MySQL is a popular open-source relational database management system, widely used for web applications, data storage, and content management systems. As the backbone for storing critical data, it is crucial to ensure that your MySQL database server is well-secured to protect sensitive information from unauthorized access, data breaches, and other security threats. Implementing proper security measures can significantly reduce the risk of attacks, safeguarding your valuable data.<\/p>\n
A Default MySQL installation is completely vulnerable.<\/p>\n
In this guide, we will walk you through a step-by-step process to help you secure your MySQL database server. <\/p>\n
MySQL comes with a built-in security script called mysql_secure_installation. This script helps you set a strong root password, remove anonymous users, disable remote root login, and remove the test database. To run the script, execute the following command:<\/p>\n
\r\nsudo mysql_secure_installation\r\n<\/pre>\nFollow the on-screen prompts to complete the process.<\/p>\n
\r\n[root@CentOS57 ~]# mysql_secure_installation\r\n\r\n\r\n\r\n\r\nNOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL\r\n SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!\r\n\r\n\r\nIn order to log into MySQL to secure it, we'll need the current\r\npassword for the root user. If you've just installed MySQL, and\r\nyou haven't set the root password yet, the password will be blank,\r\nso you should just press enter here.\r\n\r\nEnter current password for root (enter for none):\r\nOK, successfully used password, moving on...\r\n\r\nSetting the root password ensures that nobody can log into the MySQL\r\nroot user without the proper authorisation.\r\n\r\nSet root password? [Y\/n] y\r\nNew password:\r\nRe-enter new password:\r\nPassword updated successfully!\r\nReloading privilege tables..\r\n ... Success!\r\n\r\n\r\nBy default, a MySQL installation has an anonymous user, allowing anyone\r\nto log into MySQL without having to have a user account created for\r\nthem. This is intended only for testing, and to make the installation\r\ngo a bit smoother. You should remove them before moving into a\r\nproduction environment.\r\n\r\nRemove anonymous users? [Y\/n] y\r\n ... Success!\r\n\r\nNormally, root should only be allowed to connect from 'localhost'. This\r\nensures that someone cannot guess at the root password from the network.\r\n\r\nDisallow root login remotely? [Y\/n] n\r\n ... skipping.\r\n\r\nBy default, MySQL comes with a database named 'test' that anyone can\r\naccess. This is also intended only for testing, and should be removed\r\nbefore moving into a production environment.\r\n\r\nRemove test database and access to it? [Y\/n] n\r\n ... skipping.\r\n\r\nReloading the privilege tables will ensure that all changes made so far\r\nwill take effect immediately.\r\n\r\nReload privilege tables now? [Y\/n] y\r\n ... Success!\r\n\r\nCleaning up...\r\n\r\n\r\n\r\nAll done! If you've completed all of the above steps, your MySQL\r\ninstallation should now be secure.\r\n\r\nThanks for using MySQL!\r\n<\/pre>\nStep 2: Create a dedicated user with limited privileges<\/h2>\n
Rather than using the root user for everyday tasks, create a dedicated user with the necessary privileges. Replace newuser and newpassword with the desired username and password:<\/p>\n
\r\nmysql -u root -p\r\n\r\nCREATE USER 'newuser'@'localhost' IDENTIFIED BY 'newpassword';\r\nGRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON *.* TO 'newuser'@'localhost';\r\nFLUSH PRIVILEGES;\r\nEXIT;\r\n<\/pre>\nStep 3: Change the default MySQL port<\/h2>\n
By default, MySQL listens on port 3306. To make it more difficult for attackers to target your MySQL server, change the default port to a non-standard one. Open the MySQL configuration file in a text editor:<\/p>\n
\r\nsudo nano \/etc\/mysql\/mysql.conf.d\/mysqld.cnf\r\n<\/pre>\nLocate the line containing port = 3306 and change the port number to a non-standard one, for example, port = 4567. Save and close the file.<\/p>\n
Restart the MySQL service to apply the changes:<\/p>\n
\r\nsudo systemctl restart mysql\r\n<\/pre>\nStep 4: Enable a firewall<\/h2>\n
Use a firewall like UFW (Uncomplicated Firewall) to limit incoming connections to your MySQL server. First, enable the UFW firewall:<\/p>\n
\r\nsudo ufw enable\r\n<\/pre>\nAllow incoming connections only from specific IP addresses:<\/p>\n
\r\nsudo ufw allow from your_ip_address to any port 4567\r\n<\/pre>\nReplace your_ip_address with the IP address you want to allow and 4567 with the MySQL port you set in Step 3.<\/p>\n
Step 5: Regularly update your MySQL installation<\/h2>\n
Keep your MySQL installation up-to-date with security patches by regularly updating your system:<\/p>\n
\r\nsudo apt update\r\nsudo apt upgrade\r\n<\/pre>\nPrograms Mentioned:<\/h2>\n
\n
- MySQL<\/span> – An open-source relational database management system used for managing databases and organizing data.<\/li>\n
- mysql_secure_installation<\/span> – A built-in security script provided by MySQL to help secure the initial installation of a MySQL server.<\/li>\n
- UFW (Uncomplicated Firewall)<\/span> – A user-friendly frontend for managing iptables firewall rules, making it easy to secure your server.<\/li>\n<\/ul>\n
Conclusion<\/h2>\n
By following this guide, you have taken important steps to secure your MySQL database server. While these steps help improve security, it is essential to stay informed about new vulnerabilities and apply security best practices to maintain the highest level of protection for your data.<\/p>\n
If you have any questions, comments, or suggestions for improvements, please feel free to share your thoughts. <\/p>\n","protected":false},"excerpt":{"rendered":"
MySQL is a popular open-source relational database management system, widely used for web applications, data storage, and content management systems. As the backbone for storing critical data, it is crucial…<\/p>\n","protected":false},"author":6,"featured_media":343,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[1008,1065],"tags":[1322,1536,1585,1744],"class_list":["post-1749","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-mysql","category-system-administration","tag-database","tag-linux","tag-mysql","tag-security"],"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/1749","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/comments?post=1749"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/1749\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media\/343"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media?parent=1749"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/categories?post=1749"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/tags?post=1749"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}