Nessus Report

Nessus Scan Report

03/Dec/2013:04:43:56

Table Of Contents
Compliance 'FAILED'
4.5 Change admin account name
4.7 Verify Secure Password Hashes
4.9 Wildcards in user hostname
4.11 Anonymous account
5.1 Access to MySQL database 'mysql.db'
5.1 Access to MySQL database 'mysql.user'
5.2 FILE privilege
5.3 PROCESS privilege
5.4 SUPER privilege
5.5 SHUTDOWN privilege
5.7 RELOAD privilege
5.8 GRANT privilege
Compliance 'SKIPPED'
Compliance 'PASSED'
1.8 MYSQL_PWD
4.4 Remove test database
Compliance 'INFO', 'WARNING', 'ERROR'
1.1 OS Hardening
1.2 Dedicated Machine
1.4 Dedicated Account
1.5 Restrict network access
1.6 Database not on system partition
3.1 Error Logging Enabled
4.1 Supported version of MySQL
4.2 Latest security patches
4.3 Upgrade fix privilege tables
4.6 Complex Passwords
4.8 Single use accounts
4.10 No blank passwords
5.6 CREATE USER privilege
6.2 Disable Load data local
6.3 Old password hashing
6.5 Secure auth
6.9 Safe user create '@@global.sql_mode'
6.9 Safe user create '@@session.sql_mode'
6.10 Skip Symbolic Links
7.2 SSL Connection 'have_openssl'
7.2 SSL Connection 'mysql.user.ssl_type'
7.2 SSL Connection 'ssl_ca'
7.2 SSL Connection 'ssl_cert'
7.2 SSL Connection 'ssl_key'
7.3 Unique Key/Cert
8.1 Backup of databases
8.2 Verify backups
8.3 Replication slave backups

Compliance 'FAILED'

[-] Collapse All
[+] Expand All

4.5 Change admin account name

Info

Level 1, Scorable Change db admin account from default ('root') to something else ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 18

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Policy Value



NULL

Hosts

192.168.1.243

"root"
"root"
"root"

4.7 Verify Secure Password Hashes

Info

Level 1, Scorable All password hashes should be 41 bytes or longer ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 19

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Policy Value



NULL, NULL

Hosts

192.168.1.243

"root", "3c8c1a8e271e4bad"
"root", "3c8c1a8e271e4bad"
"debian-sys-maint", "1ae80be80887e5f2"
"bugzilla", "2329c700403a719c"
"mediawiki", "2329c700403a719c"
"serendipity", "2329c700403a719c"
"textpattern", "2329c700403a719c"
"wordpress", "2329c700403a719c"
"phpwebsite", "2329c700403a719c"
"phpbb2", "2329c700403a719c"
"phpbb", "2329c700403a719c"
"joomla", "2329c700403a719c"
"dotproject", "2329c700403a719c"
"moodel", "2329c700403a719c"
"moodle", "2329c700403a719c"
"sugarcrm", "2329c700403a719c"
"egroupware", "2329c700403a719c"
"drupal", "2329c700403a719c"
"oscommerce", "2329c700403a719c"
"gallery", "2329c700403a719c"
"phpadsnew", "2329c700403a719c"
"zencart", "2329c700403a719c"
"smarty", "2329c700403a719c"
"owl", "2329c700403a719c"
"tikiwiki", "2329c700403a719c"
"webcalendar", "2329c700403a719c"
"root", "3c8c1a8e271e4bad"

4.9 Wildcards in user hostname

Info

Level 2, Scorable Verify if users have wildcard ('%') in hostname ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 20

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_2_DB.audit

Policy Value



NULL

Hosts

192.168.1.243

"root"

4.11 Anonymous account

Info

Level 1, Scorable Verify and remove anonymous accounts ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 21

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Policy Value



NULL, "0"

Hosts

192.168.1.243

5.1 Access to MySQL database 'mysql.db'

Info

Level 1, Not Scorable Only admin users should have access to the MySQL database ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 23

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Policy Value



"root"

Hosts

192.168.1.243

5.1 Access to MySQL database 'mysql.user'

Info

Level 1, Not Scorable Only admin users should have access to the MySQL database ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 23

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Policy Value



"root"

Hosts

192.168.1.243

"root", localhost
"root", vmware-bavm
"debian-sys-maint", localhost
"root", %

5.2 FILE privilege

Info

Level 1, Not Scorable Do not grant to non Admin users ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 24

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Policy Value



"root"

Hosts

192.168.1.243

"root", localhost
"root", vmware-bavm
"debian-sys-maint", localhost
"root", %

5.3 PROCESS privilege

Info

Level 1, Not Scorable Do not grant to non Admin users ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 24

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Policy Value



"root"

Hosts

192.168.1.243

"root", localhost
"root", vmware-bavm
"debian-sys-maint", localhost
"root", %

5.4 SUPER privilege

Info

Level 1, Not Scorable Do not grant to non Admin users ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 25

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Policy Value



"root"

Hosts

192.168.1.243

"root", localhost
"root", vmware-bavm
"debian-sys-maint", localhost
"root", %

5.5 SHUTDOWN privilege

Info

Level 1, Not Scorable Do not grant to non Admin users ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 25

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Policy Value



"root"

Hosts

192.168.1.243

"root", localhost
"root", vmware-bavm
"debian-sys-maint", localhost
"root", %

5.7 RELOAD privilege

Info

Level 1, Not Scorable Do not grant to non Admin users ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 26

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Policy Value



"root"

Hosts

192.168.1.243

"root", localhost
"root", vmware-bavm
"debian-sys-maint", localhost
"root", %

5.8 GRANT privilege

Info

Level 1, Not Scorable Do not grant to non Admin users ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 27

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Policy Value



"root"

Hosts

192.168.1.243

"root", localhost
"root", vmware-bavm
"debian-sys-maint", localhost

Compliance 'SKIPPED'

[-] Collapse All
[+] Expand All

Compliance 'PASSED'

[-] Collapse All
[+] Expand All

1.8 MYSQL_PWD

Info

Level 1, Not Scorable MySQL can read the database password from an environmental variable called MYSQL_PWD. Verify MYSQL_PWD environmental variable not used ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 10

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243

4.4 Remove test database

Info

Level 1, Scorable Remove test database ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 18

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243

Compliance 'INFO', 'WARNING', 'ERROR'

[-] Collapse All
[+] Expand All

1.1 OS Hardening

Info

Level 1, Scorable Harden OS using appropriate CIS benchmark ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 8 NOTE : Nessus has not performed this query, and this check is only provided for informational purposes.

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243

1.2 Dedicated Machine

Info

Level 2, Not Scorable Machine dedicated to running MySQL ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 8 NOTE : Nessus has not performed this query, and this check is only provided for informational purposes.

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_2_DB.audit

Hosts

192.168.1.243

1.4 Dedicated Account

Info

Level 1, Not Scorable Dedicated non-administrative account for MySQL daemon/service ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 8 NOTE : Nessus has not performed this query, and this check is only provided for informational purposes.

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243

1.5 Restrict network access

Info

Level 2, Not Scorable Restrict network access using local IP filtering ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 9 NOTE : Nessus has not performed this query, and this check is only provided for informational purposes.

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_2_DB.audit

Hosts

192.168.1.243

1.6 Database not on system partition

Info

Level 1, Scorable Databases must not be located on system partitions ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 9 NOTE : Nessus has not performed this query, and this check is only provided for informational purposes.

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243

3.1 Error Logging Enabled

Info

Level 1, Scorable The error log must be enabled.
ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 15

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243 SQL_NO_RESULT: The sql request returned no result

4.1 Supported version of MySQL

Info

Level 2, Scorable Migrate to version 4.1 or 5.0.
ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 17

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_2_DB.audit

Hosts

192.168.1.243 SQL_NO_RESULT: The sql request returned no result

4.2 Latest security patches

Info

Level 2, Not Scorable Verify latest security patches.
ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 17 NOTE : Nessus has not performed this query, and this check is only provided for informational purposes.

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_2_DB.audit

Hosts

192.168.1.243

4.3 Upgrade fix privilege tables

Info

Level 1, Scorable When upgrading always fix the privilege tables ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 17 NOTE : CIS recommends running :
(4.x) 'mysql_upgrade', or (5.x) 'mysql_fix_privilege_tables'
against: mysql.user, mysql.host, mysql.db, mysql.tables_priv, mysql.columns_priv, mysql.func, and mysql.procs_priv.
NOTE : Nessus has not performed this query, and this check is only provided for informational purposes.

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243

4.6 Complex Passwords

Info

Level 1, Not Scorable Minimum 8 characters in length with characters from at least three of the following categories: uppercase, lowercase, numeric, non-alphanumeric ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 19 NOTE : Nessus has not performed this query, and this check is only provided for informational purposes.

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243

4.8 Single use accounts

Info

Level 1, Not Scorable Each database user should be used for single purpose/person ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 20 NOTE : Nessus has not performed this query, and this check is only provided for informational purposes.

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243

4.10 No blank passwords

Info

Level 1, Scorable Verify no blank passwords ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 21

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243 SQL_ERROR: an error happened while executing the sql request

SQL error: Error Code: 1140
msg: Mixing of GROUP columns (MIN(),MAX(),COUNT()...) with no GROUP columns is illegal if there is no GROUP BY clause

5.6 CREATE USER privilege

Info

Level 1, Not Scorable Do not grant to non Admin users ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 26

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243 SQL_ERROR: an error happened while executing the sql request

SQL error: Error Code: 1054
msg: Unknown column 'Create_user_priv' in 'where clause'

6.2 Disable Load data local

Info

Level 2, Scorable Check that --local-infile=0 ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 28

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_2_DB.audit

Hosts

192.168.1.243 SQL_NO_RESULT: The sql request returned no result

6.3 Old password hashing

Info

Level 1, Scorable Must not use: --old-passwords ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 29

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243 SQL_NO_RESULT: The sql request returned no result

6.5 Secure auth

Info

Level 2, Scorable Must use: --secure-auth ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 29

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_2_DB.audit

Hosts

192.168.1.243 SQL_NO_RESULT: The sql request returned no result

6.9 Safe user create '@@global.sql_mode'

Info

Level 1, Scorable Must use: NO_AUTO_CREATE_USER or --safe-user-create ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 31

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243 SQL_ERROR: an error happened while executing the sql request

SQL error: Error Code: 1193
msg: Unknown system variable 'sql_mode'

6.9 Safe user create '@@session.sql_mode'

Info

Level 1, Scorable Must use: NO_AUTO_CREATE_USER or --safe-user-create ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 31

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243 SQL_ERROR: an error happened while executing the sql request

SQL error: Error Code: 1193
msg: Unknown system variable 'sql_mode'

6.10 Skip Symbolic Links

Info

Level 2, Scorable Must use: --skip-symbolic-links ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 31

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_2_DB.audit

Hosts

192.168.1.243 SQL_NO_RESULT: The sql request returned no result

7.2 SSL Connection 'have_openssl'

Info

Level 2, Scorable Must use: SSL over untrusted networks (internet) or when restricted PII is transferred ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 33

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_2_DB.audit

Hosts

192.168.1.243 SQL_NO_RESULT: The sql request returned no result

7.2 SSL Connection 'mysql.user.ssl_type'

Info

Level 2, Scorable Must use: SSL over untrusted networks (internet) or when restricted PII is transferred ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 33 NOTE : This query uses a sample file or path and may need to be changed to reflect the target environment.
NOTE : This query addresses half of 7.2, the remainder is covered in the appopriate OS .audit .

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_2_DB.audit

Hosts

192.168.1.243 SQL_NO_RESULT: The sql request returned no result

7.2 SSL Connection 'ssl_ca'

Info

Level 2, Scorable Must use: SSL over untrusted networks (internet) or when restricted PII is transferred ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 33 NOTE : This query uses a sample file or path and may need to be changed to reflect the target environment.
NOTE : This query addresses half of 7.2, the remainder is covered in the appopriate OS .audit .

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_2_DB.audit

Hosts

192.168.1.243 SQL_NO_RESULT: The sql request returned no result

7.2 SSL Connection 'ssl_cert'

Info

Level 2, Scorable Must use: SSL over untrusted networks (internet) or when restricted PII is transferred ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 33 NOTE : This query uses a sample file or path and may need to be changed to reflect the target environment.
NOTE : This query addresses half of 7.2, the remainder is covered in the appopriate OS .audit .

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_2_DB.audit

Hosts

192.168.1.243 SQL_NO_RESULT: The sql request returned no result

7.2 SSL Connection 'ssl_key'

Info

Level 2, Scorable Must use: SSL over untrusted networks (internet) or when restricted PII is transferred ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 33 NOTE : This query uses a sample file or path and may need to be changed to reflect the target environment.
NOTE : This query addresses half of 7.2, the remainder is covered in the appopriate OS .audit .

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_2_DB.audit

Hosts

192.168.1.243 SQL_NO_RESULT: The sql request returned no result

7.3 Unique Key/Cert

Info

Level 1, Not Scorable Do not use a default or example certificate. Generate a key specifically for MySQL ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 34 NOTE : Nessus has not performed this query, and this check is only provided for informational purposes.

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243

8.1 Backup of databases

Info

Level 1, Not Scorable Regularly occurring backup ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 35 NOTE : Nessus has not performed this query, and this check is only provided for informational purposes.

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243

8.2 Verify backups

Info

Level 1, Not Scorable Verify backups are good ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 35 NOTE : Nessus has not performed this query, and this check is only provided for informational purposes.

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243

8.3 Replication slave backups

Info

Level 1, Not Scorable Verify master.info, relay-log.info, and SQL_LOAD-* files.
ref. https://benchmarks.cisecurity.org/tools2/mysql/CIS_MySQL_Benchmark_v1.0.2.pdf pg. 35 NOTE : Nessus has not performed this query, and this check is only provided for informational purposes.

Audit File

CIS_MySQL_4.1_5.1_Benchmark_v1.0.2_LEVEL_1_DB.audit

Hosts

192.168.1.243