1.1 Place Databases on Non-System Partitions

Information

Moving the database off the system partition will reduce the probability of denial of service via the exhaustion of available disk space to the operating system.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Perform the following steps to remediate this setting: Choose a non-system partition new location for the MySQL data Stop mysqld using a command like: service mysql stop Copy the data using a command like: cp -rp <datadir Value> <new location> Set the datadir location to the new location in the MySQL configuration file Start mysqld using a command like: service mysql start NOTE: On some Linux distributions you may need to additionally modify apparmor settings. For example, on a Ubuntu 14.04.1 system edit the file /etc/apparmor.d/usr.sbin.mysqld so that the datadir access is appropriate. The original might look like this: # Allow data dir access /var/lib/mysql/ r, /var/lib/mysql/** rwk, Alter those two paths to be the new location you chose above. For example, if that new location were /media/mysql, then the /etc/apparmor.d/usr.sbin.mysqld file should include something like this: # Allow data dir access /media/mysql/ r, /media/mysql/** rwk, Impact: Moving the database to a non-system partition may be difficult depending on whether there was only a single partition when the operating system was set up and whether there are additional storage available.

See Also

https://workbench.cisecurity.org/files/1619

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b.

Plugin: Unix

Control ID: 971badc0903872a3a7849b927cf57bf3aeff647b17ac0b50182865c234638226