Secure existing MySQL installation

secure-mysql-installation
MySQL is a free, easy-to-use database server that supports multiple databases and tables, and allows clients to query them with SQL. This cheat-sheet shows how to secure MySQL in a few simple steps.

Change MySQL root password

First step to secure MySQL is changing the database superuser password, which is empty by default:

mysql> UPDATE mysql.user SET Password=PASSWORD('pa$$w0rD') WHERE User='root'; Remove unneeded databases and users

Next, remove test database:

mysql> DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'; mysql> DROP DATABASE test;

and users:

mysql> DELETE FROM mysql.user WHERE User='root' AND Host != 'localhost'; mysql> DELETE FROM mysql.user WHERE user = '';

Finally, reload MySQL privilege information to make above changes to take effect:

mysql> FLUSH PRIVILEGES; Improve local security

MySQL config file contains several directives that can help to avoid some types of attacks. Open it and change the following values in [mysqld] section:

bind-address=127.0.0.1 local-infile=0 # avoid some Denial of Service attacks max_user_connections=256 max_connect_error=4

bind-address
Make MySQL to listen for TCP/IP connections only locally on the loop-back interface.

local-infile
Prevents against unauthorized reading from local files, useful to avoid SQL injection attacks.

max_user_connections
The maximum number of simultaneous connections allowed for a single user

max_connect_error
Block a host after this many unsuccessful connection attempts. This is especially helpful against a dictionary-based password attack. You can unblock blocked hosts with the FLUSH HOSTS statement.

Install a database firewall

GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. It works as a proxy and has built-in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL provides MySQL database security solution

Related Posts:

Sursa
2009-12-17 16:13:28



Comenteaza





Ultimele 25 posturi adăugate

15:28:11Serghei ESENIN: DOUĂ POEME CELEBRE —» Leo Butnaru
12:21:42Maia Sandu, un exemplu de urmat —» un alt blog
10:55:30Când politicienii… – completează cu ce vrei —» apostu
10:30:43Învățăm să fim sănătoși la bibliotecă —» BiblioCity
09:54:50Industrial Dining Room Table —» Andrei Fornea
09:50:09Frightening Frequencies: The Dangers of 5G —» ajna-blogging-press
09:46:53Moldtelecom, cind ați făcut ultima inventariere? —» Curaj.TV | Media alternativă
09:28:01Viața la feminin - Cincizeci plus. Mama —» Frinturi din suflet de femeie
08:57:21Mobelprogramm Uno —» Andrei Fornea
08:47:33Faceți cunoștință: ion cebanu, un liberast pitecantrop ancorat în Evul Mediu —» un alt blog
08:32:47Acordul La minor | Lecții de chitară —» Moldova Creștină
08:09:21Vinde marfa expirata cu mucegai vizavi de Judecatorie, Politie si Camera de Comert —» Curaj.TV | Media alternativă
05:39:29BALAURI/ DRAGONES* —» Andrei LANGA. Blogul personal
23:16:33Dark Red Wine Bread —» ajna-blogging-press
23:04:51Ce a promis directorul retelelor electrice Edinet pentru Zabriceni si Onesti —» Curaj.TV | Media alternativă
19:35:46Cercetare și tradiții —» Biblioteca de Arte 'Tudor Arghezi'
19:34:54©️ Aproape 💙 —» Licurici de suflet
18:53:04Mors de rachitele (merisoare) —» Bucataria Talinei - condimentat cu dragoste
17:35:33Despre încălzirea globală și alte pericole #palavre —» Curaj.TV | Media alternativă
17:04:19Vești bune pentru moldovenii din Italia: Din 10 ianuarie 2020 vor putea să convertească permisele de conducere —» Elena Robu
16:37:03MAEIE face precizări referitoare la autocarul cu cetățeni moldoveni reținuți în Olanda —» Elena Robu
13:59:15Teatrul Țăndărică din București vine la Chișinău! Hai cu noi la spectacolul „Motanul Încălțat”! —» Sunt MAMĂ!
11:58:45Toate Evele mele —» Frinturi din suflet de femeie
10:38:38Culioșelele —» apostu
09:17:23Autocar cu 65 de moldoveni, reținut în Olanda —» Elena Robu