MariaDB must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.

An XCCDF Rule

Description

<VulnDiscussion>Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-253734r961470_rule
Severity: Medium
References: CCI-001762
Updated: 17 days ago

To verify that mariadb system denies specific network functions, locate cnf file and specifically bind ip address to deny (or port):
        $ ls -la /etc | grep my.cnf
-rw-r--r--.   1 root root      301 Aug 25 12:45 my.cnf
      bind-address = 127.0.0.1 #just an example
   
To specifically change default port (3306) is something different:  port = 1234bind = 10.10.10.10      #as an example 

After making changes to the .cnf file, stop and restart the database service.

MariaDB must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.

Description

Remediation - Manual Procedure