Detections
Analytics

CIS MySQL 8.0 Enterprise Database L1 v1.3.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS MySQL 8.0 Enterprise Database L1 v1.3.0

Updated: 4/3/2025

Authority: CIS

Plugin: MySQLDB

Revision: 1.4

Estimated Item Count: 47

Audit Items

DescriptionCategories
1.1 Place Databases on Non-System Partitions
2.5 Do Not Reuse Usernames
2.7 Ensure 'password_lifetime' is Less Than or Equal to '365'
2.8 Ensure Password Resets Require Strong Passwords
2.18 Implement Connection Delays to Limit Failed Login Attempts
3.1 Ensure 'datadir' Has Appropriate Permissions
3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions
3.3 Ensure 'log_error' Has Appropriate Permissions
3.4 Ensure 'slow_query_log' Has Appropriate Permissions
3.5 Ensure 'relay_log_basename' Files Have Appropriate Permissions
3.6 Ensure 'general_log_file' Has Appropriate Permissions
3.7 Ensure SSL Key Files Have Appropriate Permissions
3.8 Ensure Plugin Directory Has Appropriate Permissions
3.9 Ensure 'audit_log_file' Has Appropriate Permissions
4.1 Ensure the Latest Security Patches are Applied
4.2 Ensure Example or Test Databases are Not Installed on Production Servers
4.4 Harden Usage for 'local_infile' on MySQL Clients
4.6 Ensure Symbolic Links are Disabled
4.7 Ensure the 'daemon_memcached' Plugin is Disabled
4.8 Ensure the 'secure_file_priv' is Configured Correctly
5.1 Ensure Only Administrative Users Have Full Database Access
5.2 Ensure 'FILE' is Not Granted to Non-Administrative Users
5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users
5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users
5.6 Ensure 'CREATE USER' is Not Granted to Non-Administrative Users
5.7 Ensure 'GRANT OPTION' is Not Granted to Non-Administrative Users
5.8 Ensure 'REPLICATION SLAVE' is Not Granted to Non-Administrative Users
5.9 Ensure DML/DDL Grants are Limited to Specific Databases and Users
5.10 Securely Define Stored Procedures and Functions DEFINER and INVOKER
6.1 Ensure 'log_error' is configured correctly
6.2 Ensure Log Files are Stored on a Non-System Partition
6.5 Ensure Audit Filters Capture Connection Attempts
6.8 Ensure the Audit Plugin Can't be Unloaded
7.1 Ensure default_authentication_plugin is Set to a Secure Option
7.3 Ensure Passwords are Set for All MySQL Accounts
7.4 Set 'default_password_lifetime' to Require a Yearly Password Change
7.5 Ensure Password Complexity Policies are in Place
7.6 Ensure No Users Have Wildcard Hostnames
7.7 Ensure No Anonymous Accounts Exist
8.1 Ensure 'require_secure_transport' is Set to 'ON' and/or 'have_ssl' is Set to 'YES'
8.2 Ensure 'ssl_type' is Set to 'ANY', 'X509', or 'SPECIFIED' for All Remote Users
8.3 Set Maximum Connection Limits for Server and per User
9.1 Ensure Replication Traffic is Secured
9.2 Ensure 'SOURCE_SSL_VERIFY_SERVER_CERT' is Set to 'YES' or '1'
9.4 Ensure 'super_priv' is Not Set to 'Y' for Replication Users
10.1 Ensure All Group Replication Traffic is Secured
CIS_MySQL_8.0_Enterprise_Benchmark_v1.3.0_Level_1_Database.audit from CIS Oracle MySQL 8.0 Enterprise Edition Benchmark