Oracle MySQL 8.0 STIG Version Comparison

There are 6 differences between versions v1 r5 (Jan. 24, 2024) (the "left" version) and v2 r2 (Oct. 24, 2024) (the "right" version).

Check MYS8-00-009400 was removed from the benchmark in the "right" version. The text below reflects the old wording.

This check's original form is available here.

Title

The MySQL Database Server 8.0 must utilize centralized management of the content captured in audit records generated by all components of the MySQL Database Server 8.0.

Check Content

Review the system documentation for a description of how audit records are off-loaded and how local audit log space is managed. If the MySQL Server audit records are not written directly to or systematically transferred to a centralized log management system, this is a finding.

Discussion

The content captured in audit records must be managed from a central location (necessitating automation). Centralized management of audit records and logs provides for efficiency in maintenance and management of records, as well as the backup and archiving of those records. The MySQL Server writes audit records to files in the file system and this data is available via ReadOnly using functions within the MySQL Server. These files are available via SQL functions or on the filesystem in JSON and XML formats providing compatibility for off-loading audit records to centralized system(s).

Fix

Configure and/or deploy software tools to ensure that MySQL Server audit records are written directly to or systematically transferred to a centralized log management system.