Details
It is recommended that MySQL Server software be installed on a dedicated server. This architectural consideration affords flexibility in that the database server can be placed on a separate zone allowing access only from particular hosts and over particular protocols.
Rationale:
The attack surface is reduced on a server with only the underlying operating system, MySQL server software, and any security or operational tooling that may be additionally installed. A smaller attack surface reduces the probability of the data within MySQL being compromised.
Impact:
Care must be taken that applications or services that are required for proper operation of the operating system are not removed.
Custom applications may need to be modified to accommodate database connections over the network rather than on the use (e.g., using TCP/IP connections).
Additional hardware and operating system licenses may be required to make the architectural change.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Remove excess applications or services and/or remove unnecessary roles from the underlying operating system.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.