MariaDB must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-253734	MADB-10-008100	SV-253734r841727_rule		Medium

Description
Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.

STIG	Date
MariaDB Enterprise 10.x Security Technical Implementation Guide	2022-08-24

Details

Check Text ( C-57186r841725_chk )
Check the ports in use by running the following command as the administrator user: MariaDB > SHOW GLOBAL VARIABLES LIKE 'port'; If the currently defined port configuration is deemed prohibited, this is a finding.

Fix Text (F-57137r841726_fix)
To verify that mariadb system denies specific network functions, locate cnf file and specifically bind ip address to deny (or port): $ ls -la /etc \| grep my.cnf -rw-r--r--. 1 root root 301 Aug 25 12:45 my.cnf bind-address = 127.0.0.1 #just an example To specifically change default port (3306) is something different: port = 1234 bind = 10.10.10.10 #as an example After making changes to the .cnf file, stop and restart the database service.

Fix Text (F-57137r841726_fix)

To verify that mariadb system denies specific network functions, locate cnf file and specifically bind ip address to deny (or port):
$ ls -la /etc | grep my.cnf
-rw-r--r--. 1 root root 301 Aug 25 12:45 my.cnf
bind-address = 127.0.0.1 #just an example

To specifically change default port (3306) is something different: port = 1234
bind = 10.10.10.10 #as an example

After making changes to the .cnf file, stop and restart the database service.