From dshackleford at cisecurity.org Mon May 14 21:19:39 2007 From: dshackleford at cisecurity.org (Dave Shackleford) Date: Mon, 14 May 2007 17:19:39 -0400 Subject: [Mysql-benchmark] *Last Call* for feedback on MySQL Benchmark Message-ID: <120206B6A348CA498C70E738A2E96351179451@Nexus.cisecurity.lan> Hi everyone- Some of you may be scratching your heads, thinking "MySQL? Didn't we cover that one in December?" Well, the answer is "yes". Having gone through the list archives, it seems that the benchmark for MySQL never made it all the way to the final stage of getting published on the CIS Web site and made available to the public. I have included here the final changes made after a conference call on 12/18/2006. Mike Eddington of Leviathan Security has coordinated this benchmark, and I have attached what I believe to be the last version commented on. Final comments made to John Banghart and Mike: ---start comments--- Item 1.6: change nologin to /dev/null Move 1.6 and 1.10 next to each and indicate the version of Windows that the current 1.10 applies to. Mike will research 1.10 to find out more about running as a service and how that compares to Windows 2000. Item 1.7: XXX needs to be replaced with the actual file name. Item 1.3: need to add a reference to external documentation. For all references to "all users", replace with "authorized users only" Item 2.4: re-writte for clarity between and Unix and Windows. Item 4.9 needs to have an action added. Item 4.10: add additional information to account for different types of users and possibly move some to Level 1. ---end comments--- For those of you who have never seen this before, now is your chance to comment on the draft before it goes live! Anyone who was involved in the process previously, it's been some time, and any new feedback you have would be welcomed as well. I will open this up to discussion and final comment/review until next Friday, May 25. After that, we'll consider it a wrap and move on. As always, thanks for being involved. Dave Shackleford Vice President The Center for Internet Security www.cisecurity.org Voice: 770-262-3024 Fax: 770-649-6561 dshackleford at cisecurity.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.cisecurity.org/pipermail/mysql-benchmark/attachments/20070514/0875722d/attachment-0001.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: Center for Internet Security Benchmark for MySQL -- Tool v0.1.doc Type: application/msword Size: 241152 bytes Desc: Center for Internet Security Benchmark for MySQL -- Tool v0.1.doc Url : http://lists.cisecurity.org/pipermail/mysql-benchmark/attachments/20070514/0875722d/attachment-0002.doc -------------- next part -------------- A non-text attachment was scrubbed... Name: Center for Internet Security Benchmark for MySQL v0.13.doc Type: application/msword Size: 195072 bytes Desc: Center for Internet Security Benchmark for MySQL v0.13.doc Url : http://lists.cisecurity.org/pipermail/mysql-benchmark/attachments/20070514/0875722d/attachment-0003.doc From dshackleford at cisecurity.org Mon May 14 22:24:58 2007 From: dshackleford at cisecurity.org (Dave Shackleford) Date: Mon, 14 May 2007 18:24:58 -0400 Subject: [Mysql-benchmark] [Database-benchmark] *Last Call* for feedback on MySQL Benchmark In-Reply-To: <20070514160938.oi2493phzoc0wcw4@mail.leviathansecurity.net> References: <120206B6A348CA498C70E738A2E96351179451@Nexus.cisecurity.lan> <20070514160938.oi2493phzoc0wcw4@mail.leviathansecurity.net> Message-ID: <120206B6A348CA498C70E738A2E96351179453@Nexus.cisecurity.lan> Thanks, Mike. To that end, folks, I would actually really appreciate any "checking logic" you can provide with regard to *how* to check these items. This is something we will be including in all of the benchmarks going forward, versus simply telling people what to do. Please feel free to make edits on this document, as well, as it will inevitably end up in the tools we make available to the public. Some of this is already done, but more eyes=better. Thanks! --Dave PS - Since this is a short review, I will cross-post to both the general DB list as well as the MySQL list. For those of you on the DB list who do *not* use MySQL, please excuse the "noise" for a few days. -----Original Message----- From: database-benchmark-bounces at lists.cisecurity.org [mailto:database-benchmark-bounces at lists.cisecurity.org] On Behalf Of Michael Eddington Sent: Monday, May 14, 2007 6:10 PM To: database-benchmark at lists.cisecurity.org Subject: Re: [Database-benchmark] *Last Call* for feedback on MySQL Benchmark Just an FYI, the "Center for Internet Security Benchmark for MySQL -- Tool v0.1.doc" is intended for internal CIS usage in building the checking tool and does not have the latest content updated outside of information building checks. The other document is the actual benchmark content. Mike Quoting Dave Shackleford : > Hi everyone- > > > > Some of you may be scratching your heads, thinking "MySQL? Didn't we > cover that one in December?" Well, the answer is "yes". Having gone > through the list archives, it seems that the benchmark for MySQL never > made it all the way to the final stage of getting published on the CIS > Web site and made available to the public. > > > > I have included here the final changes made after a conference call on > 12/18/2006. Mike Eddington of Leviathan Security has coordinated this > benchmark, and I have attached what I believe to be the last version > commented on. > > > > Final comments made to John Banghart and Mike: > > > > ---start comments--- > > Item 1.6: change nologin to /dev/null > > > > Move 1.6 and 1.10 next to each and indicate the version of Windows that > the current 1.10 applies to. > > > > Mike will research 1.10 to find out more about running as a service and > how that compares to Windows 2000. > > > > Item 1.7: XXX needs to be replaced with the actual file name. > > > > Item 1.3: need to add a reference to external documentation. > > > > For all references to "all users", replace with "authorized users only" > > > > Item 2.4: re-writte for clarity between and Unix and Windows. > > > > Item 4.9 needs to have an action added. > > > > Item 4.10: add additional information to account for different types of > users and possibly move some to Level 1. > > ---end comments--- > > > > For those of you who have never seen this before, now is your chance to > comment on the draft before it goes live! Anyone who was involved in the > process previously, it's been some time, and any new feedback you have > would be welcomed as well. I will open this up to discussion and final > comment/review until next Friday, May 25. After that, we'll consider it > a wrap and move on. As always, thanks for being involved. > > > > Dave Shackleford > Vice President > The Center for Internet Security > www.cisecurity.org > Voice: 770-262-3024 > Fax: 770-649-6561 > > dshackleford at cisecurity.org > > > > _______________________________________________ Database-benchmark mailing list Database-benchmark at lists.cisecurity.org http://lists.cisecurity.org/mailman/listinfo/database-benchmark From dshackleford at cisecurity.org Fri May 25 14:26:03 2007 From: dshackleford at cisecurity.org (Dave Shackleford) Date: Fri, 25 May 2007 10:26:03 -0400 Subject: [Mysql-benchmark] FW: *Last Call* for feedback on MySQL Benchmark Message-ID: <120206B6A348CA498C70E738A2E96351209BA0@Nexus.cisecurity.lan> Any last comments before the holiday weekend? Thanks everyone! --Dave From: Dave Shackleford Sent: Monday, May 14, 2007 5:12 PM To: 'database-benchmark at lists.cisecurity.org'; 'mysql-benchmark at lists.cisecurity.org' Subject: *Last Call* for feedback on MySQL Benchmark Hi everyone- Some of you may be scratching your heads, thinking "MySQL? Didn't we cover that one in December?" Well, the answer is "yes". Having gone through the list archives, it seems that the benchmark for MySQL never made it all the way to the final stage of getting published on the CIS Web site and made available to the public. I have included here the final changes made after a conference call on 12/18/2006. Mike Eddington of Leviathan Security has coordinated this benchmark, and I have attached what I believe to be the last version commented on. Final comments made to John Banghart and Mike: ---start comments--- Item 1.6: change nologin to /dev/null Move 1.6 and 1.10 next to each and indicate the version of Windows that the current 1.10 applies to. Mike will research 1.10 to find out more about running as a service and how that compares to Windows 2000. Item 1.7: XXX needs to be replaced with the actual file name. Item 1.3: need to add a reference to external documentation. For all references to "all users", replace with "authorized users only" Item 2.4: re-writte for clarity between and Unix and Windows. Item 4.9 needs to have an action added. Item 4.10: add additional information to account for different types of users and possibly move some to Level 1. ---end comments--- For those of you who have never seen this before, now is your chance to comment on the draft before it goes live! Anyone who was involved in the process previously, it's been some time, and any new feedback you have would be welcomed as well. I will open this up to discussion and final comment/review until next Friday, May 25. After that, we'll consider it a wrap and move on. As always, thanks for being involved. Dave Shackleford Vice President The Center for Internet Security www.cisecurity.org Voice: 770-262-3024 Fax: 770-649-6561 dshackleford at cisecurity.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.cisecurity.org/pipermail/mysql-benchmark/attachments/20070525/e1411179/attachment-0001.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: Center for Internet Security Benchmark for MySQL -- Tool v0.1.doc Type: application/msword Size: 241152 bytes Desc: Center for Internet Security Benchmark for MySQL -- Tool v0.1.doc Url : http://lists.cisecurity.org/pipermail/mysql-benchmark/attachments/20070525/e1411179/attachment-0002.doc -------------- next part -------------- A non-text attachment was scrubbed... Name: Center for Internet Security Benchmark for MySQL v0.13.doc Type: application/msword Size: 195072 bytes Desc: Center for Internet Security Benchmark for MySQL v0.13.doc Url : http://lists.cisecurity.org/pipermail/mysql-benchmark/attachments/20070525/e1411179/attachment-0003.doc From dshackleford at cisecurity.org Wed May 30 13:56:19 2007 From: dshackleford at cisecurity.org (Dave Shackleford) Date: Wed, 30 May 2007 09:56:19 -0400 Subject: [Mysql-benchmark] The "All Teams" list for CIS Message-ID: <120206B6A348CA498C70E738A2E96351209C0C@Nexus.cisecurity.lan> Hi folks- I know some of you have commented that you are being automatically subscribed to the "All Teams" list. This name may be a bit misleading, my apologies. This list does *not* mean you will get all list traffic for all lists - this list is solely for CIS to be able to send communications to all list members (of all lists) at one time. If you are subscribed to one of the other CIS lists, you will be added to this list automatically. You will not receive any new or unusual communications from being on this list. If you would like to unsubscribe altogether, please unsubscribe from the individual list(s) that you participate in, and then you will no longer be automatically subscribed to the "All Teams" list again. Thanks, and sorry if this caused confusion, Dave Dave Shackleford Vice President The Center for Internet Security www.cisecurity.org Voice: 770-262-3024 Fax: 770-649-6561 dshackleford at cisecurity.org -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.cisecurity.org/pipermail/mysql-benchmark/attachments/20070530/f1454fbc/attachment.htm