Backup of Configuration and Related Files
Details It is important to include configuration, log, key, certificates, and customized files in backups. Rationale: Including all configuration, log,...
- Home
- Security Hardening
- CIS MySQL 8.0 Enterprise Linux OS L1 V1.1.0
CIS MySQL 8.0 Enterprise Linux OS L1 V1.1.0
Backup Policy in Place
Details A backup policy should be in place. Rationale: Backing up MySQL databases, including mysql, will help ensure the availability...Dedicate the Machine Running MySQL
Details It is recommended that MySQL Server software be installed on a dedicated server. This architectural consideration affords flexibility in...Disaster Recovery (DR) Plan
Details A disaster recovery plan should be created. MySQL Cluster (group replication), MySQL Replica Sets (asynchronous replication) or both may...Do Not Specify Passwords in the Command Line
Details When a command is executed on the command line, for example mysql -u admin -p password or mysqlsh -u...Ensure ‘audit_log_file’ Has Appropriate Permissions – audit_log_file has Appropriate Permissions and Ownership
Details MySQL can operate using a variety of log files, each used for different purposes. These are the binary log,...Ensure ‘datadir’ Has Appropriate Permissions – datadir Has Appropriate Permissions and Ownership
Details The data directory is the location of the MySQL databases. Rationale: Limiting the accessibility of these objects will protect...Ensure ‘general_log_file’ Has Appropriate Permissions – general_log_file Has Appropriate Permissions and Ownership
Details MySQL can operate using a variety of log files, each used for different purposes. These are the binary log...Ensure ‘log_bin_basename’ Files Have Appropriate Permissions – log_bin_basename Files Have Appropriate Permissions and Ownership
Details MySQL can operate using a variety of log files, each used for different purposes. These are the binary log...Ensure ‘log_error’ Has Appropriate Permissions – log_error Has Appropriate Permissions and Ownership
Details MySQL can operate using a variety of log files, each used for different purposes. These are the binary log...