How to secure MySQL server

OS Level Security:

--à Never run the MySQL server as the linux ‘root’ user.Always create the seprate   
        user for MySQL and start/stop MySQL server with it.

--à If the data directories are located under $mysql home/data dir then make   
        sure that directory and all subdirectories should have only read and write   
        privileges for the mysql user.

---à Always secure MySQL log files like binary log,query log,error.log etc.Because
         through that anyone can get the information about data,tables etc.

--à Always secure MySQL configuration files.i.e my.cnf.If possible than keep it in
        different location rather than /etc (which is default location).

---à Always secure .mysql history file of mysql or any super linux user.Because
         that file can contain commands,passwords in palin text.

Accounts and Privileges:

---à Secure mysql root account.There should not be root  user account other
         than localhost.Remove anonymous account for root.

--àAlways check ‘aborted connects’ status variable.This variable value will be
       high when someone will attack on your DB server

---à After installing and start mysql,run mysql_secure_installation script for  
         setting mysql root password,remove anonymous accounts,remove remote
         access and delete access and delete test db.

--à Never allow access to mysql.user table or mysql database to any non-admin
        users.

--àDon’t grant SUPER,FILE,and PROCESS privileges to non-admin users.

----àAlways restrict user accounts to only those schemas which they need to.

---à If data is sensitive than consider to use SSL for data communications.

Data and Auditing:

-----à If logic is not complex than use mysql stored procedure/functions/triggeres
            to secure your data as it can prevent sql-injection attacks.

---à Always delete “test” database from the production servers.

----àSet appropriate SQL_MODE option to secure your data and keep data
          integrity high

----à Always secure DB backup files.

---à Use binary,general query,error log for auditing activity.



Comments

Post a Comment

Popular posts from this blog

PostgreSQL Database Version 13.4 To MySQL Database Version 8.0.20 Migration by using SQLines Tool

 PostgreSQL to MySQL  ------------------------ This Document will give details about PostgreSQL to MySQL Database . Environment Details :- --------------------------- Server 1 == Source Database == PostgreSQL Database Version == 13.4 Server 2 == Target Database == MySQL Database Version == 8.0.20 Server 3 == Jump host == Where you will install Sqline and connect to Source DB and Target DB. I have consider 3 EC2 Machines from AWS [ RHEL 8.x ]  postgres-source-server == 172.31.30.141 [ Private Ipaddress ] = EC2 Machine = RHEL 8.4 mysql-target-server    == 172.31.17.136 [ Private Ipaddress ] = EC2 Machine = RHEL 8.4 jump-host              == 172.31.27.241 [ Private Ipaddress ] = EC2 Machine = RHEL 8.4 Step - 1  Install PostgreSQL Database Version in Source Server  Step - 2  Install MySQL Database Verion in Target Server  Step - 3  Install / Setup sqline s/w in Jump host server  Step - 4  Loading ...
Read more

How to Calculate Bin Log Sizes

Contents Overview . 1 Verify the log_bin Size . 1 Determine the innodb_log_file_size Size . 2 The Output How to Change the innodb_log_file_size . 4 Summary . 5 Overview : This document is intended to help calculate the size of the MySQL innodb_log_file_size.  Getting the correct size can really improve performance. Verify the log_bin Size First you will want to check if log_bin is enabled and the current size of the innodb_log_file_size parameter, either looking at the variables within MySQL or at the physical layer. Within MySQL execute: mysql> show global variables like 'log_bin'; +---------------+-------+ | Variable_name | Value | +---------------+-------+ | log_bin       | ON    | +---------------+-------+ 1 row in set (0.00 sec) mysql> show global variables like 'innodb_log_file_size'; +----------------------+-----------+ | Variable_name   ...
Read more