CIS MySQL 5.7 Enterprise Linux OS L1 v1.0.0

Audit Details

Name: CIS MySQL 5.7 Enterprise Linux OS L1 v1.0.0

Updated: 4/25/2022

Authority: CIS

Plugin: Unix

Revision: 1.14

Estimated Item Count: 29

File Details

Filename: CIS_MySQL_5.7_Enterprise_Benchmark_v1.0.0_Level_1_OS_Linux.audit

Size: 52.2 kB

MD5: 66e56adc33e426dfec7411141ca9e1f7
SHA256: f9f4fcefcb9e599c48349b2c4e3c9888566eebde75ad0f122f6a4ea98eba8b09

Audit Items

DescriptionCategories
1.1 Place Databases on Non-System Partitions

CONFIGURATION MANAGEMENT

1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service

ACCESS CONTROL

1.4 Verify that 'MYSQL_PWD' Is Not Set

IDENTIFICATION AND AUTHENTICATION

2.1 Dedicate Machine Running MySQL
2.2 Do Not Specify Passwords in Command Line - History

IDENTIFICATION AND AUTHENTICATION

2.2 Do Not Specify Passwords in Command Line - Process Listing
2.3 Do Not Reuse User Accounts
3.1 Ensure 'datadir' Has Appropriate Permissions and Ownership
3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions and Ownership
3.3 Ensure 'log_error' Has Appropriate Permissions and Ownership
3.4 Ensure 'slow_query_log' Has Appropriate Permissions and Ownership
3.5 Ensure 'relay_log_basename' Files Have Appropriate Permissions and Ownership
3.6 Ensure 'general_log_file' Has Appropriate Permissions and Ownership
3.7 Ensure SSL Key Files Have Appropriate Permissions and Ownership
3.8 Ensure Plugin Directory Has Appropriate Permissions and Ownership
3.9 Ensure 'audit_log_file' has Appropriate Permissions and Ownership
4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables'
4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables' - @[email protected]/my.cnf

ACCESS CONTROL

4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables' - /etc/my.cnf

ACCESS CONTROL

4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables' - /etc/mysql/my.cnf

ACCESS CONTROL

6.4 Ensure 'log-raw' Is Set to 'OFF' - @[email protected]/my.cnf

CONFIGURATION MANAGEMENT

6.4 Ensure 'log-raw' Is Set to 'OFF' - @[email protected]
6.4 Ensure 'log-raw' Is Set to 'OFF' - /etc/my.cnf

CONFIGURATION MANAGEMENT

6.4 Ensure 'log-raw' Is Set to 'OFF' - /etc/mysql/my.cnf

CONFIGURATION MANAGEMENT

7.3 Ensure Passwords Are Not Stored in the Global Configuration
7.3 Ensure Passwords Are Not Stored in the Global Configuration - @[email protected]/my.cnf

IDENTIFICATION AND AUTHENTICATION

7.3 Ensure Passwords Are Not Stored in the Global Configuration - /etc/my.cnf

IDENTIFICATION AND AUTHENTICATION

7.3 Ensure Passwords Are Not Stored in the Global Configuration - /etc/mysql/my.cnf

IDENTIFICATION AND AUTHENTICATION

MySQL 5.7 Enterprise Edition is installed

CONFIGURATION MANAGEMENT