Hardening MySQL with “mysql_secure_installation” on Linux Boxes October 25, 2012Posted by Tournas Dimitrios in Linux, Mysql.
A default Linux MySQL installation isn’t secure , for instance , the root-user has no password defined (meaning blank ) , so anyone can connect to the MySQL server as root without a password and be granted all privileges . A new MySQL installation has also an anonymous user , allowing anyone to log into the database without having to have a user account created for them (this is intended only for testing , and to make the installation go a bit smoother) . Another example , the default MySQL installation comes with a database named “test” that anyone can access . This is also intended only for testing , and should be removed before moving into a production environment . The official MySQL documentation has an excellent list of improvements that an administrator has to follow for securing a default installation . Linux admins are once again lucky , the default MySQL server installation has a script (“mysql_secure_installation “) ,it is accessible from a terminal as root user (either using sudo or su -) . The following list is the six-step interactive procedure of the command :
- Firstly , it will ask of MySQL’s password (just press “enter”)
- [Set the root password ? Y/n] . Press “Y” and set your password (for confirmation , you’ll be asked to set it again)
- [Remove anonymous user ? Y/n] . Press “Y”
- [Disallow remote login? Y/n] . Press “Y”
- [Remove test database ? Y/n] . Press “Y”
- [Reload privilege table ? Y/n] . Pres “Y” .
I probably don’t need to say this , but just in case : Security is our top priority .
Keep yourself healthy and happy coding 🙂 .