MariaDB must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-253734	SRG-APP-000383-DB-000364	MADB-10-008100	SV-253734r961470_rule	2024-12-05	2

Description
Use of nonsecure network functions, ports, protocols, and services exposes the system to avoidable threats.

ℹ️ Check
Check the ports in use by running the following command as the administrator user: MariaDB > SHOW GLOBAL VARIABLES LIKE 'port'; If the currently defined port configuration is deemed prohibited, this is a finding.

✔️ Fix
To verify that mariadb system denies specific network functions, locate cnf file and specifically bind ip address to deny (or port): $ ls -la /etc \| grep my.cnf -rw-r--r--. 1 root root 301 Aug 25 12:45 my.cnf bind-address = 127.0.0.1 #just an example To specifically change default port (3306) is something different: port = 1234 bind = 10.10.10.10 #as an example After making changes to the .cnf file, stop and restart the database service.

✔️ Fix

To verify that mariadb system denies specific network functions, locate cnf file and specifically bind ip address to deny (or port): $ ls -la /etc | grep my.cnf -rw-r--r--. 1 root root 301 Aug 25 12:45 my.cnf bind-address = 127.0.0.1 #just an example To specifically change default port (3306) is something different: port = 1234 bind = 10.10.10.10 #as an example After making changes to the .cnf file, stop and restart the database service.