UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The MySQL Database Server 8.0 must utilize centralized management of the content captured in audit records generated by all components of the MySQL Database Server 8.0.


Overview

Finding ID Version Rule ID IA Controls Severity
V-235171 MYS8-00-009400 SV-235171r855569_rule Medium
Description
The content captured in audit records must be managed from a central location (necessitating automation). Centralized management of audit records and logs provides for efficiency in maintenance and management of records, as well as the backup and archiving of those records. The MySQL Server writes audit records to files in the file system and this data is available via ReadOnly using functions within the MySQL Server. These files are available via SQL functions or on the filesystem in JSON and XML formats providing compatibility for off-loading audit records to centralized system(s).
STIG Date
Oracle MySQL 8.0 Security Technical Implementation Guide 2022-09-12

Details

Check Text ( C-38390r623633_chk )
Review the system documentation for a description of how audit records are off-loaded and how local audit log space is managed.

If the MySQL Server audit records are not written directly to or systematically transferred to a centralized log management system, this is a finding.
Fix Text (F-38353r623634_fix)
Configure and/or deploy software tools to ensure that MySQL Server audit records are written directly to or systematically transferred to a centralized log management system.