MADB-10-008300 - MariaDB must prohibit the use of cached authenticators after an organization-defined time period.

Information

If cached authentication information is out-of-date, the validity of the authentication information may be questionable.

Each connection to the MariaDB database requires the authentication of the user. The authentication remains in place for the connection until the connection is closed or the connection times out due to inactivity.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Verify that the idle_transaction_wait is set to a value greater than 0 or is set to the value needed by the administrator. The value of idle_transaction_wait can be validated by issuing SHOW VARIABLES. Example:

Locate the MariaDB Enterprise Server configuration files in /etc/my.cnf.d/. Add the following:

Under the [mariadb] section:

idle_transaction_timeout = 60

After making changes to the .cnf file, stop and restart the database service.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MariaDB_Enterprise_10-x_V2R1_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(13), CAT|II, CCI|CCI-002007, Rule-ID|SV-253736r961521_rule, STIG-ID|MADB-10-008300, Vuln-ID|V-253736

Plugin: MySQLDB

Control ID: ab87da2187af7f6be466d62d93031c95bd1e621dd47d98f41e124594bfa06ce8