MADB-10-008100 - MariaDB must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.

Information

Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

To verify that mariadb system denies specific network functions, locate cnf file and specifically bind ip address to deny (or port):
$ ls -la /etc | grep my.cnf
-rw-r--r--. 1 root root 301 Aug 25 12:45 my.cnf
bind-address = 127.0.0.1 #just an example

To specifically change default port (3306) is something different: port = 1234
bind = 10.10.10.10 #as an example

After making changes to the .cnf file, stop and restart the database service.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MariaDB_Enterprise_10-x_V2R2_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(1)(b), CAT|II, CCI|CCI-001762, Rule-ID|SV-253734r961470_rule, STIG-ID|MADB-10-008100, Vuln-ID|V-253734

Plugin: MySQLDB

Control ID: 148d3d8e9d58a23c17eb4a814fd8c8590abe852108389eb0dbdbcea65567cce4