Open navigation menu

Welcome to Scribd!

MYSQL CISBenchmark Security Controls To Be Applied On MySQL Clusters

Uploaded by

0% found this document useful (0 votes)

1 views3 pages

Original Title

MYSQL CISBenchmark Security Controls to Be Applied on MySQL Clusters

Copyright

© © All Rights Reserved

Available Formats

DOCX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

© All Rights Reserved

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as docx, pdf, or txt

0% found this document useful (0 votes)

1 views3 pages

MYSQL CISBenchmark Security Controls To Be Applied On MySQL Clusters

Uploaded by

Copyright:

© All Rights Reserved

Available Formats

Download as DOCX, PDF, TXT or read online from Scribd

Flag for inappropriate content

Download as docx, pdf, or txt

Jump to Page

You are on page 1of 3

Search inside document

MYSQL CISBenchmark Security Controls to be applied on MySQL Clusters

1. Ensure 'password_lifetime' is Less Than or Equal to '365'

INSTALL COMPONENT 'file://component_validate_password';

set persist default_password_lifetime = 365;

2. Ensure Password Complexity is Configured

set persist validate_password.check_user_name='ON';

set persist validate_password.dictionary_file='<FILENAME OF DICTIONARY FILE>';

set persist validate_password.length=14;

set persist validate_password.mixed_case_count=1;

set persist validate_password.special_char_count=1;

set persist validate_password.number_count=1;

3. Ensure Password Resets Require Strong Passwords

SET PERSIST password_history = 5;

SET PERSIST password_reuse_interval = 365;

4. Implement Connection Delays to Limit Failed Login Attempts

[mysqld]

plugin-load-add=connection_control.so

connection-control=FORCE_PLUS_PERMANENT

connection-control-failed-login-attempts=FORCE_PLUS_PERMANENT

connection_control_failed_connections_threshold=5

connection_control_min_connection_delay=60000

connection_control_max_connection_delay=1920000

ALTER USER <user> FAILED_LOGIN_ATTEMPTS 12;

5. Ensure the Audit Plugin Can't be Unloaded

audit_log = 'FORCE_PLUS_PERMANENT'
6. Ensure default_authentication_plugin is Set to a Secure
Option
default_authentication_plugin=caching_sha2_password

7. Ensure Passwords are Set for All MySQL Accounts

ALTER USER <user>@<host> IDENTIFIED BY RANDOM PASSWORD PASSWORD
EXPIRE;

8. Set 'default_password_lifetime' to Require a Yearly Password

Change
SET GLOBAL default_password_lifetime=365;

9. Ensure Password Complexity Policies are in Place

SET PERSIST validate_password.length=14;

SET PERSIST validate_password.check_user_name=ON;

SET PERSIST validate_password.dictionary_file=<path to dictionary file>;

SET PERSIST validate_password.policy=STRONG;

SET PERSIST validate_password.mixed_case_count=1;

SET PERSIST validate_password.number_count=1;

SET PERSIST validate_password.special_char_count=1;

10. Ensure No Users Have Wildcard Hostnames

SELECT user, host FROM mysql.user WHERE host = '%';

11. Ensure 'require_secure_transport' is Set to 'ON' and/or

'have_ssl' is Set to 'YES'
set persist require_secure_transport=ON;

12. Ensure 'ssl_type' is Set to 'ANY', 'X509', or 'SPECIFIED'

for All Remote Users
ALTER USER 'my_user'@'app1.example.com' REQUIRE X509;

You might also like

OBIEE 12C SSL
Document14 pages
OBIEE 12C SSL
B.Mabrouk
No ratings yet
Install SSL Certificate Oracle WebLogic Server
Document3 pages
Install SSL Certificate Oracle WebLogic Server
nizm_gadi
No ratings yet
Azure Compliance Checklist
Document12 pages
Azure Compliance Checklist
Girango Gringo
No ratings yet
How To Configure COMODO SSL Certificate in Wildfly Server
Document14 pages
How To Configure COMODO SSL Certificate in Wildfly Server
quiquemo
No ratings yet
Modify User Profile
Document1 page
Modify User Profile
joaopaulo164
No ratings yet
04 Profile Privilege
Document59 pages
04 Profile Privilege
Randum Dood
No ratings yet
PNP SQL Server Database Encryption
Document17 pages
PNP SQL Server Database Encryption
pinuno427
No ratings yet
Install Oracle Text On Oracle Database 11gR2 - CTXSYS USER CREATION
Document1 page
Install Oracle Text On Oracle Database 11gR2 - CTXSYS USER CREATION
thankapps
No ratings yet
Ldap-Ssl Configuration For OBIEE12c
Document20 pages
Ldap-Ssl Configuration For OBIEE12c
Karthik R Rao
No ratings yet
Cwbcossl
Document6 pages
Cwbcossl
Rey Castro
No ratings yet
CIS Benchmark WindowsServer2019 v100
Document38 pages
CIS Benchmark WindowsServer2019 v100
Amine Rached
No ratings yet
Configuring Transparent Data Encryption With SQL Server 2012 AlwaysOn Availability Groups
Document7 pages
Configuring Transparent Data Encryption With SQL Server 2012 AlwaysOn Availability Groups
gk9
No ratings yet
Rebuild Mysql Replicate
Document5 pages
Rebuild Mysql Replicate
omyeudaihiep
No ratings yet
How To Create A Secure Login Using PHP and MYSQL
Document16 pages
How To Create A Secure Login Using PHP and MYSQL
Enryu Nagant
No ratings yet
Installation of MySQL On Linux Sample
Document4 pages
Installation of MySQL On Linux Sample
Stephen Efange
No ratings yet
Configure Python WebApp
Document8 pages
Configure Python WebApp
Ivan Georgiev
No ratings yet
Installation Failed. Reason - Failed To Connect To The Module, or The Connection Was Lost - Error When Installing Database
Document2 pages
Installation Failed. Reason - Failed To Connect To The Module, or The Connection Was Lost - Error When Installing Database
viper0anger
No ratings yet
Grant All On To By: Privileges . at Identified
Document1 page
Grant All On To By: Privileges . at Identified
Manoj Kumar
No ratings yet
Creating New Logins and Users (T-SQL)
Document6 pages
Creating New Logins and Users (T-SQL)
Nathnael Mesfin
No ratings yet
Critical Venurability
Document4 pages
Critical Venurability
Soumendu Gorai
No ratings yet
Warm Standby Setup Instructions - SybaseWiki
Document5 pages
Warm Standby Setup Instructions - SybaseWiki
ivan
No ratings yet
05 Oracle Profiles
Document5 pages
05 Oracle Profiles
Istakhar Rajib
No ratings yet
DOVECOT
Document6 pages
DOVECOT
informatica
No ratings yet
Oracle Database Security Assesement - KTPMULTI-v1 1
Document13 pages
Oracle Database Security Assesement - KTPMULTI-v1 1
harishpoojari
No ratings yet
Encrypt Tablespace
Document7 pages
Encrypt Tablespace
Bavyasri Pothu
No ratings yet
4670 Lecture4 Profile Privilege
Document57 pages
4670 Lecture4 Profile Privilege
darwin co
No ratings yet
Configure WASCE For SSL by J. M. V. Swamy Naidu - M.C.A.
Document7 pages
Configure WASCE For SSL by J. M. V. Swamy Naidu - M.C.A.
api-3804031
No ratings yet
Minioconfig
Document1 page
Minioconfig
duing.app
No ratings yet
Oracle EBS R12 - Security
Document15 pages
Oracle EBS R12 - Security
Abdelmadjid Bouamama
No ratings yet
Codeigniter3 Studentstutorial
Document123 pages
Codeigniter3 Studentstutorial
Management Accounting
No ratings yet
Working With Passwords, Secure Strings and Credentials in Windows PowerShell - TechNet Articles - United States (English) - TechNet Wiki
Document2 pages
Working With Passwords, Secure Strings and Credentials in Windows PowerShell - TechNet Articles - United States (English) - TechNet Wiki
Ajay Dwivedi
No ratings yet
Settings - Copia - Asp
Document1 page
Settings - Copia - Asp
Gabriel Rodriguez
No ratings yet
TDE Example
Document1 page
TDE Example
bhatroopa73
No ratings yet
015 SQL Server 2012 Features For Admins Lesson 15 AlwaysOn With TDE Lab Manual
Document8 pages
015 SQL Server 2012 Features For Admins Lesson 15 AlwaysOn With TDE Lab Manual
Milan Trninić
No ratings yet
Securing Database Contents With Transparent Data Encryption
Document11 pages
Securing Database Contents With Transparent Data Encryption
manuelcastro2009
No ratings yet
Flask Security
Document36 pages
Flask Security
Ajay Rawat
No ratings yet
Replace Default SSL Certifictate - Linux
Document4 pages
Replace Default SSL Certifictate - Linux
ciocoiu.iuliant
No ratings yet
Weblogic Password Reset
Document2 pages
Weblogic Password Reset
Ashutosh Nichat
No ratings yet
EN - Cisco Passwords Encryption Facts
Document4 pages
EN - Cisco Passwords Encryption Facts
elbuen0exe
No ratings yet
Act3 - Annisa Putri Purwariyono - 50418951
Document10 pages
Act3 - Annisa Putri Purwariyono - 50418951
annisa putri purwariyono
No ratings yet
Oracle Database 12c
Document5 pages
Oracle Database 12c
Harry Prathama Yudha
No ratings yet
Testare:: Se Acordă Drepturi Necesare
Document1 page
Testare:: Se Acordă Drepturi Necesare
Teo
No ratings yet
Power Advisor System Health - Secure Deployment Best Practices
Document7 pages
Power Advisor System Health - Secure Deployment Best Practices
alvarog125
No ratings yet
CIS Oracle Database 12c Benchmark v3.0.0
Document5 pages
CIS Oracle Database 12c Benchmark v3.0.0
Jesus David Duarte Prado
No ratings yet
P Do Tutorial
Document25 pages
P Do Tutorial
pptmf32
No ratings yet
SSL Installation Commands
Document3 pages
SSL Installation Commands
chetangodhani9
No ratings yet
Security in Sprin-Ws
Document20 pages
Security in Sprin-Ws
manu1212
No ratings yet
KDSSG Center For Excellence: SQL Server 2005 DBA Installation Checklist
Document5 pages
KDSSG Center For Excellence: SQL Server 2005 DBA Installation Checklist
ramesh
No ratings yet
Configure SSL Mastertheboss
Document12 pages
Configure SSL Mastertheboss
Robert Pho
No ratings yet
Managing Stored Credentials
Document3 pages
Managing Stored Credentials
deepakf
No ratings yet
Secure Web
Document8 pages
Secure Web
Elfendi Huang
No ratings yet
Spring Security: Basic Steps & Configuration
Document14 pages
Spring Security: Basic Steps & Configuration
PRABHU SORTUR
No ratings yet
SSL
Document2 pages
SSL
srivasthav
No ratings yet
Practices For Lesson 12: Security Chapter 12 - Page 1
Document12 pages
Practices For Lesson 12: Security Chapter 12 - Page 1
Joker Jr
No ratings yet
94 Installation Guide
Document3 pages
94 Installation Guide
August West
No ratings yet
Change Oracle Default Passwords For Sys, System, DBSNMP and Sysman
Document3 pages
Change Oracle Default Passwords For Sys, System, DBSNMP and Sysman
bedorlehacker
No ratings yet
Preventing Users From Changing Their Password
Document2 pages
Preventing Users From Changing Their Password
SHAHID FAROOQ
No ratings yet
Instalar OCS Inventory en Ubuntu 18
Document7 pages
Instalar OCS Inventory en Ubuntu 18
antoniosar43
No ratings yet
Configuring The SRX300 Services Gateway Using The CLI
Document3 pages
Configuring The SRX300 Services Gateway Using The CLI
herusuparsin
No ratings yet
Hashicorp Certified Vault Associate Certification Case Based Practice Questions - Latest Edition
From Everand
Hashicorp Certified Vault Associate Certification Case Based Practice Questions - Latest Edition
Exam OG
No ratings yet
Py Exercise
Document103 pages
Py Exercise
Rao Sri
No ratings yet
Master of International Business MIB-min
Document2 pages
Master of International Business MIB-min
Rao Sri
No ratings yet
An Overview of The Veracode Application Security Solution Application Analysis
Document8 pages
An Overview of The Veracode Application Security Solution Application Analysis
Rao Sri
No ratings yet
Postgraduate Application Form
Document5 pages
Postgraduate Application Form
Rao Sri
No ratings yet
Job Summary
Document2 pages
Job Summary
Rao Sri
No ratings yet
Andhavarapu Ramu: Objective
Document4 pages
Andhavarapu Ramu: Objective
Rao Sri
No ratings yet