1.5 Disable Interactive Login


Preventing the MySQL user from logging in interactively may reduce the impact of a compromised MySQL account. There is also more accountability as accessing the operating system where the MySQL server lies will require the user's own account. Interactive access by the MySQL user is unnecessary and should be disabled.


Perform the following steps to remediate this setting: Execute one of the following commands in a terminal usermod -s /bin/false usermod -s /sbin/nologin Impact: This setting will prevent the MySQL administrator from interactively logging into the operating system using the MySQL user. Instead, the administrator will need to log in using one's own account.

See Also


Item Details


References: 800-53|AC-6(7)(b)

Plugin: Windows

Control ID: d700d6a0dc66dee22bd63205aacf05930ba8d6691d03379f9c1ca2540b927c8d