UCF STIG Viewer Logo

The default mysql_secure_installation must be installed.


Finding ID Version Rule ID IA Controls Severity
V-99599 JAMF-10-100060 SV-108703r1_rule Medium
The mysql_secure_installation configuration of MySQL adds several important configuration settings that block several attack vectors. The My SQL application could be exploited by an adversary without mysql_secure_installation. SFR ID: FMT_SMF.1(2)b. / CM-7(1)(b) Satisfies: SRG-APP-000383
Jamf Pro v10.x EMM Security Technical Implementation Guide 2020-02-04


Check Text ( C-98449r1_chk )
Verify the mysql_secure_installation has been installed on the Jamf host server.

1. Log in to MySQL. Execute the "show databases;" command.
- Verify that the database named "Test" is not shown in output of the command.

2. Verify the root account has a string representing the password and not a blank value.
- select * from mysql.user;

3. Verify the anonymous users have been removed and verify the user field contains a user name.
- select * from mysql.user;

All three steps must be correct to indicate mysql_secure_installation has been executed.

If the mysql_secure_installation has not been installed on the Jamf host server, this is a finding.
Fix Text (F-105283r1_fix)
Install the mysql_secure_installation.

1. Install MySQL.
2. Using the Jamf Pro Security Recommendations document, go to the path based on the host operating system and execute the appropriate mysql_secure_installation script.