MYS8-00-005700 - Unused database components, MySQL Database Server 8.0 software, and database objects must be removed.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions).

It is detrimental for software products to provide, or install by default, functionality exceeding requirements or mission objectives.

Database Management Systems (DBMSs) must adhere to the principles of least functionality by providing only essential capabilities.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Uninstall unused components or features that are installed and can be uninstalled. Remove any database objects and applications that are installed to support them.

After review of installed plugin components uninstall unused plugins. To do this while the server is running using the UNINSTALL PLUGIN; command:

Remove any plugin that is loaded at startup from the my.cnf file.

For example - ddl_rewriter is discovered but are not being used. Follow these removal instructions.
Remove this line from my.cnf:
plugin-load-add=ddl_rewriter.so

Remove any plugin that is not loaded at startup using the --plugin-load parameter from the my.cnf or on the command line.
UNINSTALL PLUGIN <plugin_name>;
UNINSTALL PLUGIN ddl_rewriter;

Remove any component not in use
UNINSTALL COMPONENT component_name [, component_name ] ...;

For example - The audit message emit function is not being called, the component is not needed.
UNINSTALL COMPONENT 'file://component_audit_api_message_emit';

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_MySQL_8-0_V2R1_STIG.zip

Item Details

References: CAT|II, CCI|CCI-000381, Rule-ID|SV-235144r960963_rule, STIG-ID|MYS8-00-005700, Vuln-ID|V-235144

Plugin: MySQLDB

Control ID: f71899a7a8560906885dd82d8e92fc08d38365cc07334be99d2400a8956d64e4