Dedicate Machine Running MySQL
Details The attack surface is reduced on a server with only the underlying operating system, MySQL server software, and any...
- Home
- Security Hardening
- CIS MySQL 5.7 Enterprise Windows OS L1 V1.0.0
CIS MySQL 5.7 Enterprise Windows OS L1 V1.0.0
Do Not Reuse User Accounts
Details Utilizing unique database accounts across applications will reduce the impact of a compromised MySQL account. NOTE: Nessus has not...Do Not Specify Passwords in Command Line
Details If the password is visible in the process list or user’s shell/command history, an attacker will be able to...Ensure ‘audit_log_file’ has Appropriate Permissions and Ownership
Details Limiting the accessibility of these objects will protect the confidentiality, integrity, and availability of the MySQL logs. Solution Execute...Ensure ‘datadir’ Has Appropriate Permissions and Ownership
Details Limiting the accessibility of these objects will protect the confidentiality, integrity, and availability of the MySQL database. If someone...Ensure ‘general_log_file’ Has Appropriate Permissions and Ownership
Details Limiting the accessibility of these objects will protect the confidentiality, integrity, and availability of the MySQL logs. Solution Execute...Ensure ‘log_bin_basename’ Files Have Appropriate Permissions and Ownership
Details Limiting the accessibility of these objects will protect the confidentiality, integrity, and availability of the MySQL logs. Solution Execute...Ensure ‘log_error’ Has Appropriate Permissions and Ownership
Details Limiting the accessibility of these objects will protect the confidentiality, integrity, and availability of the MySQL logs. Solution Execute...Ensure ‘log-raw’ Is Set to ‘OFF’ – C:my.cnf
Details With raw logging of passwords enabled someone with access to the log files might see plain text passwords. Solution...Ensure ‘log-raw’ Is Set to ‘OFF’ – C:my.cnf – Doesn’t Exist
Details With raw logging of passwords enabled someone with access to the log files might see plain text passwords. NOTE:...