The MySQL Database Server 8.0 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.

An XCCDF Rule

Description

<VulnDiscussion>Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-235167r961470_rule
Severity: Medium
References: CCI-001762
Updated: 17 days ago

Disable each prohibited network function, port, protocol, or service prohibited by the PPSM guidance.

Change mysql options related to network, ports, and protocols for the server and additionally consider refining further at user account level.

To set ports properly, edit the mysql configuration file and change ports or protocol settings.
vi my.cnf
[mysqld]
port=<port value>
admin_port=<port value>
mysqlx_port=<port value>
socket=/path/to/socket

To turn off TCP/IP:

skip_networking=ON

If admin_address is not defined then access via the admin port is disabled. 

Additionally the X Plugin can be disabled at startup/restart by either setting mysqlx=0 in the MySQL configuration file, or by passing in either "--mysqlx=0" or "--skip-mysqlx" when starting the MySQL server.

The MySQL Database Server 8.0 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.

Description

Remediation - Manual Procedure