STIGQter: STIG Summary: Jamf Pro v10.x EMM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 03 Feb 2020: STIGQter: STIG Summary: Jamf Pro v10.x EMM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 03 Feb 2020:SV-108707r1_rule
V-99603
PP-MDM-991000
JAMF-10-100100
CAT II
10
Create separate MySQL user accounts with limited privileges within Jamf Pro EMM.
The procedures for creating user accounts and assigning account privileges are found in the following Jamf Knowledge Base articles:
MySQL 8.0: https://dev.mysql.com/doc/refman/8.0/en/creating-accounts.html
MySQL 5.7: https://dev.mysql.com/doc/refman/5.7/en/creating-accounts.html
Following is a list MySQL privileges that are required for different types of environments:
- For a standalone web application or the master node in clustered environments:
INSERT, SELECT, UPDATE, DELETE, CREATE, DROP, ALTER, INDEX, LOCK TABLES
- For a child node in clustered environments:
INSERT, SELECT, UPDATE, DELETE, DROP, LOCK TABLES
- To view connections from cluster nodes with different MySQL users:
PROCESS
Note: The "PROCESS" privilege requires the use of "*.*".
Verify separate MySQL user accounts with limited privileges have been created within Jamf Pro EMM.
In MySQL, execute the following command:
show grants for username@localhost;
Verify the privileges match what is in the Jamf Knowledge Base article.
If separate MySQL user accounts with limited privileges have not been created within Jamf Pro EMM, this is a finding.
V-99603
False
JAMF-10-100100
Verify separate MySQL user accounts with limited privileges have been created within Jamf Pro EMM.
In MySQL, execute the following command:
show grants for username@localhost;
Verify the privileges match what is in the Jamf Knowledge Base article.
If separate MySQL user accounts with limited privileges have not been created within Jamf Pro EMM, this is a finding.
M
3593