Secure existing MySQL installation

MySQL is a free, easy-to-use database server that supports multiple databases and tables, and allows clients to query them with SQL. This cheat-sheet shows how to secure MySQL in a few simple steps.

First step to secure MySQL is changing the database superuser password, which is empty by default:

Next, remove test database:

and users:

Finally, reload MySQL privilege information to make above changes to take effect:

MySQL config file contains several directives that can help to avoid some types of attacks. Open it and change the following values in [mysqld] section:

bind-address
Make MySQL to listen for TCP/IP connections only locally on the loop-back interface.

local-infile
Prevents against unauthorized reading from local files, useful to avoid SQL injection attacks.

max_user_connections
The maximum number of simultaneous connections allowed for a single user

max_connect_error
Block a host after this many unsuccessful connection attempts. This is especially helpful against a dictionary-based password attack. You can unblock blocked hosts with the FLUSH HOSTS statement.

GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. It works as a proxy and has built-in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL provides MySQL database security solution

• Install and secure LAMP on CentOS
• Several ways to reset MySQL root password
• Drop all tables in MySQL database without recreating them
• Debian LAMP + nginx installation for high-loaded webservers
• Enabling InnoDB storage engine in MySQL
• Monitoring Linux and Windows hosts with SNMP and Cacti
• Backup and restore a single MySQL table