Title

MariaDB must record time stamps, in audit records and application data, that can be mapped to Coordinated Universal Time (UTC, formerly GMT). (Cat II impact)

Discussion

If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis. Time stamps generated by MariaDB must include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. Some DBMS products offer a data type called TIMESTAMP that is not a representation of date and time. Rather, it is a database state counter and does not correspond to calendar and clock time. This requirement does not refer to that meaning of TIMESTAMP.

Check Content

Check the current timezone value by running the following command as an administrative user: MariaDB> SHOW GLOBAL VARIABLES LIKE '%zone%'; If time_zone = SYSTEM, and system_time_zone is not equal to UTC, this is a finding. If time_zone is not SYSTEM and is not UTC, this is a finding.

Fix Text

On the OS command line run the following command to get the time zone the system is in: date | awk '{print $5;}' If the system is in UTC, to set the time zone for timestamps to UTC, modify the MariaDB configuration file located within /etc/my.cnf.d/ and set the variable time_zone to SYSTEM under the server section. Restart MariaDB Enterprise Server. Example: [server] Timezone = SYSTEM If the OS system timezone is not set to UTC, to set the time zone for timestamps to UTC, modify the MariaDB configuration file located within /etc/my.cnf.d/ and set the variable time_zone to UTC under the server section. Restart MariaDB Enterprise Server. Example: [server] Timezone = UTC

Additional Identifiers

Rule ID: SV-253730r879747_rule

Vulnerability ID: V-253730

Group Title: SRG-APP-000374-DB-000322

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.