May 2017
Intermediate to advanced
416 pages
21h 33m
English
If your MySQL server has administrative accounts other than root and debian-sys-maint, you should locate the following line in <nmap_path>/nselib/data/mysql-cis.audit and add them to set up the script:
local ADMIN_ACCOUNTS={"root", "debian-sys-maint". "web"}
Remember that you can write your own rules in a separate file and use the script argument mysql-audit.fingerprintfile to reference this. Audit rules look something like the following:
test { id="3.1", desc="Skip symbolic links", sql="SHOW variables WHERE Variable_name = 'log_error' AND Value IS NOT NULL", check=function(rowstab) return { status = not(isEmpty(rowstab[1])) } end }
MySQL servers may run on a nonstandard port. Use Nmap's service detection (-sV) and set ...
Read now
Unlock full access