CIS MySQL 5.7 Linux OS L1 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS MySQL 5.7 Linux OS L1 v1.0.0

Updated: 12/7/2022

Authority: Operating Systems and Applications

Plugin: Unix

Revision: 1.20

Estimated Item Count: 36

File Details

Filename: CIS_MySQL_5.7_Community_Benchmark_v1.0.0_OS_UNIX_L1.audit

Size: 48.9 kB

MD5: 21a613d49f275319eff3476da7894495
SHA256: 7eb26375cde8045f87ae9c30b0c52fcdaa4eeb58c18f6684c25465003058c4cb

Audit Items

DescriptionCategories
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service
1.4 Verify That the MYSQL_PWD Environment Variables Is Not In Use
1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .bash_profile
1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .bashrc
1.6 Verify That 'MYSQL_PWD' Is Not Set In Users' Profiles - .profile
2.1.1 Backup policy in place
2.1.2 Verify backups are good
2.1.3 Secure backup credentials
2.1.4 The backups should be properly secured
2.1.6 Disaster recovery plan
2.1.7 Backup of configuration and related files
2.2 Dedicate Machine Running MySQL
2.3 Do Not Specify Passwords in Command Line
2.4 Do Not Reuse Usernames
3.1 Ensure 'datadir' Has Appropriate Permissions
3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions
3.3 Ensure 'log_error' Has Appropriate Permissions
3.4 Ensure 'slow_query_log' Has Appropriate Permissions
3.5 Ensure 'relay_log_basename' Files Have Appropriate Permissions
3.6 Ensure 'general_log_file' Has Appropriate Permissions
3.7 Ensure SSL Key Files Have Appropriate Permissions
3.8 Ensure Plugin Directory Has Appropriate Permissions
4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables'
4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables' - /etc/my.cnf
4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables' - /etc/mysql/my.cnf
4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables' - SYSCONFDIRmy.cnf
6.5 Ensure 'log-raw' Is Set to 'OFF' - /etc/my.cnf
6.5 Ensure 'log-raw' Is Set to 'OFF' - /etc/mysql/my.cnf
6.5 Ensure 'log-raw' Is Set to 'OFF' - SYSCONFDIR/my.cnf
6.5 Ensure 'log-raw' Is Set to 'OFF' - SYSCONFDIR/my.cnf failed
6.5 Ensure 'log-raw' Is Set to 'OFF' - SYSCONFDIRmy.cnf
7.1 Ensure Passwords Are Not Stored in the Global Configuration
7.1 Ensure Passwords Are Not Stored in the Global Configuration - /etc/my.cnf
7.1 Ensure Passwords Are Not Stored in the Global Configuration - /etc/mysql/my.cnf
7.1 Ensure Passwords Are Not Stored in the Global Configuration - SYSCONFDIR/my.cnf
MySQL 5.7 Community Edition is installed