Press "Enter" to skip to content

How to secure your mysql server installation

Eslam Salem 0

Mysql Server is the most popular database in the planet , its stable and free and well documents and has a wide support in the community, but what about its security , the database by default is kinda secure but needs some configurations to ensure that its safe

we will begin by installing it in fresh server

Ubuntu:

sudo apt-get install mysql-server

Centos:

 

sudo yum install mysql-server
/etc/init.d/mysqld start


Then

the second thing to do is to run ” mysql_secure_installation” script which is come with mysql

 

mysql_secure_installation

This setup will take you through a series of steps.

First, you’ll need to enter the root password to connect to your database.
The first question will ask if you want to change the root password, but because you just set it, enter n for no.
Then it will ask you as series of questions if you want to remove anonymous users or not and remove information table or not, press ENTER to accept the default response.

The configuration file for MySQL is called “my.cnf” that is located in the “/etc/mysql/” or “/etc/”.

 

cd /etc/mysql/
sudo nano my.cnf

search for bind-address and make sure the ip is set to your local loopback network device which is “127.0.0.1”

bind-address = 127.0.0.1

this make sure that mysql will not accpet any remote connection from other ips

In the same file we will add one more line to disable the ability to load local files, which is some time used in advanced sql-injection

 

local-infile=0

 

mysql security recommendations:-

there is some security recommendations for mysql we will go through them quickly
1- change root username

in mysql console type

 

rename user 'root'@'localhost' to 'newAdminUser'@'localhost';

then

 

FLUSH PRIVILEGES;

note: you can access mysql console by typing mysql -u USERNAME -p the hit ENTER and enter your password and hit ENTER again

2- use different user with every database with limited privileges

when you create a new database

 

create database ExampleDB;

 

create a new user for it

 

CREATE USER 'exampleuser'@'localhost' IDENTIFIED BY 'password';

and grant the new user privileges on the new database

 

GRANT SELECT,UPDATE,DELETE ON ExampleDB.* TO 'exampleuser'@'localhost';

 

and then

 

FLUSH PRIVILEGES;

 

now the user exampleuser has only select and update and delete permissions on the database ExampleDB , so we ensure even if this account is hacked no other databases will be damaged

finally dont use any installation by default always look for tuning or security hints because every default installation be general to work in every situation, so customized it and secure it.

Leave a Reply

Your email address will not be published. Required fields are marked *