This rule checks if a series of relevant security configurations are correctly defined for MySQL server. Specifically:


Must be set to mysql. Run the mysqld server as the user having the name mysql


Must be set to 1. Enable symbolic link support, On Unix, enabling symbolic links means that you can link a MyISAM index file or data file to another directory with the INDEX DIRECTORY or DATA DIRECTORY option of the CREATE TABLE statement.


Must not be set. LOAD DATA, SELECT …​ INTO and LOAD FILE() will only work with files in the specified path. If not set, the default, or set to empty string, the statements will work with any files that can be accessed.


Must be set to 0. Attempts to perform a LOAD DATA LOCAL will fail with an error message.


Must be set to OFF. Only users with the SHOW DATABASES privilege can use the SHOW DATABASES statement to see all database names.


Must not be set (default is OFF). If set to ON gives anyone with access to the server unrestricted access to all databases.


Must be set to OFF. This option controls whether user-defined functions that have only an xxx symbol for the main function can be loaded. By default, the option is off and only UDFs that have at least one auxiliary symbol can be loaded.


Following these recommended security settings will prevent execution of undesired SQL scripts, keep your mysql.user table safe from unauthorized users access, exposing databases to undesired queries, among others.

Most of these configurations are a default for MySQL servers and changing these can compromise your MySQL database as well as the overall server security.

Change the MySQL configuration file to ensure the settings described above are defined as recommended.