V-235167
Oracle MySQL 8.0 Security Technical Implementation Guide
Title
The MySQL Database Server 8.0 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.
Description
<VulnDiscussion>Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Fix Text (Documentation Requirement)
Disable each prohibited network function, port, protocol, or service prohibited by the PPSM guidance. Change mysql options related to network, ports, and protocols for the server and additionally consider refining further at user account level. To set ports properly, edit the mysql configuration file and change ports or protocol settings. vi my.cnf [mysqld] port=<port value> admin_port=<port value> mysqlx_port=<port value> socket=/path/to/socket To turn off TCP/IP: skip_networking=ON If admin_address is not defined then access via the admin port is disabled. Additionally the X Plugin can be disabled at startup/restart by either setting mysqlx=0 in the MySQL configuration file, or by passing in either "--mysqlx=0" or "--skip-mysqlx" when starting the MySQL server.