The default mysql_secure_installation must be installed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-241799 | JAMF-10-100060 | SV-241799r971326_rule | CCI-001762 | medium |
| Description | ||||
| The mysql_secure_installation configuration of MySQL adds several important configuration settings that block several attack vectors. The My SQL application could be exploited by an adversary without mysql_secure_installation. SFR ID: FMT_SMF.1(2)b. / CM-7(1)(b) Satisfies: SRG-APP-000383 | ||||
| STIG | Date | |||
| Jamf Pro v10.x EMM Security Technical Implementation Guide | 2024-08-27 | |||
Details
Check Text (C-241799r971326_chk)
Verify the mysql_secure_installation has been installed on the Jamf host server.
1. Log in to MySQL. Execute the "show databases;" command.
- Verify that the database named "Test" is not shown in output of the command.
2. Verify the root account has a string representing the password and not a blank value.
- select * from mysql.user;
3. Verify the anonymous users have been removed and verify the user field contains a user name.
- select * from mysql.user;
All three steps must be correct to indicate mysql_secure_installation has been executed.
If the mysql_secure_installation has not been installed on the Jamf host server, this is a finding.
Fix Text (F-45034r685150_fix)
Install the mysql_secure_installation.
1. Install MySQL.
2. Using the Jamf Pro Security Recommendations document, go to the path based on the host operating system and execute the appropriate mysql_secure_installation script.