Title

MariaDB must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance. (Cat II impact)

Discussion

Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.

Check Content

Check the ports in use by running the following command as the administrator user: MariaDB > SHOW GLOBAL VARIABLES LIKE 'port'; If the currently defined port configuration is deemed prohibited, this is a finding.

Fix Text

To verify that mariadb system denies specific network functions, locate cnf file and specifically bind ip address to deny (or port): $ ls -la /etc | grep my.cnf -rw-r--r--.   1 root root      301 Aug 25 12:45 my.cnf bind-address = 127.0.0.1 #just an example To specifically change default port (3306) is something different: port = 1234 bind = 10.10.10.10 #as an example After making changes to the .cnf file, stop and restart the database service.

Additional Identifiers

Rule ID: SV-253734r879756_rule

Vulnerability ID: V-253734

Group Title: SRG-APP-000383-DB-000364

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.