MariaDB must utilize centralized management of the content captured in audit records generated by all components of the DBMS.

Description

<VulnDiscussion>MariaDB can be configured to use syslog or any OS system file to store audit records to designated disk directories. Review the server_audit_events to make sure that they include QUERY, and verify the server_audit_logging is set ON. Check the log file location: ---- As the database administrator, run the following SQL: mysql -u root -e show global variables like server_audit% Verify the server_audit_logging is set ON. ##To use system logs (syslog): From the query above verify the value of: server_audit_output_type=SYSLOG ##To use a OS file: From the query above verify the value of: server_audit_output_type=FILE The following values should also be checked: server_audit_file_rotate_now = ON server_audit_file_rotate_size x*1024. This is the size of the file (in bytes) that will cause file rotation. server_ audit_file_rotations =x This is the number of rotations to save. ------ Check with the security guide to verify that the central management system is getting the audit logs from the correct directories. If MariaDB audit records are not written directly to or systematically transferred to the centralized log management system in the security guide, this is a finding. If MariaDB does not have a continuous network connection to the centralized log management system, and MariaDB audit records are not transferred to the centralized log management system weekly or more often, this is a finding.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>