CIS MySQL 5.6 Community Windows OS L1 v2.0.0

Audit Details

Name: CIS MySQL 5.6 Community Windows OS L1 v2.0.0

Updated: 10/31/2022

Authority: CIS

Plugin: Windows

Revision: 1.0

Estimated Item Count: 51

File Details

Filename: CIS_MySQL_5.6_Community_Benchmark_v2.0.0_OS_MS_L1.audit

Size: 131 kB

MD5: c3e9501b0dfd45471d0f0d9c82176d51
SHA256: d4d5c543744e555d5fcba09e13014f7954917f4519b129c3fcc84369449cab05

Audit Items

DescriptionCategories
1.1 Place Databases on Non-System Partitions

SYSTEM AND COMMUNICATIONS PROTECTION

1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service

ACCESS CONTROL

1.4 Verify That the MYSQL_PWD Environment Variable Is Not In Use

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1 Backup Policy in Place

CONTINGENCY PLANNING

2.1.2 Verify Backups are Good

CONTINGENCY PLANNING

2.1.3 Secure Backup Credentials

ACCESS CONTROL, CONTINGENCY PLANNING, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.4 The Backups Should be Properly Secured

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.6 Disaster Recovery (DR) Plan

CONTINGENCY PLANNING

2.1.7 Backup of Configuration and Related Files

CONTINGENCY PLANNING

2.2 Dedicate the Machine Running MySQL

SYSTEM AND COMMUNICATIONS PROTECTION

2.3 Do Not Specify Passwords in Command Line

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.5 Ensure Non-Default, Unique Cryptographic Material is in Use

SYSTEM AND COMMUNICATIONS PROTECTION

3.1 Ensure 'datadir' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.3 Ensure 'log_error' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.4 Ensure 'slow_query_log' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.5 Ensure 'relay_log_basename' Files Have Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.6 Ensure 'general_log_file' Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.7 Ensure SSL Key Files Have Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

3.8 Ensure Plugin Directory Has Appropriate Permissions

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - @[email protected]\my.cnf

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - @[email protected]\my.ini

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - %PROGRAMDATA%\MySQL\MySQL Server 5.6\my.cnf

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - %PROGRAMDATA%\MySQL\MySQL Server 5.6\my.ini Exists

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - %WINDIR%\my.cnf

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - %WINDIR%\my.ini

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - C:\my.cnf

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - C:\my.ini

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - C:\Program Files\MySQL\MySQL Server 5.6\my.cnf

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - C:\Program Files\MySQL\MySQL Server 5.6\my.ini

ACCESS CONTROL, MEDIA PROTECTION

4.5 Ensure 'mysqld' is Not Started with '--skip-grant-tables' - MySQL Service Registry Entry

ACCESS CONTROL, MEDIA PROTECTION

6.4 Ensure 'log-raw' Is Set to 'OFF' - @[email protected]\my.cnf

MEDIA PROTECTION

6.4 Ensure 'log-raw' Is Set to 'OFF' - @[email protected]\my.ini

MEDIA PROTECTION

6.4 Ensure 'log-raw' Is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.6\my.cnf

MEDIA PROTECTION

6.4 Ensure 'log-raw' Is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.6\my.ini Exists

MEDIA PROTECTION

6.4 Ensure 'log-raw' Is Set to 'OFF' - %WINDIR%\my.cnf

MEDIA PROTECTION

6.4 Ensure 'log-raw' Is Set to 'OFF' - %WINDIR%\my.ini

MEDIA PROTECTION

6.4 Ensure 'log-raw' Is Set to 'OFF' - C:\my.cnf

MEDIA PROTECTION

6.4 Ensure 'log-raw' Is Set to 'OFF' - C:\my.ini

MEDIA PROTECTION

6.4 Ensure 'log-raw' Is Set to 'OFF' - C:\Program Files\MySQL\MySQL Server 5.6\my.cnf

MEDIA PROTECTION

6.4 Ensure 'log-raw' Is Set to 'OFF' - C:\Program Files\MySQL\MySQL Server 5.6\my.ini

MEDIA PROTECTION

7.3 Ensure Passwords Are Not Stored in the Global Configuration

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure Passwords Are Not Stored in the Global Configuration - %PROGRAMDATA%\MySQL\MySQL Server 5.6\my.cnf

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure Passwords Are Not Stored in the Global Configuration - %PROGRAMDATA%\MySQL\MySQL Server 5.6\my.ini

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure Passwords Are Not Stored in the Global Configuration - %WINDIR%\my.cnf

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure Passwords Are Not Stored in the Global Configuration - %WINDIR%\my.ini

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure Passwords Are Not Stored in the Global Configuration - C:\my.ini

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure Passwords Are Not Stored in the Global Configuration - C:\Program Files\MySQL\MySQL Server 5.6\my.cnf

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.3 Ensure Passwords Are Not Stored in the Global Configuration - C:\Program Files\MySQL\MySQL Server 5.6\my.ini

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION