How to secure MySQL server

OS Level Security:

--à Never run the MySQL server as the linux ‘root’ user.Always create the seprate   
        user for MySQL and start/stop MySQL server with it.

--à If the data directories are located under $mysql home/data dir then make   
        sure that directory and all subdirectories should have only read and write   
        privileges for the mysql user.

---à Always secure MySQL log files like binary log,query log,error.log etc.Because
         through that anyone can get the information about data,tables etc.

--à Always secure MySQL configuration files.i.e my.cnf.If possible than keep it in
        different location rather than /etc (which is default location).

---à Always secure .mysql history file of mysql or any super linux user.Because
         that file can contain commands,passwords in palin text.

Accounts and Privileges:

---à Secure mysql root account.There should not be root  user account other
         than localhost.Remove anonymous account for root.

--àAlways check ‘aborted connects’ status variable.This variable value will be
       high when someone will attack on your DB server

---à After installing and start mysql,run mysql_secure_installation script for  
         setting mysql root password,remove anonymous accounts,remove remote
         access and delete access and delete test db.

--à Never allow access to mysql.user table or mysql database to any non-admin
        users.

--àDon’t grant SUPER,FILE,and PROCESS privileges to non-admin users.

----àAlways restrict user accounts to only those schemas which they need to.

---à If data is sensitive than consider to use SSL for data communications.

Data and Auditing:

-----à If logic is not complex than use mysql stored procedure/functions/triggeres
            to secure your data as it can prevent sql-injection attacks.

---à Always delete “test” database from the production servers.

----àSet appropriate SQL_MODE option to secure your data and keep data
          integrity high

----à Always secure DB backup files.

---à Use binary,general query,error log for auditing activity.



Comments

Post a Comment

Popular posts from this blog

PostgreSQL Database Version 13.4 To MySQL Database Version 8.0.20 Migration by using SQLines Tool

 PostgreSQL to MySQL  ------------------------ This Document will give details about PostgreSQL to MySQL Database . Environment Details :- --------------------------- Server 1 == Source Database == PostgreSQL Database Version == 13.4 Server 2 == Target Database == MySQL Database Version == 8.0.20 Server 3 == Jump host == Where you will install Sqline and connect to Source DB and Target DB. I have consider 3 EC2 Machines from AWS [ RHEL 8.x ]  postgres-source-server == 172.31.30.141 [ Private Ipaddress ] = EC2 Machine = RHEL 8.4 mysql-target-server    == 172.31.17.136 [ Private Ipaddress ] = EC2 Machine = RHEL 8.4 jump-host              == 172.31.27.241 [ Private Ipaddress ] = EC2 Machine = RHEL 8.4 Step - 1  Install PostgreSQL Database Version in Source Server  Step - 2  Install MySQL Database Verion in Target Server  Step - 3  Install / Setup sqline s/w in Jump host server  Step - 4  Loading sample data in Source Database i.e PostgreSQL Database  Step - 5  Create Super User / Remote u
Read more

RDS MySQL / MariaDB SSL Connection by using Workbench and command line

Image
In this blog , i am going to explain how to connect RDS MySQL With SSL Connections from MySQL Workbench and MySQL / MariaDB client utility by using command line  --> Make sure RDS MySQL / MariaDB instance is ready for usage. Connection Established from MySQL / MariaDB client by using cmd line C:\Program Files\MySQL\MySQL Server 8.0\bin>mysql -u admin -p -h ssl-test-server.cz8z9jo4bowe.us-east-1.rds.amazonaws.com Enter password: ************* Welcome to the MySQL monitor.  Commands end with ; or \g.Your MySQL connection id is 25.Server version: 8.0.23 Source distribution.Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show variables like '%ssl%'; +-------------------------------------+----------------
Read more

Install Mydumper and Myloader Software for Backup of MySQL / MariaDB Databases and Usage of commands

Mydumper and Myloader Installation  ---------------------------------- Comparison of MySQL backup tools: 1. mysqldump: belongs to logical backup, there will be lock tables, but considering that the amount of data is relatively large, the time to lock the tables will be longer, business is not allowed... 2. xtrabackup: It is a physical backup, and there is no lock table, but considering that the two DBs use shared table spaces, and when the database of business B is restored, one is that the time is relatively long, and the other is that the data is definitely incorrect.... 3. mydumper: belongs to logical backup. It is a multi-threaded, high-performance data logical backup and recovery tool, and the lock table time is very short (40G data, within 10 minutes), and it will record binlog file and position at the same time.... Mydumper & Myloader installation in RHEL for MariaDB / MySQL Backups utilities - Third party Tools ---------------------------------------------------------------
Read more