Review Mojaloop MysQL Database Security Configurations on MPQS Environment

[rasputtintin]

Goal:

As a security officer

I want to review security configurations for deployed databases in MPQS environment using documented baseline standards

so that I can be able to validate compliance with best practice standards

Acceptance Criteria:

• [ ] Document requirements and database inventory
• [x] Run Audit scripts and tools on Mojaloop Databases
• [ ] Analyse findings and generate report

Complexity: Medium - All components of Mojaloop has to be installed

Uncertainty: Low - We have all the help we need within the OSS team to complete this

---

Tasks:

• [x] Document Database inventory [ @rasputtintin ]
• [x] Run security scans [ @rasputtintin ]
• [x] Analyse output and generate report [ @rasputtintin ]
• [x] Analyse user configurations [ @rasputtintin ]

Pull Requests:

• [ ] TBD

Follow-up:

• N/A

Dependencies:

• https://github.com/mojaloop/project/issues/1871

Accountability:

• Owner: @rasputtintin
• QA/Review: @godfreykutumela

[rasputtintin]

Executed audit scripts and security scans on ML databases and am currently analysing the outputs. Scans are informed by CIS standards as well as PCI-DSS for best practice configurations and data protection.

[rasputtintin]

Reviewing initial findings as well as investigating audit logging in Mysql for this week. I note Open Source version of MySQL has limited audit logging capabilities hence we may need a plugin to support.

[godfreykutumela]

Thanks @rasputtintin

[rasputtintin]

Key Findings:

1 - Access control a) No granular access control defined for database users. Enforce CRUD restrictions for different Database users depending on roles (including service accounts)b) Access control - no users with password set to expire.

2 Monitoring and Audit a) Slow query log disabled b) Audit not enabled c) Performance statistics not configured

3 Data Protection Controls a) Tablespace encryption - no at-rest encryption detected b) DB Backup execution - No backup configurations detected (to verify settings exist in AWS) c) No data masking controls detected d) Review binlog configurations for point in time recovery.

4 Secure Configurations a) Any host access - Users can connect from everywhere (central_ledger / monitor / root) b) Dedicated datadir - no dedicated datadir. Ensure 'datadir' is configured and has appropriate permissions c) Password policy - Length + Complexity needs to be optimized d) Local_infile enabled - this needs to be disabled if not used. e) DB Password check - some users have easy passwords (monitor@'%' monitor@'localhost' mysql@'localhost') f) Master_info - store master_info data in a table and not a plaintext file.

Recommendations 1 - Document and configure password policy for database access 2 - Enable audit logging for all databases (may have performance and space impact) 3 - Document user access matrix with CRUD restrictions and least privilege for databases 4 - Explore data masking / encryption solutions (this will help with GDPR-like regulations) 5 - Configure MySQL to store master_info in a table and not plaintext file 6 - configure MySQL to disable local_infile which may allow file uploads to the database server if service is not used. 7 - Restrict MySQL access from any host. Consider using a jump server for user access to sensitive data areas where we can implement monitoring.

See report attached: MPQS MySQL Report.pdf

[godfreykutumela]

Thanks @rasputtintin