STIGQter: STIG Summary: Oracle MySQL 8.0 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021:

The MySQL Database Server 8.0 must include additional, more detailed, organizationally defined information in the audit records for audit events identified by type, location, or subject.

DISA Rule

SV-235098r638812_rule

Vulnerability Number

V-235098

Group Title

SRG-APP-000101-DB-000044

Rule Version

MYS8-00-000800

Severity

CAT II

CCI(s)

• CCI-000135 - The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records.

Weight

10

Fix Recommendation

Design and deploy an audit configuration that captures all auditable events and data items.

Create rule
SELECT audit_log_filter_set_filter('log_all', '{ "filter": { "log": true } }');
SELECT audit_log_filter_set_user('%', 'log_all');

If a third-party tool is used for auditing, it must contain all the required information including, but not limited to, events, type, location, subject, date and time and by whom the change occurred.

Implement additional custom audits to capture the additional organizationally required information.

Check Contents

If a MySQL Server Audit is not in use for audit purposes, this is a finding unless a third-party product is being used that can perform detailed auditing for MySQL Server.

Review system documentation to determine whether MySQL Server is required to audit any events and any fields, in addition to those in the standard audit.

If there are none specified, this is not a finding.

If MySQL Server Audit is in use, compare the audit specification(s) with the documented requirements.

If any such requirement is not satisfied by the audit specification(s) (or by supplemental, locally-deployed mechanisms), this is a finding.

Vulnerability Number

V-235098

Documentable

False

Rule Version

MYS8-00-000800

Severity Override Guidance

If a MySQL Server Audit is not in use for audit purposes, this is a finding unless a third-party product is being used that can perform detailed auditing for MySQL Server.

Review system documentation to determine whether MySQL Server is required to audit any events and any fields, in addition to those in the standard audit.

If there are none specified, this is not a finding.

If MySQL Server Audit is in use, compare the audit specification(s) with the documented requirements.

If any such requirement is not satisfied by the audit specification(s) (or by supplemental, locally-deployed mechanisms), this is a finding.

Check Content Reference

M

Target Key

5277

Comments