Skip to content

Ensure Audit Logging Is Enabled

Description

Audit logging is not really included in the Community Edition of MySQL - only the general log. Using the general log is possible, but not practical, because it grows quickly and has an adverse impact on server performance.

Third-party plugins such as MariaDB Audit Plugin are available to help with this.

Rationale

Enabling audit logging is an important consideration for any production environment as contributes to identify who changed what and when. The audit log might be used as evidence in investigations. It might also help to identify what an attacker was able to accomplish.

Enable audit logging for - Interactive user sessions - Application sessions (optional)

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine mysql

Default Rule

const { getServerExtension, isEmpty } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if 'server_audit' plugin is installed and enabled
 */
function validate(databaseSettings) {
    const pluginName = "server_audit"
    const expectedStatus = "active"
    const currentValue = getServerExtension(databaseSettings, pluginName)

    const success = currentValue && 
                    !isEmpty(currentValue.status) &&
                    currentValue.status.toLowerCase() === expectedStatus

    return {
        success: !!success,
    }
}

// invoke
validate(databaseSettings);