U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

  1. Checklist Repository

CIS MySQL 4.1/5.0/5.1 Benchmark v1.0.2 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
mysql mysql 4.1 cpe:/a:mysql:mysql:4.1 (View CVEs)
mysql mysql 5.0 cpe:/a:mysql:mysql:5.0 (View CVEs)
mysql mysql 5.1 cpe:/a:mysql:mysql:5.1 (View CVEs)

Checklist Highlights

Checklist Name:
CIS MySQL 4.1/5.0/5.1 Benchmark
Checklist ID:
266
Version:
v1.0.2
Type:
Compliance
Review Status:
Under Review
Authority:
Third Party: Center for Internet Security (CIS)
Original Publication Date:
08/02/2007

Checklist Summary:

This document is derived from research conducted utilizing MySQL on various Windows and Unix platforms. This document provides the necessary settings and procedures for the secure setup, configuration, and operation of a MySQL database system. With the use of the settings and procedures in this document, a MySQL database can be configured to conform to general industry �¢??best practices�¢?� regarding secure configuration. Although these settings will improve the security of a MySQL �¢??out of the box�¢?� installation, they are by no means a guarantee of overall database and information security.

Checklist Role:

  • Database Management System

Known Issues:

MySQL versions prior to 4.1 (3.X, 4.0) MySQL versions prior to 3.23 are no longer supported and migration to a supported version of MySQL is highly recommended. For versions 3.23 and 4.0 only critical bugs are being addressed. Additionally, version 4.1 introduced a number of significant security improvements into MySQL. It is recommended that companies form a migration plan to move to currently supported versions of MySQL that contain the latest security improvements. As of this writing those supported versions are v4.1 (since Oct 2004) and v5.0 (since Oct 2005). MySQL version 5.1 At the time of this writing MySQL version 5.1 is currently beta software and not recommended for production use. This document does include benchmark information for v5.1 based on version 5.1.11-beta and information available at that time.

Target Audience:

Database Administrator

Target Operational Environment:

  • Managed

Testing Information:

Not provided.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Not provided.

Disclaimer:

Proper use of the recommendations requires careful analysis and adaptation to specific user requirements. The recommendations are not in any way intended to be a quick fix for anyones information security needs. CIS makes no representations, warranties or covenants whatsoever as to (i) the positive or negative effect of the products or the recommendations on the operation or the security of any particular network, computer system, network device, software, hardware, or any component of any of the foregoing or (ii) the accuracy, reliability, timeliness or completeness of any product or recommendation. CIS is providing the products and the recommendations as is and as available without representations, warranties or covenants of any kind.

Product Support:

http://forums.mysql.com/

Point of Contact:

cis-feedback@cisecurity.org

Sponsor:

Not provided.

Licensing:

GNU General Public License http://www.gnu.org/licenses/ MySQL Support and Licensing http://www.mysql.com/doc/en/Licensing_and_Support.html

Change History: 

Not provided.

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 11/17/2009

* This checklist is still undergoing review for inclusion into the NCP.