Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Auditing MySQL databases against the CIS benchmark
From: Patrik Karlsson <patrik () cqure net>
Date: Fri, 17 Jun 2011 08:12:25 +0200


On Jun 12, 2011, at 8:57 PM, Patrik Karlsson wrote:


On Jun 1, 2011, at 11:38 PM, Patrik Karlsson wrote:


On Jun 1, 2011, at 8:24 AM, Vlatko Kosturjak wrote:

On 05/31/2011 10:41 AM, Paulino Calderon wrote:
Hi,

|       3.1: Skip symbolic links => SUCCESS
|       3.2: Logs not on system partition => SUCCESS
|       3.2: Logs not on database partition => SUCCESS
|       4.1: Supported version of MySQL => REVIEW
|       4.5: Change admin account name => FAIL

Nice script!

I would just suggest to have PASS or similar wording instead of SUCCESS
as SUCCESS can lead to confusion (does SUCCESS mean testing was
successful, or success to find the finding or that recommendation is
implemented correctly....)

Kost
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Thanks for the feedback Vlatko.
I've changed to PASS instead of SUCCESS as suggested.
I'm attaching an updated version.

<mysql-audit.nse><mysql-cis.audit>

//Patrik

--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77



If there aren't any objections I would like to commit this script and ruleset.

//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77



Committed as r24077.

//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]