CIS MySQL 5.6 Enterprise Database L1 v2.0.0

Audit Details

Name: CIS MySQL 5.6 Enterprise Database L1 v2.0.0

Updated: 6/27/2023

Authority: CIS

Plugin: MySQLDB

Revision: 1.0

Estimated Item Count: 63

File Details

Filename: CIS_MySQL_5.6_Enterprise_Benchmark_v2.0.0_LEVEL_1_Database.audit

Size: 122 kB

MD5: d5c9c5f23842b4c89ae1cbc649bb727f

SHA256: a09d2e1f27eb30b3636b9dad7513157070f7b91a7d8a947f075652fc946ccebc

Audit Items

Description	Categories
1.1 Place Databases on Non-System Partitions	SYSTEM AND COMMUNICATIONS PROTECTION
2.1.1 Backup Policy in Place	CONTINGENCY PLANNING
2.1.2 Verify Backups are Good	CONTINGENCY PLANNING
2.1.3 Secure Backup Credentials	ACCESS CONTROL, CONTINGENCY PLANNING, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION
2.1.4 The Backups Should be Properly Secured	CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION
2.1.6 Disaster recovery plan	CONTINGENCY PLANNING
2.1.7 Backup of Configuration and Related Files	CONTINGENCY PLANNING
2.2 Dedicate the Machine Running MySQL	SYSTEM AND COMMUNICATIONS PROTECTION
2.4 Do Not Reuse Usernames	ACCESS CONTROL
2.6 Ensure Password Complexity is Configured - validate_password_dictionary_file	IDENTIFICATION AND AUTHENTICATION
2.6 Ensure Password Complexity is Configured - validate_password_length	IDENTIFICATION AND AUTHENTICATION
2.6 Ensure Password Complexity is Configured - validate_password_mixed_case_count	IDENTIFICATION AND AUTHENTICATION
2.6 Ensure Password Complexity is Configured - validate_password_number_count	IDENTIFICATION AND AUTHENTICATION
2.6 Ensure Password Complexity is Configured - validate_password_policy	IDENTIFICATION AND AUTHENTICATION
2.6 Ensure Password Complexity is Configured - validate_password_special_char_count	IDENTIFICATION AND AUTHENTICATION
2.11 Implement Connection Delays to Limit Failed Login Attempts - CONNECTION_CONTROL	ACCESS CONTROL
2.11 Implement Connection Delays to Limit Failed Login Attempts - connection_control_failed_connections_threshold	ACCESS CONTROL
2.11 Implement Connection Delays to Limit Failed Login Attempts - CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS	ACCESS CONTROL
2.11 Implement Connection Delays to Limit Failed Login Attempts - connection_control_max_connection_delay	ACCESS CONTROL
2.11 Implement Connection Delays to Limit Failed Login Attempts - connection_control_min_connection_delay	ACCESS CONTROL
4.1 Ensure the Latest Security Patches are Applied	SYSTEM AND SERVICES ACQUISITION
4.2 Ensure Example or Test Databases are Not Installed on Production Servers	PLANNING, SYSTEM AND SERVICES ACQUISITION
4.4 Ensure 'local_infile' Is Disabled	CONFIGURATION MANAGEMENT
4.6 Ensure Symbolic Links are Disabled	PLANNING, SYSTEM AND SERVICES ACQUISITION
4.7 Ensure the 'daemon_memcached' Plugin Is Disabled	CONFIGURATION MANAGEMENT
4.8 Ensure the 'secure_file_priv' is Configured Correctly	ACCESS CONTROL, MEDIA PROTECTION
5.1 Ensure Only Administrative Users Have Full Database Access	ACCESS CONTROL
5.2 Ensure 'FILE' is Not Granted to Non-Administrative Users	ACCESS CONTROL
5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users	ACCESS CONTROL
5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users	ACCESS CONTROL
5.6 Ensure 'CREATE USER' is Not Granted to Non-Administrative Users	ACCESS CONTROL
5.7 Ensure 'GRANT OPTION' is Not Granted to Non-Administrative Users	ACCESS CONTROL
5.8 Ensure 'REPLICATION SLAVE' is Not Granted to Non-Administrative Users	ACCESS CONTROL, MEDIA PROTECTION
5.9 Ensure DML/DDL Grants Are Limited to Specific Databases and Users	ACCESS CONTROL, MEDIA PROTECTION
5.10 Securely Define Stored Procedures and Functions DEFINER and INVOKER	PLANNING, SYSTEM AND SERVICES ACQUISITION
6.1 Ensure 'log_error' Is Not Empty	AUDIT AND ACCOUNTABILITY
6.2 Ensure Log Files Are Stored on a Non-System Partition	AUDIT AND ACCOUNTABILITY
6.5 Ensure 'audit_log_connection_policy' is Not Set to 'NONE' - NONE	AUDIT AND ACCOUNTABILITY
6.6 Ensure 'audit_log_exclude_accounts' is Set to 'NULL'	AUDIT AND ACCOUNTABILITY
6.7 Ensure 'audit_log_include_accounts' is Set to 'NULL'	AUDIT AND ACCOUNTABILITY
6.8 Ensure 'audit_log_policy' is Set to 'LOGINS'	AUDIT AND ACCOUNTABILITY
6.11 Ensure the Audit Plugin Can't be Unloaded	AUDIT AND ACCOUNTABILITY
7.1 Ensure 'old_passwords' Is Not Set to '1' - ON	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.2 Ensure 'secure_auth' is Set to 'ON' - ON	ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION
7.4 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - '@@global.sql_mode'	PLANNING, SYSTEM AND SERVICES ACQUISITION
7.4 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - '@@session.sql_mode'	PLANNING, SYSTEM AND SERVICES ACQUISITION
7.5 Ensure Passwords are Set for All MySQL Accounts	IDENTIFICATION AND AUTHENTICATION
7.6 Ensure Password Complexity Policies are in Place - 'validate_password_dictionary_file'	IDENTIFICATION AND AUTHENTICATION
7.6 Ensure Password Complexity Policies are in Place - 'validate_password_length'	IDENTIFICATION AND AUTHENTICATION
7.6 Ensure Password Complexity Policies are in Place - 'validate_password_mixed_case_count'	IDENTIFICATION AND AUTHENTICATION

Detections

Analytics

CIS MySQL 5.6 Enterprise Database L1 v2.0.0

Audit Details

File Details

Audit Items