Details

Limiting the accessibility of these objects will protect the confidentiality, integrity, and availability of the MySQL database and the communication with the client. If the contents of the SSL key file is known to an attacker he or she might impersonate the server. This can be used for a man-in-the-midddle attack. Depending on the SSL ciphersuite the key might also be used to decipher previously captured network traffic.

Solution

Execute the following commands at a terminal prompt to remediate these settings using the Value from the audit procedure: chown mysql:mysql chmod 400 Impact: If the permissions or ownership for the key file are changed incorrectly this can cause SSL to be disabled when MySQL is restarted or can cause MySQL not to start at all. If other applications are using the same keypair then changing the permissions or ownership of the key file will affect this application. If this is the case then a new keypair must be generated for MySQL.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/1619

This control applies to the following type of system Unix.

Source

• Tenable.com/audits