5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users

Information

The SHUTDOWN privilege simply enables use of the shutdown option to the mysqladmin command, which allows a user with the SHUTDOWN privilege the ability to shut down the MariaDB server.

Rationale:

The SHUTDOWN privilege allows principals to shutdown MariaDB. This may be leveraged by an attacker to negatively impact the availability of MariaDB.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Perform the following steps to remediate this setting:

Enumerate the non-administrative users found in the result set of the audit procedure.

For each user, issue the following SQL statement (replace <user> with the non-administrative user):

REVOKE SHUTDOWN ON *.* FROM '<user>';

See Also

https://workbench.cisecurity.org/benchmarks/16527