MariaDB must generate audit records when successful logons or connections occur.

An XCCDF Rule

Description

For completeness of forensic analysis, it is necessary to track who/what (a user or other principal) logs on to the DBMS.

ID: SV-253764r961824_rule
Version: MADB-10-011200
Severity: Medium
References: CCI-000172
Updated: about 2 months ago

Remediation Templates

Edit the necessary filters to include  connect_events connect. Example:

MariaDB> DELETE FROM mysql.server_audit_filters WHERE filtername = 'default';

MariaDB> INSERT INTO mysql.server_audit_filters (filtername, rule)
   VALUES ('default',      JSON_COMPACT(
         '{
            "connect_event": [
               "CONNECT",
               "DISCONNECT"
            ]
         }'
      ));