Detecting insecure configurations in MySQL servers
Insecure configurations in databases could be abused by attackers. The Center for Internet Security (CIS) publishes a security benchmark for MySQL, and Nmap can use this benchmark as a base to audit the security configurations of MySQL servers.
This recipe shows how to detect insecure configurations in MySQL servers with Nmap.
How to do it...
To detect insecure configurations in MySQL servers, enter the following command:
$ nmap -p3306 --script mysql-audit --script-args 'mysql- audit.username="<username>",mysql-audit.password="<password>",mysql- audit.filename=/usr/local/share/nmap/nselib/data/mysql-cis.audit' <target>
Each security control of the CIS benchmark will be reviewed and a legend of PASS
, FAIL
, or REVIEW
will be included in the results, as follows:
PORT STATE SERVICE 3306/tcp open   mysql | mysql-audit: |     CIS MySQL...