The default mysql_secure_installation must be installed.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-241799 | PP-MDM-991000 | JAMF-10-100060 | SV-241799r971326_rule | 2024-08-27 | 3 |
| Description |
|---|
| The mysql_secure_installation configuration of MySQL adds several important configuration settings that block several attack vectors. The My SQL application could be exploited by an adversary without mysql_secure_installation. SFR ID: FMT_SMF.1(2)b. / CM-7(1)(b) Satisfies: SRG-APP-000383 |
| ℹ️ Check |
|---|
| Verify the mysql_secure_installation has been installed on the Jamf host server. 1. Log in to MySQL. Execute the "show databases;" command. - Verify that the database named "Test" is not shown in output of the command. 2. Verify the root account has a string representing the password and not a blank value. - select * from mysql.user; 3. Verify the anonymous users have been removed and verify the user field contains a user name. - select * from mysql.user; All three steps must be correct to indicate mysql_secure_installation has been executed. If the mysql_secure_installation has not been installed on the Jamf host server, this is a finding. |
| ✔️ Fix |
|---|
| Install the mysql_secure_installation. 1. Install MySQL. 2. Using the Jamf Pro Security Recommendations document, go to the path based on the host operating system and execute the appropriate mysql_secure_installation script. |