STIGQter: STIG Summary: Oracle MySQL 8.0 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021:

The MySQL Database Server 8.0 must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

DISA Rule

SV-235173r638812_rule

Vulnerability Number

V-235173

Group Title

SRG-APP-000357-DB-000316

Rule Version

MYS8-00-009600

Severity

CAT II

CCI(s)

• CCI-001849 - The organization allocates audit record storage capacity in accordance with organization-defined audit record storage requirements.

Weight

10

Fix Recommendation

Review the MySQL Audit file location, ensure the destination has enough space available to accommodate the maximum total size of all files that could be written.

Use a script or third-party tool to manage the maximum number of audit log files that are to be stored, staying within the number of logs the system was sized to support.

Use compression and JSON format to reduce file growth.

Update the location for audit_log_file in the MySQL configuration file, for example:
[mysqld]
audit-log-file=/var/log/mysql/audit.log
audit-log-format=JSON
audit-log-compression=GZIP

Check Contents

Check the server documentation for the SQL Audit file size configurations. Locate the Audit file path and drive.

SELECT VARIABLE_NAME, VARIABLE_VALUE
FROM performance_schema.global_variables
WHERE VARIABLE_NAME = 'audit_log_file'
OR VARIABLE_NAME= 'datadir'
OR VARIABLE_NAME = 'audit_log_rotate_on_size';

If the value of audit_log_file contains a path, for example:
/var/log/mysql/audit.log
This is the location of the audit log, and the location to assess the storage capacity.

If the value of audit_log_file is the filename alone, for example:
audit.log
The audit logs are located in the path returned by datadir.

Calculate the space needed based on the audit file size and number of audit files to be stored simultaneously.

Note that MySQL does not delete log files; that requires third-party tools or custom scripts.

If the calculated product of the "audit_log_rotate_on_size" times the number of audit files allowed will exceed the size of the storage location, this is a finding.

Vulnerability Number

V-235173

Documentable

False

Rule Version

MYS8-00-009600

Severity Override Guidance

Check the server documentation for the SQL Audit file size configurations. Locate the Audit file path and drive.

SELECT VARIABLE_NAME, VARIABLE_VALUE
FROM performance_schema.global_variables
WHERE VARIABLE_NAME = 'audit_log_file'
OR VARIABLE_NAME= 'datadir'
OR VARIABLE_NAME = 'audit_log_rotate_on_size';

If the value of audit_log_file contains a path, for example:
/var/log/mysql/audit.log
This is the location of the audit log, and the location to assess the storage capacity.

If the value of audit_log_file is the filename alone, for example:
audit.log
The audit logs are located in the path returned by datadir.

Calculate the space needed based on the audit file size and number of audit files to be stored simultaneously.

Note that MySQL does not delete log files; that requires third-party tools or custom scripts.

If the calculated product of the "audit_log_rotate_on_size" times the number of audit files allowed will exceed the size of the storage location, this is a finding.

Check Content Reference

M

Target Key

5277

Comments