X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=ossec-hids.git;a=blobdiff_plain;f=src%2Frootcheck%2Fdb%2Fcis_mysql5-6_community_rcl.txt;fp=src%2Frootcheck%2Fdb%2Fcis_mysql5-6_community_rcl.txt;h=f851f4037c091705c5d1e6fbe39ec68e5c63a048;hp=0000000000000000000000000000000000000000;hb=3f728675941dc69d4e544d3a880a56240a6e394a;hpb=927951d1c1ad45ba9e7325f07d996154a91c911b diff --git a/src/rootcheck/db/cis_mysql5-6_community_rcl.txt b/src/rootcheck/db/cis_mysql5-6_community_rcl.txt new file mode 100644 index 0000000..f851f40 --- /dev/null +++ b/src/rootcheck/db/cis_mysql5-6_community_rcl.txt @@ -0,0 +1,158 @@ +# OSSEC Linux Audit - (C) 2018 +# +# Released under the same license as OSSEC. +# More details at the LICENSE file included with OSSEC or online +# at: https://github.com/ossec/ossec-hids/blob/master/LICENSE +# +# [Application name] [any or all] [reference] +# type:; +# +# Type can be: +# - f (for file or directory) +# - p (process running) +# - d (any file inside the directory) +# +# Additional values: +# For the registry , use "->" to look for a specific entry and another +# "->" to look for the value. +# For files, use "->" to look for a specific value in the file. +# +# Values can be preceeded by: =: (for equal) - default +# r: (for ossec regexes) +# >: (for strcmp greater) +# <: (for strcmp lower) +# Multiple patterns can be specified by using " && " between them. +# (All of them must match for it to return true). + +# CIS Checks for MYSQL +# Based on Center for Internet Security Benchmark for MYSQL v1.1.0 +# +$home_dirs=/usr2/home/*,/home/*,/home,/*/home/*,/*/home,/; +$enviroment_files=/*/home/*/\.bashrc,/*/home/*/\.profile,/*/home/*/\.bash_profile,/home/*/\.bashrc,/home/*/\.profile,/home/*/\.bash_profile; +$mysql-cnfs=/etc/mysql/my.cnf,/etc/mysql/mariadb.cnf,/etc/mysql/conf.d/*.cnf,/etc/mysql/mariadb.conf.d/*.cnf,~/.my.cnf; +# +# +#1.3 Disable MySQL Command History +[CIS - MySQL Configuration - 1.3: Disable MySQL Command History] [any] [https://workbench.cisecurity.org/files/1310/download] +d:$home_dirs -> ^.mysql_history$; +# +# +#1.5 Disable Interactive Login +[CIS - MySQL Configuration - 1.5: Disable Interactive Login] [any] [https://workbench.cisecurity.org/files/1310/download] +f:/etc/passwd -> r:^mysql && !r:\.*/bin/false$|/sbin/nologin$; +# +# +#1.6 Verify That 'MYSQL_PWD' Is Not In Use +[CIS - MySQL Configuration - 1.6: 'MYSQL_PWD' Is in Use] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$enviroment_files -> r:\.*MYSQL_PWD\.*; +# +# +#4.3 Ensure 'allow-suspicious-udfs' Is Set to 'FALSE' +[CIS - MySQL Configuration - 4.3: 'allow-suspicious-udfs' Is Set in my.cnf'] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$mysql-cnfs -> !r:^# && r:allow-suspicious-udfs\.+true; +f:$mysql-cnfs -> r:allow-suspicious-udfs\s*$; +# +# +#4.4 Ensure 'local_infile' Is Disabled +[CIS - MySQL Configuration - 4.4: local_infile is not forbidden in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$mysql-cnfs -> !r:^# && r:local-infile\s*=\s*1; +f:$mysql-cnfs -> r:local-infile\s*$; +# +# +#4.5 Ensure 'mysqld' Is Not Started with '--skip-grant-tables' +[CIS - MySQL Configuration - 4.5: skip-grant-tables is set in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$mysql-cnfs -> !r:^# && r:skip-grant-tables\s*=\s*true; +f:$mysql-cnfs -> !r:skip-grant-tables\s*=\s*false; +f:$mysql-cnfs -> r:skip-grant-tables\s*$; +# +# +#4.6 Ensure '--skip-symbolic-links' Is Enabled +[CIS - MySQL Configuration - 4.6: skip_symbolic_links is not enabled in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$mysql-cnfs -> !r:^# && r:skip_symbolic_links\s*=\s*no; +f:$mysql-cnfs -> !r:skip_symbolic_links\s*=\s*yes; +f:$mysql-cnfs -> r:skip_symbolic_links\s*$; +# +# +#4.8 Ensure 'secure_file_priv' is not empty +[CIS - MySQL Configuration - 4.8: Ensure 'secure_file_priv' is not empty] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$mysql-cnfs -> r:^# && r:secure_file_priv=\s*\S+\s*; +f:$mysql-cnfs -> !r:secure_file_priv=\s*\S+\s*; +f:$mysql-cnfs -> r:secure_file_priv\s*$; +# +# +#4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' +[CIS - MySQL Configuration - 4.9: strict_all_tables is not set at sql_mode section of my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$mysql-cnfs -> !r:strict_all_tables\s*$; +# +# +#6.1 Ensure 'log_error' is not empty +[CIS - MySQL Configuration - 6.1: log-error is not set in my.cnf] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$mysql-cnfs -> r:^# && r:log_error\s*=\s*\S+\s*; +f:$mysql-cnfs -> !r:log_error\s*=\s*\S+\s*; +f:$mysql-cnfs -> r:log_error\s*$; +# +# +#6.2 Ensure Log Files are not Stored on a non-system partition +[CIS - MySQL Configuration - 6.2: log files are maybe stored on systempartition] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/\S*\s*; +f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/var/\S*\s*; +f:$mysql-cnfs -> !r:^# && r:log_bin= && !r:\s*/usr/\S*\s*; +f:$mysql-cnfs -> r:log_bin\s*$; +# +# +#6.3 Ensure 'log_warning' is set to 2 at least +[CIS - MySQL Configuration - 6.3: log warnings is set low] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$mysql-cnfs -> !r:^# && r:log_warnings\s*=\s*0; +f:$mysql-cnfs -> !r:^# && r:log_warnings\s*=\s*1; +f:$mysql-cnfs -> !r:log_warnings\s*=\s*\d+; +f:$mysql-cnfs -> r:log_warnings\s*$; +# +# +#6.5 Ensure 'log_raw' is set to 'off' +[CIS - MySQL Configuration - 6.5: log_raw is not set to off] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$mysql-cnfs -> !r:^# && r:log-raw\s*=\s*on; +f:$mysql-cnfs -> r:log-raw\s*$; +# +# +#7.1 Ensure 'old_password' is not set to '1' or 'On' +[CIS - MySQL Configuration - 7.1:Ensure 'old_passwords' is not set to '1' or 'on'] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$mysql-cnfs -> !r:^# && r:old_passwords\s*=\s*1; +f:$mysql-cnfs -> !r:^# && r:old_passwords\s*=\s*on; +f:$mysql-cnfs -> !r:old_passwords\s*=\s*2; +f:$mysql-cnfs -> r:old_passwords\s*$; +# +# +#7.2 Ensure 'secure_auth' is set to 'ON' +[CIS - MySQL Configuration - 7.2: Ensure 'secure_auth' is set to 'ON'] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$mysql-cnfs -> !r:^# && r:secure_auth\s*=\s*off; +f:$mysql-cnfs -> !r:secure_auth\s*=\s*on; +f:$mysql-cnfs -> r:secure_auth\s*$; +# +# +#7.3 Ensure Passwords Are Not Stored in the Global Configuration +[CIS - MySQL Configuration - 7.3: Passwords are stored in global configuration] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$mysql-cnfs -> !r:^# && r:^\s*password\.*; +# +# +#7.4 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' +[CIS - MySQL Configuration - 7.4: Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER'] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$mysql-cnfs -> !r:no_auto_create_user\s*$; +f:$mysql-cnfs -> r:^# && r:\s*no_auto_create_user\s*$; +# +# +#7.6 Ensure Password Policy is in Place +[CIS - MySQL Configuration - 7.6: Ensure Password Policy is in Place ] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$mysql-cnfs -> !r:plugin-load\s*=\s*validate_password.so\s*$; +f:$mysql-cnfs -> !r:validate-password\s*=\s*force_plus_permanent\s*$; +f:$mysql-cnfs -> !r:validate_password_length\s*=\s*14\s$; +f:$mysql-cnfs -> !r:validate_password_mixed_case_count\s*=\s*1\s*$; +f:$mysql-cnfs -> !r:validate_password_number_count\s*=\s*1\s*$; +f:$mysql-cnfs -> !r:validate_password_special_char_count\s*=\s*1; +f:$mysql-cnfs -> !r:validate_password_policy\s*=\s*medium\s*; +# +# +#9.2 Ensure 'master_info_repository' is set to 'Table' +[CIS - MySQL Configuration - 9.2: Ensure 'master_info_repositrory' is set to 'Table'] [any] [https://workbench.cisecurity.org/files/1310/download] +f:$mysql-cnfs -> !r:^# && r:master_info_repository\s*=\s*file; +f:$mysql-cnfs -> !r:master_info_repository\s*=\s*table; +f:$mysql-cnfs -> r:master_info_repository\s*$;