InformationOn Linux/UNIX, the MySQL client and MySQL Shell log statements executed interactively to a history file. The default MySQL Client file is named .mysql_history in the user's home directory. The files are split by language and named history.sql, history.js and history.py. Most interactive commands run in the MySQL client application are saved to a history file. The MySQL command history should be disabled. By default, the MySQL Shell does not save history between sessions.
Disabling the MySQL Client and MySQL Shell command history reduces the probability of exposing sensitive information, such as passwords, encryption keys, or other sensitive data or information.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
SolutionPerform the following steps to remediate this setting:
Remove .mysql_history if it exists.
Use either of the techniques below to prevent it from being created again:
Set the MYSQL_HISTFILE environment variable to /dev/null. This will need to be placed in the shell's startup script.
Create $HOME/.mysql_history as a symbolic to /dev/null.
> ln -s /dev/null $HOME/.mysql_history
Another way to prevent history from being recorded is to use --batch option.
By default, the MySQL command history file is located in $HOME/.mysql_history.