Detections
Analytics
MADB-10-011200 - MariaDB must generate audit records when successful logons or connections occur.
Information
For completeness of forensic analysis, it is necessary to track who/what (a user or other principal) logs on to the DBMS.NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Edit the necessary filters to include connect_events connect. Example:MariaDB> DELETE FROM mysql.server_audit_filters WHERE filtername = 'default';
MariaDB> INSERT INTO mysql.server_audit_filters (filtername, rule)
VALUES ('default',
JSON_COMPACT(
'{
'connect_event': [
'CONNECT',
'DISCONNECT'
]
}'
));
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MariaDB_Enterprise_10-x_V2R4_STIG.zip
Item Details
Audit Name: DISA MariaDB Enterprise 10.x v2r4 DB
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-12c., CAT|II, CCI|CCI-000172, Rule-ID|SV-253764r961824_rule, STIG-ID|MADB-10-011200, Vuln-ID|V-253764
Plugin: MySQLDB
Control ID: d8b66bc0427288a1771700ac593138a0bf4755c0bc0fb4cd2e7847e44565c130