v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/azure_compliance
Overview
13Dashboards
1311Controls
430Queries
2Variables
GitHub

Control: 4.4.3 Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server

Description

Enable audit_log_enabled on MySQL Servers

Enabling audit_log_enabled helps MySQL Database to log items such as connection attempts to the server, DDL/DML access, and more. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.

Remediation

From Azure Portal

  1. Login to Azure Portal using https://portal.azure.com
  2. Select your Azure Database for MySQL server
  3. For each database, under the Settings section in the sidebar, select Server parameters
  4. Update the audit_log_enabled parameter to ON
  5. Under the Monitoring section in the sidebar, select Diagnostic settings.
  6. Provide a diagnostic setting name
  7. Specify which data sinks to send the audit logs (storage account, event hub, and/or Log Analytic workspace)
  8. Select "MySqlAuditLogs" as the log type
  9. Once you've configured the data sinks to pipe the audit logs to, you can click Save
  10. Access the audit logs by exploring them in the data sinks you configured. It may take up to 10 minutes for the logs to appear

Default Value

By default audit_log_enabled is set to OFF by default.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v150_4_4_3

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v150_4_4_3 --share

SQL

This control uses a named query:

mysql_server_audit_logging_enabled

Tags

category = Compliance
cis = true
cis_item_id = 4.4.3
cis_level = 2
cis_section_id = 4.4
cis_type = manual
cis_version = v1.5.0
plugin = azure
service = Azure/MySQL