How to Install and Securing MySQL Database Server on CentOS 6.3

This post will covers the steps to install and securing MySQL Database Server. MySQL server is a database server that can stores and retrieves data for the blog, websites and applications. It is one of the most popular most used in the internet especially for content management and blogging site. MySQL is a Relational Database Management System (RDBMS) that runs as a server providing multi-user access to a number of databases. For more information on MySQL, you can visit their website at www.mysql.com.

Prerequisites :
How to Setup and Configure Yum Repository from CD-ROM/DVD-ROM image on CentOS 6.3

1. Install MySQL Database Server using yum command :

[root@centos63 ~]# yum install mysql mysql-server -y

Examples :

[root@centos63 ~]# yum install mysql mysql-server -y
Loaded plugins: fastestmirror, presto
Loading mirror speeds from cached hostfile
 * base: mirrors.hostemo.com
 * extras: mirrors.hostemo.com
 * updates: mirrors.hostemo.com
CentOS6.3-Repository                                                         | 4.0 kB     00:00 ...
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mysql.i686 0:5.1.61-4.el6 will be installed
--> Processing Dependency: mysql-libs = 5.1.61-4.el6 for package: mysql-5.1.61-4.el6.i686
--> Processing Dependency: libmysqlclient_r.so.16(libmysqlclient_16) for package: mysql-5.1.61-4.el6.i686
--> Processing Dependency: libmysqlclient_r.so.16 for package: mysql-5.1.61-4.el6.i686
--> Processing Dependency: libmysqlclient.so.16(libmysqlclient_16) for package: mysql-5.1.61-4.el6.i686
--> Processing Dependency: libmysqlclient.so.16 for package: mysql-5.1.61-4.el6.i686
---> Package mysql-server.i686 0:5.1.61-4.el6 will be installed
--> Processing Dependency: perl-DBI for package: mysql-server-5.1.61-4.el6.i686
--> Processing Dependency: perl-DBD-MySQL for package: mysql-server-5.1.61-4.el6.i686
--> Processing Dependency: perl(DBI) for package: mysql-server-5.1.61-4.el6.i686
--> Running transaction check
---> Package mysql-libs.i686 0:5.1.61-4.el6 will be installed
---> Package perl-DBD-MySQL.i686 0:4.013-3.el6 will be installed
---> Package perl-DBI.i686 0:1.609-4.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                 Arch          Version                  Repository                     Size
====================================================================================================
Installing:
 mysql                   i686          5.1.61-4.el6             CentOS6.3-Repository          892 k
 mysql-server            i686          5.1.61-4.el6             CentOS6.3-Repository          8.8 M
Installing for dependencies:
 mysql-libs              i686          5.1.61-4.el6             CentOS6.3-Repository          1.2 M
 perl-DBD-MySQL          i686          4.013-3.el6              CentOS6.3-Repository          134 k
 perl-DBI                i686          1.609-4.el6              CentOS6.3-Repository          705 k

Transaction Summary
====================================================================================================
Install       5 Package(s)

Total download size: 12 M
Installed size: 33 M
Downloading Packages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download: 12 M
----------------------------------------------------------------------------------------------------
Total                                                                22 MB/s |  12 MB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : mysql-libs-5.1.61-4.el6.i686                                                     1/5
  Installing : perl-DBI-1.609-4.el6.i686                                                        2/5
  Installing : perl-DBD-MySQL-4.013-3.el6.i686                                                  3/5
  Installing : mysql-5.1.61-4.el6.i686                                                          4/5
  Installing : mysql-server-5.1.61-4.el6.i686                                                   5/5
  Verifying  : mysql-server-5.1.61-4.el6.i686                                                   1/5
  Verifying  : perl-DBD-MySQL-4.013-3.el6.i686                                                  2/5
  Verifying  : perl-DBI-1.609-4.el6.i686                                                        3/5
  Verifying  : mysql-5.1.61-4.el6.i686                                                          4/5
  Verifying  : mysql-libs-5.1.61-4.el6.i686                                                     5/5

Installed:
  mysql.i686 0:5.1.61-4.el6                     mysql-server.i686 0:5.1.61-4.el6

Dependency Installed:
  mysql-libs.i686 0:5.1.61-4.el6   perl-DBD-MySQL.i686 0:4.013-3.el6   perl-DBI.i686 0:1.609-4.el6

Complete!

2. Start MySQL Database Server :

[root@centos63 ~]# /etc/init.d/mysqld start

or

[root@centos63 ~]# service mysqld start

Examples :

Starting MySQL for first time will returned like this :

[root@centos63 ~]# /etc/init.d/mysqld start
Initializing MySQL database:  WARNING: The host 'centos63.ehowstuff.local' could not be looked up with resolveip.
This probably means that your libc libraries are not 100 % compatible
with this binary MySQL version. The MySQL daemon, mysqld, should work
normally with the exception that host name resolving will not work.
This means that you should use IP addresses instead of hostnames
when specifying MySQL privileges !
Installing MySQL system tables...
OK
Filling help tables...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h centos63.ehowstuff.local password 'new-password'

Alternatively you can run:
/usr/bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.pl

Please report any problems with the /usr/bin/mysqlbug script!

                                                           [  OK  ]
Starting mysqld:                                           [  OK  ]

3. Make MySQL Database Server auto start at boot :

[root@centos63 ~]# chkconfig mysqld on

4. Securing MySQL Database Server :

[root@centos63 ~]# /usr/bin/mysql_secure_installation

Examples :

[root@centos63 ~]# /usr/bin/mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!


5. Login to MySQL Server :

[root@centos63 ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 5.1.61 Source distribution

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

How to Securing MySQL Database Server on CentOS 5.8

In this post, i will show the quick steps to securing MySQL database server on linux CentOS 5.8. On fresh MySQL server installation, MySQL root password does not set and anonymous user also allowed to enter your database. This is very insecure and danger for sensitive data. To start securing your MySQL, simply run this command. This post assumed that you have installed MySQL server.

[root@centos58 ~]# /usr/bin/mysql_secure_installation

Examples :

[root@centos58 ~]# /usr/bin/mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!


Login to mysql server :

[root@centos58 ~]# mysql -u root -p
Enter password:

How to show user info on mysql :

mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select user,host,password from user;
+------+-------------------------+------------------+
| user | host                    | password         |
+------+-------------------------+------------------+
| root | localhost               | 5d2e19393cc5ef67 |
| root | centos58.ehowtuff.local | 5d2e19393cc5ef67 |
| root | 127.0.0.1               | 5d2e19393cc5ef67 |
+------+-------------------------+------------------+
3 rows in set (0.00 sec)

Alternatively, you can run the following command :

mysql> select user,host,password from mysql.user;
+------+-------------------------+------------------+
| user | host                    | password         |
+------+-------------------------+------------------+
| root | localhost               | 5d2e19393cc5ef67 |
| root | centos58.ehowtuff.local | 5d2e19393cc5ef67 |
| root | 127.0.0.1               | 5d2e19393cc5ef67 |
+------+-------------------------+------------------+
3 rows in set (0.00 sec)

How to Configure MySQL Database Server on Fedora 16

On previous post (Install MySQL) i already shows how to install MySQL server on Fedora 16. MySQL server is a popular choice of database server that can stores and retrieves data for the blog, websites and applications. MySQL is a Relational Database Management System (RDBMS) that runs as a server providing multi-user access to a number of databases. For more information on MySQL, you can visit their website at www.mysql.com. This post will show you how to configure MySQL server on linux Fedora 16 server. This post assumed that you have set up local yum repository using your DVDROM and had installed minimal installation type Fedora 16.

1. How to configure mysql service run at boot on Fedora 16 :
To ensure that the mysql service run automatically at boot, please run this command :

[root@fedora16 ~]# systemctl enable mysqld.service

Example :

[root@fedora16 ~]# systemctl enable mysqld.service
ln -s '/lib/systemd/system/mysqld.service' '/etc/systemd/system/multi-user.target.wants/mysqld.service'

If you run chkconfig command, it will also return the same result as above :

[root@fedora16 ~]# chkconfig --levels 235 mysqld on
Note: Forwarding request to 'systemctl enable mysqld.service'.

or

[root@fedora16 ~]# chkconfig mysqld on
Note: Forwarding request to 'systemctl enable mysqld.service'.

2. How to start mysql service on Fedora 16 :

[root@fedora16 ~]# systemctl start mysqld.service

3. How to stop mysql service on Fedora 16 :

[root@fedora16 ~]# systemctl stop mysqld.service

4. How to restart mysql service on Fedora 16 :

[root@fedora16 ~]# systemctl restart mysqld.service

5. Configure basic security for MySQL server on Fedora 16.
As a root, simply run the following command :

[root@fedora16 ~]# mysql_secure_installation

Above command will perform the following task for you to ensure your MySQL server apply the basic security :
a) Set root password
b) Remove anonymous users
c) Disallow root login remotely
d) Remove test database and access to it
e) Reload privilege tables now

Examples :

[root@fedora16 ~]# mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

How to Secure MySQL Database Server

A Default MySQL installation is completely vulnerable to attacks. MySQL installation should be made as secure as possible. This is to protect the data collections and the information maintained by the MySQL server from unauthorized or anonymous access. In This post, i will share with you on how to secure your database server with the simple configuration and wizard.

Default and unsecured MySQL database:

    mysql> select user,host,password from mysql.user;
    +------+-----------+------------------+
    | user | host      | password         |
    +------+-----------+------------------+
    | root | localhost |                  |
    | root | CentOS57  |                  |
    | root | 127.0.0.1 |                  |
    |      | localhost |                  |
    |      | CentOS57  |                  |
    +------+-----------+------------------+
    5 rows in set (0.00 sec)
    

root password has not been set and anonymous user can access this MySQL server.

Simply run this command to secure MySQL server:

    [root@CentOS57 ~]# /usr/bin/mysql_secure_installation
    
    [root@CentOS57 ~]# /usr/bin/mysql_secure_installation
    
    
    
    
    NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
          SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
    
    
    In order to log into MySQL to secure it, we'll need the current
    password for the root user.  If you've just installed MySQL, and
    you haven't set the root password yet, the password will be blank,
    so you should just press enter here.
    
    Enter current password for root (enter for none):
    OK, successfully used password, moving on...
    
    Setting the root password ensures that nobody can log into the MySQL
    root user without the proper authorisation.
    
    Set root password? [Y/n] y
    New password:
    Re-enter new password:
    Password updated successfully!
    Reloading privilege tables..
     ... Success!
    
    
    By default, a MySQL installation has an anonymous user, allowing anyone
    to log into MySQL without having to have a user account created for
    them.  This is intended only for testing, and to make the installation
    go a bit smoother.  You should remove them before moving into a
    production environment.
    
    Remove anonymous users? [Y/n] y
     ... Success!
    
    Normally, root should only be allowed to connect from 'localhost'.  This
    ensures that someone cannot guess at the root password from the network.
    
    Disallow root login remotely? [Y/n] n
     ... skipping.
    
    By default, MySQL comes with a database named 'test' that anyone can
    access.  This is also intended only for testing, and should be removed
    before moving into a production environment.
    
    Remove test database and access to it? [Y/n] n
     ... skipping.
    
    Reloading the privilege tables will ensure that all changes made so far
    will take effect immediately.
    
    Reload privilege tables now? [Y/n] y
     ... Success!
    
    Cleaning up...
    
    
    
    All done!  If you've completed all of the above steps, your MySQL
    installation should now be secure.
    
    Thanks for using MySQL!
    

Secure MySQL database :

    mysql> select user,host,password from mysql.user;
    +------+-----------+------------------+
    | user | host      | password         |
    +------+-----------+------------------+
    | root | localhost | 5d2e19393cc5ef67 |
    | root | CentOS57  | 5d2e19393cc5ef67 |
    | root | 127.0.0.1 | 5d2e19393cc5ef67 |
    +------+-----------+------------------+
    3 rows in set (0.00 sec)
    

Above steps is not the complete solutions to secure your production MySQL server. It just only basics how-to steps from my own experiences. I highly recommend you to read through the following article:
http://dev.mysql.com/doc/refman/5.0/en/security.html
http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html

How to Delete Anonymous Users From MySQL on CentOS 6.2

MySQL installation has a default “root” user with a blank password and an “anonymous” user, also with a blank password. This is very unsecured and not recommended. In order to protect your data, the “root” user should be set with a password and the anonymous user should be delete. In this post, i will show on how to delete Anynymous users from MySQL. Please take a look of this post if you want to “set root password for MySQL

    [root@centos6 ~]# mysql -u root -p
    Enter password:
    Welcome to the MySQL monitor.  Commands end with ; or \g.
    Your MySQL connection id is 150
    Server version: 5.1.52 Source distribution
    
    Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
    This software comes with ABSOLUTELY NO WARRANTY. This is free software,
    and you are welcome to modify and redistribute it under the GPL v2 license
    
    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
    
    mysql> select user,host,password from mysql.user;
    +---------------+-----------+-------------------------------------------+
    | user          | host      | password                                  |
    +---------------+-----------+-------------------------------------------+
    | root          | localhost |                                           |
    | root          | centos6.2 |                                           |
    | root          | 127.0.0.1 |                                           |
    |               | localhost |                                           |
    |               | centos6.2 |                                           |
    +---------------+-----------+-------------------------------------------+
    7 rows in set (0.00 sec)
    
    mysql> delete from mysql.user where user='';
    Query OK, 2 rows affected (0.00 sec)
    
    mysql> select user,host,password from mysql.user;
    +---------------+-----------+-------------------------------------------+
    | user          | host      | password                                  |
    +---------------+-----------+-------------------------------------------+
    | root          | localhost |                                           |
    | root          | centos6.2 | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
    | root          | 127.0.0.1 | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
    +---------------+-----------+-------------------------------------------+
    5 rows in set (0.00 sec)
    
    mysql> exit
    Bye