Title

The MySQL Server must initiate session auditing upon startup. (Cat II impact)

Discussion

Session auditing is for use when a user's activities are under investigation. To be sure of capturing all activity during those periods when session auditing is in use, it needs to be in operation for the whole time the MySQL Server is running.

Check Content

If Audit Log Components are installed and running in the MySQL Server, the mandatory fields will provide session level detail for users. Verify the audit_log plugin is installed and active: mysql> SHOW PLUGINS; If the audit_log plugin is not found or is disabled, this is a finding. Verify the audit log components are set in the system variables: mysql> SHOW VARIABLES LIKE 'audit_log%'; If the audit_log variables are not configured, this is a finding.

Fix Text

Configure the MySQL Server or third-party product to enable session auditing.

Additional Identifiers

Rule ID:

Vulnerability ID: V-32365

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.