Information
By default, the MariaDB server accepts TCP/IP connections from MariaDB user accounts on all server host IPv6 and IPv4 interfaces. You can make this configuration more restrictive by setting the bind_address configuration option to a specific IPv4 or IPv6 address so that the server only accepts TCP/IP connections on that address.
Rationale:
Limiting the IP address provides additional controls and restrictions on how client applications can connect to MariaDB. If not configured to a specific IP all IPs for this server can be used to connect to MariaDB.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
For example, to have the MariaDB server only accept connections on a specific IPv4 address, add an entry similar to this under the [mysqld] option group in MariaDB configuration files:
bind_address=192.0.2.24
This setting typically appears in /etc/mysql/mariadb.conf.d/50-server.cnf.
In the case above, clients can connect to the server using --host=192.0.2.24. Connections on other server host addresses are not permitted.
Default Value:
Not set. On some linux variants (Ubuntu, Debian), bind_address is set to 127.0.0.1.