Just a thought for the fantastic CSF server security check
Maybe scan my.cnf and if "skip-networking" doesn't appear at the start of a line, suggest that if they do not require external mysql access to add that line?
I would bet 90% of whm/cpanel installs do not use anything except local sockets so no sense in having a security hole by having mysql listen to tcp.
suggestion for check server security: my.cnf skip-networking
Re: suggestion for check server security: my.cnf skip-networ
You would still want to have MySQL listen on TCP or remote access to the MySQL server