You can straight forward use below secure installation for mysql after the core installation,
--MySQL secure installation
mysql-secure-installation
You can follow below instructions individually to secure / harden mysql access.
--Set strong password for root user in mysql.
set password for ‘root’@’localhost’ = PASSWORD(‘password’);
flush privileges;
(or)
update mysql.user set authentication_string=PASSWORD('password') where user ='root';
flush privileges;
--Remove anonymous users
delete from mysql.user where user =’’;
flush privileges;
--Start MySQL to disable the use of symbolic links.
--Any user having write access to data directory can disable the symbolic links & can potentially drop the database.
Add symbolic-links=0 in /etc/my.cnf
--Rename the root account in mysql
update mysql.user set user=’dbadmin’ where user=’root’;
--Enable proper logging MySQL as required with following keys in my.cnf
#Recommend to log mysql logs in syslogs
[mysqld_safe]
syslog
#Alternatively you can specify your own path
[mysqld_safe]
log_error=/var/log/mysql/mysql_error.log
[mysqld]
log_error=/var/log/mysql/mysql_error.log
--Remove test database after mysql initial installation.
drop database test;
--Disable TCP/IP connectivity
Add skip-networking in /etc/my.cnf
--MySQL secure installation
mysql-secure-installation
You can follow below instructions individually to secure / harden mysql access.
--Set strong password for root user in mysql.
set password for ‘root’@’localhost’ = PASSWORD(‘password’);
flush privileges;
(or)
update mysql.user set authentication_string=PASSWORD('password') where user ='root';
flush privileges;
--Remove anonymous users
delete from mysql.user where user =’’;
flush privileges;
--Start MySQL to disable the use of symbolic links.
--Any user having write access to data directory can disable the symbolic links & can potentially drop the database.
Add symbolic-links=0 in /etc/my.cnf
--Rename the root account in mysql
update mysql.user set user=’dbadmin’ where user=’root’;
--Enable proper logging MySQL as required with following keys in my.cnf
#Recommend to log mysql logs in syslogs
[mysqld_safe]
syslog
#Alternatively you can specify your own path
[mysqld_safe]
log_error=/var/log/mysql/mysql_error.log
[mysqld]
log_error=/var/log/mysql/mysql_error.log
--Remove test database after mysql initial installation.
drop database test;
--Disable TCP/IP connectivity
Add skip-networking in /etc/my.cnf
No comments:
Post a Comment