Documentation - V-235146

V-235146

Oracle MySQL 8.0 Security Technical Implementation Guide

CAT II

Title

The MySQL Database Server 8.0 must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

Description

<VulnDiscussion>To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable or restrict unused or unnecessary physical and logical ports/protocols/services on information systems. Applications are capable of providing a wide variety of functions and services. Some of the functions and services provided by default may not be necessary to support essential organizationa...

Fix Text (Documentation Requirement)

Disable functions, ports, protocols, and services that are not approved. Change mysql options related to network, ports, and protocols for the server and additionally consider refining further at user account level. vi my.cnf [mysqld] port=<port value> admin_address=<addr> admin_port=<port value> mysqlx_port=<port value> socket={file_name|pipe_name} If admin_address is not defined then access via the admin port is disabled. Additionally the X Plugin can be disabled at startup by either setting mysqlx=0 in the MySQL configuration file, or by passing in either --mysqlx=0 or --skip-mysqlx when starting the MySQL server. Restart mysqld

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel