Set Up MariaDB Authentication

Each MariaDB record identifies account login credentials, database information and target hosts (IPs).

This record type is only available in accounts with PC or SCA and is only supported for compliance scans.

Which technologies are supported?

For the most current list of supported authentication technologies and the versions that have been certified for VM and PC by record type, please refer to the following article: 

Authentication Technologies Matrix

 

- Go to Scans > Authentication.

- Check that you already have a record defined for each host running database instances.

- Create a MariaDB record for the database instance. Go to New > Databases > MariaDB.

Enter the user name to be used for authentication to MariaDB server.

A list of FQDNs for the hosts that correspond to all host IP addresses on which a custom SSL certificate signed by a trusted root CA is installed. Multiple hosts are comma separated.

Select to perform a complete SSL certificate validation. This option is only valid for servers that support SSL.

- If unchecked (the default), Qualys scanners authenticate with MariaDB servers that don't use SSL and MariaDB servers that use SSL. However, in the SSL case, the server SSL certificate verification is skipped.

- If checked, Qualys scanners will only send a login request after verifying that a connection to MariaDB server uses SSL, the server SSL certificate is valid and matches the scanned host.

Your server may require certificate authentication in order to establish an SSL connection. In this case, enter the client certificate (PEM-encoded X.509 certificate) and client key (PEM-encoded X.509 RSA private key).

Tell us the database name to authenticate to and the port the database is running on. We provide default settings for both but these may be customized.

Access to the MariaDB configuration file is required to run certain checks. For authentication to Windows hosts, enter the Windows file. For authentication to Unix hosts, enter the Unix file. You may enter one or both.

We support integration with multiple third party password vaults. Just go to Scans > Authentication > Vaults and tell us about your vault system. Then choose Authentication Vault in your record and select your vault name. At scan time, we'll authenticate to hosts using the account name in your record and the password we find in your vault.

Select the IP addresses for the MariaDB databases that the scanning engine should log into using the specified credentials.

When a Unit Manager edits a record, the Unit Manager only sees the IPs in the record that they have permission to. Any changes made by the Unit Manager to the record settings will apply to all hosts defined in the record, regardless of whether all hosts belong to the user's business unit. The record may contain more IPs that are not visible to the Unit Manager.

 

Quick Links

Why use host authentication

Vault Support Matrix

Setup for MariaDB Auth Zip File Icon