CIS MySQL 5.7 Linux OS L1 v1.0.0

Audit Details

Name: CIS MySQL 5.7 Linux OS L1 v1.0.0

Updated: 4/25/2022

Authority: CIS

Plugin: Unix

Revision: 1.18

Estimated Item Count: 36

File Details

Filename: CIS_MySQL_5.7_Community_Benchmark_v1.0.0_OS_UNIX_L1.audit

Size: 53.8 kB

MD5: cecef266e97fc33d55a915b14913e3ab
SHA256: 26a047e0599750d4c38e540087ffdce7fb45a109c54ac56349326e820456f36f

Audit Items

DescriptionCategories
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service

ACCESS CONTROL

1.4 Verify That the MYSQL_PWD Environment Variables Is Not In Use

IDENTIFICATION AND AUTHENTICATION

1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .bash_profile

IDENTIFICATION AND AUTHENTICATION

1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .bashrc

IDENTIFICATION AND AUTHENTICATION

1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .profile

IDENTIFICATION AND AUTHENTICATION

2.1.1 Backup policy in place
2.1.2 Verify backups are good
2.1.3 Secure backup credentials
2.1.4 The backups should be properly secured
2.1.6 Disaster recovery plan
2.1.7 Backup of configuration and related files
2.2 Dedicate Machine Running MySQL
2.3 Do Not Specify Passwords in Command Line
2.4 Do Not Reuse Usernames
3.1 Ensure 'datadir' Has Appropriate Permissions
3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions
3.3 Ensure 'log_error' Has Appropriate Permissions
3.4 Ensure 'slow_query_log' Has Appropriate Permissions
3.5 Ensure 'relay_log_basename' Files Have Appropriate Permissions
3.6 Ensure 'general_log_file' Has Appropriate Permissions
3.7 Ensure SSL Key Files Have Appropriate Permissions
3.8 Ensure Plugin Directory Has Appropriate Permissions
4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables'
4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables' - @[email protected]

ACCESS CONTROL

4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables' - /etc/my.cnf

ACCESS CONTROL

4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables' - /etc/mysql/my.cnf

ACCESS CONTROL

6.5 Ensure 'log-raw' Is Set to 'OFF' - @[email protected]/my.cnf

CONFIGURATION MANAGEMENT

6.5 Ensure 'log-raw' Is Set to 'OFF' - @[email protected]/my.cnf failed
6.5 Ensure 'log-raw' Is Set to 'OFF' - @[email protected]
6.5 Ensure 'log-raw' Is Set to 'OFF' - /etc/my.cnf

CONFIGURATION MANAGEMENT

6.5 Ensure 'log-raw' Is Set to 'OFF' - /etc/mysql/my.cnf

CONFIGURATION MANAGEMENT

7.1 Ensure Passwords Are Not Stored in the Global Configuration
7.1 Ensure Passwords Are Not Stored in the Global Configuration - @[email protected]/my.cnf

IDENTIFICATION AND AUTHENTICATION

7.1 Ensure Passwords Are Not Stored in the Global Configuration - /etc/my.cnf

IDENTIFICATION AND AUTHENTICATION

7.1 Ensure Passwords Are Not Stored in the Global Configuration - /etc/mysql/my.cnf

IDENTIFICATION AND AUTHENTICATION

MySQL 5.7 Community Edition is installed

CONFIGURATION MANAGEMENT