Documentation - V-235097

Title

MySQL Database Server 8.0 must produce audit records containing sufficient information to establish what type of events occurred.

Description

<VulnDiscussion>Information system auditing capability is critical for accurate forensic analysis. Without establishing what type of event occurred, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit record content that may be necessary to satisfy the requirement of this policy includes, for example, time stamps, user/process identifiers, event descriptions, success/fail indications, filenames involved,...

Fix Text (Documentation Requirement)

Configure DBMS auditing to audit standard and organization-defined auditable events, with the audit record to include what type of event occurred. Use this process to ensure auditable events are captured: Configure MySQL database server 8.0 for auditing and configure audit settings to include required events as part of the audit record. To install MySQL Enterprise Audit: Run the audit_log_filter_linux_install.sql script located in the sharedirectory of your MySQL installation. This can be determined by running – select @@basedir; For example if the basedir is /usr/local/mysql shell> bin/mysql -u root -p < /usr/local/mysql/share/audit_log_filter_linux_install.sql Verify the plugin installation by running: SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS ...