8/16/2023 0 Comments Create database mysql linuxAn attacker who manages to gain access to this history file can easily see any passwords recorded there. Don’t Run MySQL Commands from CommandlineĪs you already know, all commands you type on the terminal are stored in a history file, depending on the shell you are using (for example ~/.bash_history for bash). This can be dangerous, because for any user accounts that you will create, all usernames and passwords typed on the shell will recorded in the history file. # chmod 644 /etc/my.cnfĪll commands you execute on MySQL shell are stored by the mysql client in a history file: ~/.mysql_history. This blocks other users from changing database server configurations. The /etc/my.conf file should only be writeable to root. Set Appropriate Permission on MySQL FilesĮnsure that you have appropriate permissions set for all mysql server files and data directories. You can enable MySQL logging by adding the following variable under the section. Logs are one of the best ways to understand what happens on a server, in case of any attacks, you can easily see any intrusion-related activities from log files. The default port number is 3306 but you can change it under the section as shown. The Port variable sets the MySQL port number that will be used to listen on TCP/ IP connections. bind-address = 127.0.0.1Īs part of security hardening, you need to disable local_infile to prevent access to the underlying filesystem from within MySQL using the following directive under section. # vi /etc/mysql//mysqld.cnf Īdd the following line below under section. You can set it in main configuration file. This configuration will restrict access from remote machines, it tells the MySQL server to only accept connections from within the localhost. remove anonymous-user accounts and test database which by default can be accessed by all users, even anonymous users.Īfter running it, set the root password and answer the series of questions by entering and press.disable remote root user login by removing root accounts that are accessible from outside the local host.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |