MYS8-00-009000 - The MySQL Database Server 8.0 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.

Information

Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Disable each prohibited network function, port, protocol, or service prohibited by the PPSM guidance.

Change mysql options related to network, ports, and protocols for the server and additionally consider refining further at user account level.

To set ports properly, edit the mysql configuration file and change ports or protocol settings.

vi my.cnf
[mysqld]
port=<port value>
admin_port=<port value>
mysqlx_port=<port value>
socket=/path/to/socket

To turn off TCP/IP:

skip_networking=ON

If admin_address is not defined then access via the admin port is disabled.

Additionally the X Plugin can be disabled at startup/restart by either setting mysqlx=0 in the MySQL configuration file, or by passing in either '--mysqlx=0' or '--skip-mysqlx' when starting the MySQL server.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_MySQL_8-0_V2R2_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7(1)(b), CAT|II, CCI|CCI-001762, Rule-ID|SV-235167r961470_rule, STIG-ID|MYS8-00-009000, Vuln-ID|V-235167

Plugin: MySQLDB

Control ID: 5bdf6f585ae1505e78ba9d75123d1d9e34bcf8afaa8c7bb1b94f0e0bb2c55733