Ensure the Latest Security Patches are Applied

SYSTEM AND SERVICES ACQUISITION

4.4 Harden Usage for 'local_infile' on MariaDB Clients

CONFIGURATION MANAGEMENT

4.5 Ensure mariadb is Not Started With 'skip-grant-tables'

ACCESS CONTROL, MEDIA PROTECTION

5.1 Ensure Only Administrative Users Have Full Database Access

ACCESS CONTROL

5.2 Ensure 'FILE' is Not Granted to Non-Administrative Users

ACCESS CONTROL

7.2 Ensure Passwords are Not Stored in the Global Configuration

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

CIS_MariaDB_10.6_Benchmark_v1.1.0_L1_Linux_OS.audit from CIS MariaDB 10.6 Benchmark