1.5 Disable Interactive Login

Information

Preventing the MySQL user from logging in interactively may reduce the impact of a compromised MySQL account. There is also more accountability as accessing the operating system where the MySQL server lies will require the user's own account. Interactive access by the MySQL user is unnecessary and should be disabled.

Solution

Perform the following steps to remediate this setting: Execute one of the following commands in a terminal usermod -s /bin/false usermod -s /sbin/nologin Impact: This setting will prevent the MySQL administrator from interactively logging into the operating system using the MySQL user. Instead, the administrator will need to log in using one's own account.

See Also

https://workbench.cisecurity.org/files/1619

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-6(7)(b)

Plugin: Windows

Control ID: d700d6a0dc66dee22bd63205aacf05930ba8d6691d03379f9c1ca2540b927c8d