Ensure ‘log-raw’ is Set to ‘OFF’
Details The log-raw MySQL option determines whether passwords are rewritten by the server so as not to appear in log...
- Home
- Security Hardening
- CIS MySQL 8.0 Enterprise Linux OS L1 V1.1.0
CIS MySQL 8.0 Enterprise Linux OS L1 V1.1.0
Ensure ‘mysqld’ is Not Started With ‘–skip-grant-tables’
Details This option causes mysqld to start without using the privilege system. Rationale: If this option is used, all clients...Ensure Non-Default, Unique Cryptographic Material is in Use
Details The cryptographic material used by MySQL, such as digital certificates and encryption keys, should be used only for MySQL...Ensure Passwords are Not Stored in the Global Configuration
Details The [client] section of the MySQL configuration file allows setting a user and password to be used. Verify the...Ensure Plugin Directory Has Appropriate Permissions
Details The plugin directory is the location of the MySQL plugins. Plugins are storage engines or user defined functions (UDFs)....Ensure ‘relay_log_basename’ Files Have Appropriate Permissions – relay_log_basename Files Have Appropriate Permissions and Ownership
Details MySQL can operate using a variety of log files, each used for different purposes. These are the binary log...Ensure ‘slow_query_log’ Has Appropriate Permissions – slow_query_log Has Appropriate Permissions and Ownership
Details MySQL can operate using a variety of log files, each used for different purposes. These are the binary log...Ensure SSL Key Files Have Appropriate Permissions
Details When configured to use SSL/TLS, MySQL relies on Secure Sockets Layer (SSL) key files, which are stored on the...Place Databases on Non-System Partitions
Details It is generally accepted that host operating systems should include different filesystem partitions for different purposes. One set of...Secure Backup Credentials
Details The password, certificate, and any other credentials should be protected. Rationale: A database user with the least amount of...