6.4 Ensure 'log-raw' Is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.6\my.cnf

Information

The log-raw MySQL option determines whether passwords are rewritten by the server so as not to appear in log files as plain text. If log-raw is enabled, then passwords are written to the various log files (general query log, slow query log, and binary log) in plain text.

Rationale:

With raw logging of passwords enabled someone with access to the log files might see plain text passwords.

Solution

Perform the following actions to remediate this setting:

Open the MySQL configuration file (my.cnf)

Find the log-raw entry and set it as follows

log-raw = OFF

Default Value:

OFF

See Also

https://workbench.cisecurity.org/files/3848

Item Details

Category: MEDIA PROTECTION

References: 800-53|MP-6, CSCv7|13.2

Plugin: Windows

Control ID: 1b522c7e8870985a8aa2dd0f34339b17f47ba20384dd27b817b3fad2ac0e360e