Details

Moving the database off the system partition will reduce the probability of denial of service via the exhaustion of available disk space to the operating system.

Solution

Perform the following steps to remediate this setting: Choose a non-system partition new location for the MySQL data Stop mysqld using a command like: service mysql stop Copy the data using a command like: cp -rp Set the datadir location to the new location in the MySQL configuration file Start mysqld using a command like: service mysql start NOTE: On some Linux distributions you may need to additionally modify apparmor settings. For example, on a Ubuntu 14.04.1 system edit the file /etc/apparmor.d/usr.sbin.mysqld so that the datadir access is appropriate. The original might look like this: # Allow data dir access /var/lib/mysql/ r, /var/lib/mysql/** rwk, Alter those two paths to be the new location you chose above. For example, if that new location were /media/mysql, then the /etc/apparmor.d/usr.sbin.mysqld file should include something like this: # Allow data dir access /media/mysql/ r, /media/mysql/** rwk, Impact: Moving the database to a non-system partition may be difficult depending on whether there was only a single partition when the operating system was set up and whether there are additional storage available.

Supportive Information

The following resource is also helpful.

• https://workbench.cisecurity.org/files/1619

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

• 800-53|CM-6b.

Source

• Tenable.com/audits