MariaDB must initiate session auditing upon startup.

An XCCDF Rule

Description

<VulnDiscussion>Session auditing is for use when a user's activities are under investigation. To be sure of capturing all activity during those periods when session auditing is in use, it must be in operation for the whole time MariaDB is running.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-253674r879562_rule
Severity: Medium
References: CCI-001464
Updated: 9 months ago

If not already exists, create a named filter with the required auditing for the user in question. Example: 

MariaDB> INSERT INTO mysql.server_audit_filters (filtername, rule)
   VALUES ('session_auditing',
      JSON_COMPACT(
         '{            "connect_event": [
               "CONNECT",
               "DISCONNECT"
            ],
            "table_event":[
               "WRITE",
               "CREATE",
               "DROP",
               "RENAME",
               "ALTER"
            ]
         }'
      ));

Then assign the named filter to the user. Example:

MariaDB> INSERT INTO mysql.server_audit_users (host, user, filtername) VALUES ("%", "username", "session_auditing");

Reload filters. 

MariaDB> SET GLOBAL server_audit_reload_filters = ON;

MariaDB must initiate session auditing upon startup.

Description

Remediation - Manual Procedure