MariaDB must generate audit records when unsuccessful logons or connection attempts occur.

An XCCDF Rule

Details
Profiles

Description

For completeness of forensic analysis, it is necessary to track failed attempts to log on to MariaDB. While positive identification may not be possible in a case of failed authentication, as much information as possible about the incident must be captured.

ID: SV-253765r961824_rule
Version: MADB-10-011300
Severity: Medium
References: CCI-000172
Updated: about 2 months ago

Remediation Templates

Edit the necessary filters to include  connect_events connect. Example:

MariaDB> DELETE FROM mysql.server_audit_filters WHERE filtername = 'default';

MariaDB> INSERT INTO mysql.server_audit_filters (filtername, rule)
   VALUES ('default',      JSON_COMPACT(
         '{
            "connect_event": [
               "CONNECT",
               "DISCONNECT"
            ]
         }'
      ));

MariaDB must generate audit records when unsuccessful logons or connection attempts occur.

Description

Remediation Templates

A Manual Procedure