STIGQter: STIG Summary: Oracle MySQL 8.0 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021: STIGQter: STIG Summary: Oracle MySQL 8.0 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021:SV-235136r638812_rule
V-235136
SRG-APP-000177-DB-000069
MYS8-00-004900
CAT II
10
Configure the MySQL Database Server 8.0 to map the authenticated identity directly to the MySQL Database Server 8.0 user account.
Alter users to require X509 certificates.
Below is an example to add X509 as a requirement.
For a new user:
CREATE USER 'jeffrey'@'localhost' REQUIRE X509;
AND SUBJECT '/C=US/ST=Texas/L=Houston/O=SomeCompany/CN=Johan Smith'
AND ISSUER '/C=US/ST=Texas/L=Houston/O=SomeCompany/CN=Some CA';
Or to add to an existing user:
ALTER USER 'johansmith'@'%'
REQUIRE X509
AND SUBJECT '/C=US/ST=Texas/L=Houston/O=SomeCompany/CN=Johan Smith'
AND ISSUER '/C=US/ST=Texas/L=Houston/O=SomeCompany/CN=Some CA';
Review MySQL Database Server 8.0 configuration to verify DBMS user accounts are being mapped directly to unique identifying information within the validated PKI certificate.
Confirm Issuer and Subject map to the username. Run the following script:
SELECT `user`.`Host`,
`user`.`User`,
`user`.`ssl_type`,
CAST(`user`.`x509_issuer` as CHAR) as Issuer,
CAST(`user`.`x509_subject` as CHAR) as Subject
FROM `mysql`.`user`;
If user accounts are not being mapped to authenticated identities, this is a finding.
V-235136
False
MYS8-00-004900
Review MySQL Database Server 8.0 configuration to verify DBMS user accounts are being mapped directly to unique identifying information within the validated PKI certificate.
Confirm Issuer and Subject map to the username. Run the following script:
SELECT `user`.`Host`,
`user`.`User`,
`user`.`ssl_type`,
CAST(`user`.`x509_issuer` as CHAR) as Issuer,
CAST(`user`.`x509_subject` as CHAR) as Subject
FROM `mysql`.`user`;
If user accounts are not being mapped to authenticated identities, this is a finding.
M
5277