X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=debian%2Fossec-hids%2Fvar%2Fossec%2Fetc%2Fshared%2Fcis_mysql5-6_enterprise_rcl.txt;fp=debian%2Fossec-hids%2Fvar%2Fossec%2Fetc%2Fshared%2Fcis_mysql5-6_enterprise_rcl.txt;h=0000000000000000000000000000000000000000;hp=8655a310995549ef6eb7a8b0819fbc3f7862ba44;hb=946517cefb8751a43a89bda4220221f065f4e5d1;hpb=3f728675941dc69d4e544d3a880a56240a6e394a diff --git a/debian/ossec-hids/var/ossec/etc/shared/cis_mysql5-6_enterprise_rcl.txt b/debian/ossec-hids/var/ossec/etc/shared/cis_mysql5-6_enterprise_rcl.txt deleted file mode 100644 index 8655a31..0000000 --- a/debian/ossec-hids/var/ossec/etc/shared/cis_mysql5-6_enterprise_rcl.txt +++ /dev/null @@ -1,208 +0,0 @@ -# OSSEC Linux Audit - (C) 2018 -# -# Released under the same license as OSSEC. -# More details at the LICENSE file included with OSSEC or online -# at: https://github.com/ossec/ossec-hids/blob/master/LICENSE -# -# [Application name] [any or all] [reference] -# type:; -# -# Type can be: -# - f (for file or directory) -# - p (process running) -# - d (any file inside the directory) -# -# Additional values: -# For the registry , use "->" to look for a specific entry and another -# "->" to look for the value. -# For files, use "->" to look for a specific value in the file. -# -# Values can be preceeded by: =: (for equal) - default -# r: (for ossec regexes) -# >: (for strcmp greater) -# <: (for strcmp lower) -# Multiple patterns can be specified by using " && " between them. -# (All of them must match for it to return true). - -# CIS Checks for MYSQL -# Based on Center for Internet Security Benchmark for MYSQL v1.1.0 -# -$home_dirs=/usr2/home/*,/home/*,/home,/*/home/*,/*/home,/; -$enviroment_files=/*/home/*/\.bashrc,/*/home/*/\.profile,/*/home/*/\.bash_profile,/home/*/\.bashrc,/home/*/\.profile,/home/*/\.bash_profile; -$mysql-cnfs=/etc/mysql/my.cnf,/etc/mysql/mariadb.cnf,/etc/mysql/conf.d/*.cnf,/etc/mysql/mariadb.conf.d/*.cnf,~/.my.cnf; -# -# -#1.3 Disable MySQL Command History -[CIS - MySQL Configuration - 1.3: Disable MySQL Command History] [any] [https://workbench.cisecurity.org/files/1310/download] -d:$home_dirs -> ^.mysql_history$; -# -# -#1.5 Disable Interactive Login -[CIS - MySQL Configuration - 1.5: Disable Interactive Login] [any] [https://workbench.cisecurity.org/files/1310/download] -f:/etc/passwd -> r:^mysql && !r:\.*/bin/false$|/sbin/nologin$; -# -# -#1.6 Verify That 'MYSQL_PWD' Is Not In Use -[CIS - MySQL Configuration - 1.6: 'MYSQL_PWD' Is in Use] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$enviroment_files -> r:\.*MYSQL_PWD\.*; -# -# -#4.3 Ensure 'allow-suspicious-udfs' Is Set to 'FALSE' -[CIS - MySQL Configuration - 4.3: 'allow-suspicious-udfs' Is Set in my.cnf'] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:allow-suspicious-udfs\.+true; -f:$mysql-cnfs -> r:allow-suspicious-udfs\s*$; -# -# -#4.4 Ensure 'local_infile' Is Disabled -[CIS - MySQL Configuration - 4.4: local_infile is not forbidden in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:local-infile\s*=\s*1; -f:$mysql-cnfs -> r:local-infile\s*$; -# -# -#4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables' -[CIS - MySQL Configuration - 4.5: skip-grant-tables is set in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:skip-grant-tables\s*=\s*true; -f:$mysql-cnfs -> !r:skip-grant-tables\s*=\s*false; -f:$mysql-cnfs -> r:skip-grant-tables\s*$; -# -# -#4.6 Ensure '--skip-symbolic-links' Is Enabled -[CIS - MySQL Configuration - 4.6: skip_symbolic_links is not enabled in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:skip_symbolic_links\s*=\s*no; -f:$mysql-cnfs -> !r:skip_symbolic_links\s*=\s*yes; -f:$mysql-cnfs -> r:skip_symbolic_links\s*$; -# -# -#4.8 Ensure 'secure_file_priv' is not empty -[CIS - MySQL Configuration - 4.8: Ensure 'secure_file_priv' is not empty] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> r:^# && r:secure_file_priv=\s*\S+\s*; -f:$mysql-cnfs -> !r:secure_file_priv=\s*\S+\s*; -f:$mysql-cnfs -> r:secure_file_priv\s*$; -# -# -#4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' -[CIS - MySQL Configuration - 4.9: strict_all_tables is not set at sql_mode section of my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:strict_all_tables\s*$; -# -# -#6.1 Ensure 'log_error' is not empty -[CIS - MySQL Configuration - 6.1: log-error is not set in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> r:^# && r:log_error\s*=\s*\S+\s*; -f:$mysql-cnfs -> !r:log_error\s*=\s*\S+\s*; -f:$mysql-cnfs -> r:log_error\s*$; -# -# -#6.2 Ensure Log Files are not Stored on a non-system partition -[CIS - MySQL Configuration - 6.2: log files are maybe stored on systempartition] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/\S*\s*; -f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/var/\S*\s*; -f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/usr/\S*\s*; -f:$mysql-cnfs -> r:log_bin\s*$; -# -# -#6.3 Ensure 'log_warning' is set to 2 at least -[CIS - MySQL Configuration - 6.3: log warnings is set low] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:log_warnings\s*=\s*0; -f:$mysql-cnfs -> !r:^# && r:log_warnings\s*=\s*1; -f:$mysql-cnfs -> !r:log_warnings\s*=\s*\d+; -f:$mysql-cnfs -> r:log_warnings\s*$; -# -# -#6.4 Ensure 'log_raw' is set to 'off' -[CIS - MySQL Configuration - 6.4: log_raw is not set to off] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:log-raw\s*=\s*on; -f:$mysql-cnfs -> r:log-raw\s*$; -# -# -#6.5 Ensure audit_log_connection_policy is not set to 'none' -[CIS - MySQL Configuration - 6.5: audit_log_connection_policy is set to 'none' change it to all or erros] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r^# && r::audit_log_connection_policy\s*=\s*none; -f:$mysql-cnfs -> r:audit_log_connection_policy\s*$; -# -# -#6.6 Ensure audit_log_exclude_account is set to Null -[CIS - MySQL Configuration - 6.6:audit_log_exclude_accounts is not set to Null] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:audit_log_exclude_accounts\s*=\s* && !r:null\s*$; -f:$mysql-cnfs -> r:audit_log_exclude_accounts\s*$; -# -# -#6.7 Ensure audit_log_include_accounts is set to Null -[CIS - MySQL Configuration - 6.7:audit_log_include_accounts is not set to Null] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:audit_log_include_accounts\s*=\s* && !r:null\s*$; -f:$mysql-cnfs -> r:audit_log_include_accounts\s*$; -# -# -#6.9 Ensure audit_log_policy is not set to all -[CIS - MySQL Configuration - 6.9: audit_log_policy is not set to all] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:audit_log_policy\s*=\s*queries; -f:$mysql-cnfs -> !r:^# && r:audit_log_policy\s*=\s*none; -f:$mysql-cnfs -> !r:^# && r:audit_log_policy\s*=\s*logins; -f:$mysql-cnfs -> r:audit_log_policy\s*$; -# -# -#6.10 Ensure audit_log_statement_policy is set to all -[CIS - MySQL Configuration - 6.10: Ensure audit_log_statement_policy is set to all] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:audit_log_statement_policy\.+errors; -f:$mysql-cnfs -> !r:^# && r:audit_log_statement_policy\.+none; -f:$mysql-cnfs -> r:audit_log_statement_policy\s*$; -# -# -#6.11 Ensure audit_log_strategy is set to synchronous or semisynchronous -[CIS - MySQL Configuration - 6.11: Ensure audit_log_strategy is set to all] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:audit_log_strategy\.+asynchronous; -f:$mysql-cnfs -> !r:^# && r:audit_log_strategy\.+performance; -f:$mysql-cnfs -> !r:audit_log_strategy\s*=\s* && r:semisynchronous|synchronous; -f:$mysql-cnfs -> r:audit_log_strategy\s*$; -# -# -#6.12 Make sure the audit plugin can't be unloaded -[CIS - MySQL Configuration - 6.12: Audit plugin can be unloaded] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:^audit_log\s*=\s*on\s*; -f:$mysql-cnfs -> !r:^# && r:^audit_log\s*=\s*off\s*; -f:$mysql-cnfs -> !r:^# && r:^audit_log\s*=\s*force\s*; -f:$mysql-cnfs -> !r:^audit_log\s*=\s*force_plus_permanent\s*; -f:$mysql-cnfs -> r:^audit_log\s$; -# -# -#7.1 Ensure 'old_password' is not set to '1' or 'On' -[CIS - MySQL Configuration - 7.1:Ensure 'old_passwords' is not set to '1' or 'on'] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:old_passwords\s*=\s*1; -f:$mysql-cnfs -> !r:^# && r:old_passwords\s*=\s*on; -f:$mysql-cnfs -> !r:old_passwords\s*=\s*2; -f:$mysql-cnfs -> r:old_passwords\s*$; -# -# -#7.2 Ensure 'secure_auth' is set to 'ON' -[CIS - MySQL Configuration - 7.2: Ensure 'secure_auth' is set to 'ON'] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:secure_auth\s*=\s*off; -f:$mysql-cnfs -> !r:secure_auth\s*=\s*on; -f:$mysql-cnfs -> r:secure_auth\s*$; -# -# -#7.3 Ensure Passwords Are Not Stored in the Global Configuration -[CIS - MySQL Configuration - 7.3: Passwords are stored in global configuration] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:^\s*password\.*; -# -# -#7.4 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' -[CIS - MySQL Configuration - 7.4: Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER'] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:no_auto_create_user\s*$; -f:$mysql-cnfs -> r:^# && r:\s*no_auto_create_user\s*$; -# -# -#7.6 Ensure Password Policy is in Place -[CIS - MySQL Configuration - 7.6: Ensure Password Policy is in Place ] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:plugin-load\s*=\s*validate_password.so\s*$; -f:$mysql-cnfs -> !r:validate-password\s*=\s*force_plus_permanent\s*$; -f:$mysql-cnfs -> !r:validate_password_length\s*=\s*14\s$; -f:$mysql-cnfs -> !r:validate_password_mixed_case_count\s*=\s*1\s*$; -f:$mysql-cnfs -> !r:validate_password_number_count\s*=\s*1\s*$; -f:$mysql-cnfs -> !r:validate_password_special_char_count\s*=\s*1; -f:$mysql-cnfs -> !r:validate_password_policy\s*=\s*medium\s*; -# -# -#9.2 Ensure 'master_info_repository' is set to 'Table' -[CIS - MySQL Configuration - 9.2: Ensure 'master_info_repositrory' is set to 'Table'] [any] [https://workbench.cisecurity.org/files/1310/download] -f:$mysql-cnfs -> !r:^# && r:master_info_repository\s*=\s*file; -f:$mysql-cnfs -> !r:master_info_repository\s*=\s*table; -f:$mysql-cnfs -> r:master_info_repository\s*$;