Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
MariaDB Enterprise 10.x Security Technical Implementation Guide
SRG-APP-000356-DB-000314
MariaDB must utilize centralized management of the content captured in audit records generated by all components of the DBMS.
MariaDB must utilize centralized management of the content captured in audit records generated by all components of the DBMS.
An XCCDF Rule
Details
Profiles
Prose
MariaDB must utilize centralized management of the content captured in audit records generated by all components of the DBMS.
Medium Severity
<VulnDiscussion>MariaDB can be configured to use syslog or any OS system file to store audit records to designated disk directories. Review the server_audit_events to make sure that they include QUERY, and verify the server_audit_logging is set ON. Check the log file location: ---- As the database administrator, run the following SQL: mysql -u root -e show global variables like server_audit% Verify the server_audit_logging is set ON. ##To use system logs (syslog): From the query above verify the value of: server_audit_output_type=SYSLOG ##To use a OS file: From the query above verify the value of: server_audit_output_type=FILE The following values should also be checked: server_audit_file_rotate_now = ON server_audit_file_rotate_size x*1024. This is the size of the file (in bytes) that will cause file rotation. server_ audit_file_rotations =x This is the number of rotations to save. ------ Check with the security guide to verify that the central management system is getting the audit logs from the correct directories. If MariaDB audit records are not written directly to or systematically transferred to the centralized log management system in the security guide, this is a finding. If MariaDB does not have a continuous network connection to the centralized log management system, and MariaDB audit records are not transferred to the centralized log management system weekly or more often, this is a finding.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>