Check: MADB-10-008100
MariaDB Enterprise 10.x STIG:
MADB-10-008100
(in versions v2 r2 through v1 r2)
Title
MariaDB must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance. (Cat II impact)
Discussion
Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.
Check Content
Check the ports in use by running the following command as the administrator user: MariaDB > SHOW GLOBAL VARIABLES LIKE 'port'; If the currently defined port configuration is deemed prohibited, this is a finding.
Fix Text
To verify that mariadb system denies specific network functions, locate cnf file and specifically bind ip address to deny (or port): $ ls -la /etc | grep my.cnf -rw-r--r--. 1 root root 301 Aug 25 12:45 my.cnf bind-address = 127.0.0.1 #just an example To specifically change default port (3306) is something different: port = 1234 bind = 10.10.10.10 #as an example After making changes to the .cnf file, stop and restart the database service.
Additional Identifiers
Rule ID: SV-253734r961470_rule
Vulnerability ID: V-253734
Group Title: SRG-APP-000383-DB-000364
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001762 |
Disable or remove organization-defined functions, ports, protocols, software, and services within the system deemed to be unnecessary and/or nonsecure. |
Controls
Number | Title |
---|---|
CM-7(1) |
Periodic Review |