OS Level Security:

--à Never run the MySQL server as the linux ‘root’ user.Always create the seprate

user for MySQL and start/stop MySQL server with it.

--à If the data directories are located under $mysql home/data dir then make

sure that directory and all subdirectories should have only read and write

privileges for the mysql user.

---à Always secure MySQL log files like binary log,query log,error.log etc.Because

through that anyone can get the information about data,tables etc.

--à Always secure MySQL configuration files.i.e my.cnf.If possible than keep it in

different location rather than /etc (which is default location).

---à Always secure .mysql history file of mysql or any super linux user.Because

that file can contain commands,passwords in palin text.

Accounts and Privileges:

---à Secure mysql root account.There should not be root user account other

than localhost.Remove anonymous account for root.

--àAlways check ‘aborted connects’ status variable.This variable value will be

high when someone will attack on your DB server

---à After installing and start mysql,run mysql_secure_installation script for

setting mysql root password,remove anonymous accounts,remove remote

access and delete access and delete test db.

--à Never allow access to mysql.user table or mysql database to any non-admin

users.

--àDon’t grant SUPER,FILE,and PROCESS privileges to non-admin users.

----àAlways restrict user accounts to only those schemas which they need to.

---à If data is sensitive than consider to use SSL for data communications.

Data and Auditing:

-----à If logic is not complex than use mysql stored procedure/functions/triggeres

to secure your data as it can prevent sql-injection attacks.

---à Always delete “test” database from the production servers.

----àSet appropriate SQL_MODE option to secure your data and keep data

integrity high

----à Always secure DB backup files.

---à Use binary,general query,error log for auditing activity.

MySQL / MariaDB DBA