MariaDB must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-253734 | MADB-10-008100 | SV-253734r961470_rule | CCI-001762 | medium |
| Description | ||||
| Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats. | ||||
| STIG | Date | |||
| MariaDB Enterprise 10.x Security Technical Implementation Guide | 2024-12-05 | |||
Details
Check Text (C-253734r961470_chk)
Check the ports in use by running the following command as the administrator user:
MariaDB > SHOW GLOBAL VARIABLES LIKE 'port';
If the currently defined port configuration is deemed prohibited, this is a finding.
Fix Text (F-57137r841726_fix)
To verify that mariadb system denies specific network functions, locate cnf file and specifically bind ip address to deny (or port):
$ ls -la /etc | grep my.cnf
-rw-r--r--. 1 root root 301 Aug 25 12:45 my.cnf
bind-address = 127.0.0.1 #just an example
To specifically change default port (3306) is something different: port = 1234
bind = 10.10.10.10 #as an example
After making changes to the .cnf file, stop and restart the database service.