Details
MySQL can operate using a variety of log files, each used for different purposes. These are the binary log, error log, slow query log, relay log, audit log and general log. Because these are files on the host operating system, they are subject to the permissions and ownership structure provided by the host and may be accessible by users other than the MySQL user.
Rationale:
Limiting the accessibility of these objects will protect the confidentiality, integrity, and availability of the MySQL logs.
Impact:
Changing the permissions and ownership of the audit log file may have an impact on who can access and edit the audit log. Such changes can affect monitoring tools which maybe using a log file adapter or scripted alternatives. Also, the audit log may be used for alerting by infrastructure teams which can affect real-time audit capability.
Solution
Execute the following commands for the audit_log_file discovered in the audit procedure:
chmod 660
chown mysql:mysql
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Media Protection.This control applies to the following type of system Unix.