1.1 Place Databases on Non-System Partitions


It is generally accepted that host operating systems should include different filesystem partitions for different purposes. One set of filesystems is typically called system partitions, and these are generally reserved for host system/application operation. The other set of filesystems is typically called 'non-system partitions', and such locations are generally reserved for storing data.


Moving the database off the system partition will reduce the probability of denial of service caused by exhaustion of available disk space to the operating system.


Moving database files and directories to a non-system partition may be difficult depending on whether there was only a single partition when the operating system was set up and whether there are additional non-system partitions available.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


Perform the following steps to remediate this setting for the datadir:

Backup the database.

Choose a non-system partition new location for MariaDB data.

Stop mariadbd using a command like: service mariadb stop.

Copy the data using a command like: cp -rp<datadir Value> <new location>.

Set the datadir location to the new location in the MariaDB configuration file.

Start mariadbd using a command like:

service mariadb start

Note: On some Linux distributions you may need to additionally modify apparmor settings. For example, on a Ubuntu 14.04.1 system edit the file /etc/apparmor.d/usr.sbin.mariadbd so that the datadir access is appropriate. The original might look like this:

# Allow data dir access
/var/lib/mysql/ r,
/var/lib/mysql/** rwk,

Alter those two paths to be the new location you chose above. For example, if that new location were /media/mysql, then the /etc/apparmor.d/usr.sbin.mysqld file should include something like this:

# Allow data dir access
/media/mysql/ r,
/media/mysql/** rwk,

Default Value:

Not Applicable.

See Also


Item Details


References: 800-53|SC-4, CSCv7|2.10

Plugin: Unix

Control ID: b9cd77703f83fc73fafe62466e0f06185a059b9f45a4ac0c9fec89dbb3011cf1