Secure your mysql

From mx Help Wiki
Revision as of 20:15, 17 January 2007 by Adeans (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Securing MySQL

(the following instructions were copied almost verbatim from http://www.securityfocus.com/infocus/1726)

Change admin password

Changing the database administrator's password (empty by default). First run MySQL (if it is not already):

chrootuid /chroot/mysql mysql /usr/local/mysql/libexec/mysqld &

and change the administrator's password as follows:

/usr/local/mysql/bin/mysql -u root mysql> SET PASSWORD FOR root@localhost=PASSWORD('new_password');

It is good practice not to change passwords from the command line, for example, by using the "mysqladmin password" command. This is especially important when other users work on the server. In that case the password could be easily revealed, e.g. by using the "ps aux" command or reviewing history files (~/.history, ~/.bash_history etc), when improper access rights are set to them.

Remove default users/db

Next, we must remove the sample database (test) and all accounts except the local root account: 

mysql> drop database test;
mysql> use mysql;
mysql> delete from db;
mysql> delete from user where not (host="localhost" and user="root");
mysql> flush privileges;

This will prevent the database from establishing anonymous connections and -- irrespective of the skip-networking parameter in /chroot/mysql/etc/my.cnf -- remote connections as well.

Retrieved from "http://mx.phenomix.org/index.php?title=Secure_your_mysql&oldid=1681"
Personal tools