CIS MySQL 8.0 Community Linux OS L1 v1.0.0

This audit file has been deprecated and will be removed in a future update.

Name: CIS MySQL 8.0 Community Linux OS L1 v1.0.0

Updated: 4/3/2025

Authority: CIS

Plugin: Unix

Revision: 1.2

Estimated Item Count: 26

Filename: CIS_MySQL_8.0_Community_Benchmark_v1.0.0_Level_1_OS_Linux.audit

Size: 44.6 kB

MD5: c7bc0dd7acba368461b19e8c6475c14e

SHA256: eec80c14185277aa0dc4678b0379cc7ef90f191521cb56e78d90689070d361ae

Description	Categories
1.1 Place Databases on Non-System Partitions
1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service
1.4 Verify That the MYSQL_PWD Environment Variable is Not in Use
1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles
2.1.1 Backup Policy in Place
2.1.2 Verify Backups are Good
2.1.3 Secure Backup Credentials
2.1.5 Disaster Recovery (DR) Plan
2.1.6 Backup of Configuration and Related Files
2.3 Dedicate the Machine Running MySQL
2.4 Do Not Specify Passwords in the Command Line
2.6 Ensure Non-Default, Unique Cryptographic Material is in Use
3.1 Ensure 'datadir' Has Appropriate Permissions
3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions
3.3 Ensure 'log_error' Has Appropriate Permissions
3.4 Ensure 'slow_query_log' Has Appropriate Permissions
3.5 Ensure 'relay_log_basename' Files Have Appropriate Permissions
3.6 Ensure 'general_log_file' Has Appropriate Permissions
3.7 Ensure SSL Key Files Have Appropriate Permissions
3.8 Ensure Plugin Directory Has Appropriate Permissions
3.9 Ensure 'audit_log_file' Has Appropriate Permissions
4.4 Harden Usage for 'local_infile' on MySQL Clients
4.5 Ensure 'mysqld' is Not Started With '--skip-grant-tables'
6.4 Ensure 'log-raw' is Set to 'OFF'
7.2 Ensure Passwords are Not Stored in the Global Configuration
CIS_MySQL_8.0_Community_Benchmark_v1.0.0_Level_1_OS_Linux.audit from CIS Oracle MySQL 8.0 Community Edition Benchmark