MySQL & MariaDB
Source: https://espeo.eu/blog/boost-security-mysql-database/
The following default configuration settings should be changed in your installation of MySQL. Note that running the
MariaDB is a fork of MySQL. These instructions may be followed to secure a MariaDB database.
The following default configuration settings should be changed in your installation of MySQL. Note that running the
mysql_secure_installation command to install MySQL will configure some* of these settings for you!MariaDB is a fork of MySQL. These instructions may be followed to secure a MariaDB database.
1) Always run database as a user.
By default, MySQL has only a root user. Running the server through this root user gives the server root privileges. It is best practice to run the server through a user with the minimum necessary permissions. To this end, create a new user via the MySQL shell:
mysql> CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';2) Set unique usernames and passwords for root accounts.
The default installation of MySQL will have a single root user, named 'root', with no password. For obvious reasons, best practice dictates that this account is updated. This can be done via the MySQL shell as follows:
mysql> UPDATE user set user = 'newname' WHERE user = 'root';mysql> ALTER USER 'newname'@'localhost' IDENTIFIED BY 'password';All accounts, including root accounts, should have unique usernames and passwords to make it more difficult for attackers to obtain important credentials.
3) Remove anonymous user accounts.
Technically, MySQL ships with one other user account: an anonymous account with no username or password. This is intended only for testing and is almost certainly unwanted in a live environment. Running the following command in MySQL shell will purge the anonymous user:
mysql> DELETE FROM mysql.user WHERE User='';Updates to the grant tables will not be instantaneous on a live server. To finalize your deletion, run the following command, or else simply restart the server:
mysql> FLUSH PRIVILEGES;4) Don't allow users to read local files.
There is a command in MySQL called
LOAD DATA LOCAL INFILE that allows a malicious user to potentially read any file on the server. By default, users have access to this command, and they shouldn't need it. You can disable the command altogether by inserting the following string into the /etc/my.cnf configuration file, underneath the [mysqld] section:set-variable=local-infile=05) Restrict privilege of the FILE command.
The
FILE command allows privileged users to read and write files on the MySQL server. The best practice is always to restrict a command so that it can only operate on files where absolutely necessary. In the /etc/my.cnf configuration file, setting the secure_file_priv parameter to a specific directory will allow the FILE command to operate only in that directory.secure_file_priv=dir6) Restrict remote access to the database.
For some programs, it will be necessary for users and administrators without direct access to the MySQL server to be able to access the database. There exists a blacklist and whitelist of IP addresses for such remote connections. These can be found at
/etc/hosts.deny and /etc/hosts.allow respectively. For other programs, remote access will not be necessary in any case. For these instances of MySQL, the following line can safely be added to the /etc/my.cnf configuration file, below the section marked [mysqld]:skip-networking7) Limit access to admin accounts.
Verify that each user with root privileges can only be accessed from the local machine. In the
mysql.user table, only localhost should be listed as a host for admin accounts. This table can be easily viewed with the command:mysql> SELECT host, user FROM user;8) Prevent attackers from seeing database names.
If database names are easily visible to an attacker, they are that much easier to infiltrate. Unfortunately, the
SHOW DATABASES command is available to regular users by default. The simplest solution is to disable this functionality altogether by adding the following line to the /etc/my.cnf configuration file, underneath the [mysqld] section:skip-show-database9) Remove the default test database.
There is a database called
test added to MySQL by default that is accessible by all users. This database can and should be removed using the following command in MySQL shell:mysql> DROP DATABASE test;10) Change the default port from 3306.
Using a different port will make it more difficult for attackers to target the database. The port value can be changed in the
my.ini file on the following line:port=330611) Write history to /dev/null.
MySQL stores a plaintext history of commands run in the MySQL shell in the file
.mysql_history. This file serves as a potential security flaw as any password changed via the shell is stored visibly in this file. The best solution is to remove the file, and output any command history to /dev/null. Running the following bash shell commands in the MySQL directory will accomplish this:$ rm ./.mysql_history
$ ln -s /dev/null ./.mysql_history