3.9 Ensure 'audit_log_file' has Appropriate Permissions

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

MySQL can operate using a variety of log files, each used for different purposes. These are the binary log, error log, slow query log, relay log, audit log and general log. Because these are files on the host operating system, they are subject to the permissions structure provided by the host and may be accessible by users other than the MySQL user.

Solution

Execute the following command for the audit_log_file discovered in the audit procedure:
chmod 660 <audit_log_file>
chown mysql:mysql <audit_log_file>

See Also

https://workbench.cisecurity.org/files/1622