Insecure configurations in databases could be abused by attackers. The Center for Internet Security (CIS) publishes a security benchmark for MySQL, and Nmap can use this to audit the security configurations of MySQL servers.
This recipe shows how to detect insecure configurations in MySQL servers with Nmap.
To detect insecure configurations in MySQL servers, enter the following command:
$ nmap -p3306 --script mysql-audit --script-args 'mysql-audit.username="<username>",mysql-audit.password="<password>",mysql-audit.filename=/usr/local/share/nmap/nselib/data/mysql-cis.audit' <target>
Each control will be reviewed and a legend of PASS
, FAIL
, or REVIEW
will be included in the results, as follows:
PORT STATE SERVICE 3306/tcp open mysql | mysql-audit: | CIS MySQL Benchmarks v1.0.2 | 3.1: Skip symbolic links => PASS | 3.2: Logs not on system partition => PASS ...