MariaDB must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-253734 | SRG-APP-000383-DB-000364 | MADB-10-008100 | SV-253734r961470_rule | 2026-03-02 | 2 |
Description
Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.
ℹ️ Check
Check the ports in use by running the following command as the administrator user:
MariaDB > SHOW GLOBAL VARIABLES LIKE 'port';
If the currently defined port configuration is deemed prohibited, this is a finding.
✔️ Fix
To verify that mariadb system denies specific network functions, locate cnf file and specifically bind ip address to deny (or port):
$ ls -la /etc | grep my.cnf
-rw-r--r--. 1 root root 301 Aug 25 12:45 my.cnf
bind-address = 127.0.0.1 #just an example
To specifically change default port (3306) is something different: port = 1234
bind = 10.10.10.10 #as an example
After making changes to the .cnf file, stop and restart the database service.