Details

Session auditing is for use when a user’s activities are under investigation. To be sure of capturing all activity during those periods when session auditing is in use, it needs to be in operation for the whole time the Database Management System (DBMS) is running.

Solution

Configure the MySQL Audit to automatically start during system startup.
Add to the my.cnf:

[mysqld]
plugin-load-add=audit_log.so
audit-log=FORCE_PLUS_PERMANENT
audit-log-format=JSON

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_MySQL_8-0_V1R2_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.

References

• 800-53|AU-14(1)
• CAT|II
• CCI|CCI-001464
• Rule-ID|SV-235159r623599_rule
• STIG-ID|MYS8-00-007800
• Vuln-ID|V-235159

Source

• Tenable.com/audits