Details
The plugin directory is the location of the MySQL plugins. Plugins are storage engines or user defined functions (UDFs).
Rationale:
Limiting the accessibility of these objects will protect the confidentiality, integrity, and availability of the MySQL database. If someone can modify plugins then these plugins might be loaded when the server starts and the code will get executed.
Impact:
Users other than the MySQL user will no longer be able to update and add/remove plugins unless they’re able to switch to the MySQL user.
Solution
To remediate these settings, execute the following commands at a terminal prompt using the plugin_dir Value from the audit procedure. MySQL server must not be allowed to write to this location.
chmod 550
chown mysql:mysql
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Media Protection.This control applies to the following type of system Unix.