{"id":5280,"date":"2014-08-11T23:48:31","date_gmt":"2014-08-11T15:48:31","guid":{"rendered":"https:\/\/webhostinggeeks.com\/howto\/?p=5280"},"modified":"2023-06-22T23:00:28","modified_gmt":"2023-06-22T23:00:28","slug":"how-to-secure-mysql-server-on-centos-6-5","status":"publish","type":"post","link":"https:\/\/webhostinggeeks.com\/howto\/how-to-secure-mysql-server-on-centos-6-5\/","title":{"rendered":"How to Secure MySQL Server on CentOS 6.5 \/ CentOS 6.6"},"content":{"rendered":"<p>MySQL, the world&#8217;s most popular open source database and the second most widely used open-source relational database management system (RDBMS), is a crucial component of many web applications. However, its default installation is not securely configured. For the sake of security, it&#8217;s essential to manually run the mysql_secure_installation wizard to perform basic MySQL hardening.<\/p>\n<p>This guide will walk you through the steps to secure your MySQL server, specifically focusing on MySQL Community Server 5.5.39 running on CentOS 6.5 and CentOS 6.6.<\/p>\n<p>Before we dive into the tutorial, it&#8217;s worth noting that securing your MySQL server is a critical step in setting up a secure web environment. Whether you&#8217;re using a <a href=\"https:\/\/webhostinggeeks.com\/blog\/what-is-dedicated-server-hosting\/\">dedicated<\/a>, a <a href=\"https:\/\/webhostinggeeks.com\/blog\/what-is-vps-hosting\/\">VPS<\/a>, or <a href=\"https:\/\/webhostinggeeks.com\/blog\/what-is-cloud-hosting\/\">cloud<\/a> hosting, ensuring the security of your MySQL server is paramount.<\/p>\n<h2>Step 1: Run mysql_secure_installation Wizard<\/h2>\n<p>The first step in securing your MySQL server is to run the mysql_secure_installation wizard. This script is recommended for all MySQL servers in production use. It will guide you through several steps to secure your MySQL installation.<\/p>\n<pre>\r\n[root@vps ]# mysql_secure_installation\r\n<\/pre>\n<p>The script will first ask for the current password for the root user. If you&#8217;ve just installed MySQL and haven&#8217;t set the root password yet, the password will be blank, so you should just press enter.<\/p>\n<p>The script will then guide you through several steps, including setting the root password, removing anonymous users, disallowing root login remotely, removing the test database and access to it, and reloading the privilege tables.<\/p>\n<p>System response:<\/p>\n<pre>\r\n[root@vps ]# mysql_secure_installation\r\n\r\n\r\n\r\n\r\nNOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL\r\n      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!\r\n\r\n\r\nIn order to log into MySQL to secure it, we'll need the current\r\npassword for the root user.  If you've just installed MySQL, and\r\nyou haven't set the root password yet, the password will be blank,\r\nso you should just press enter here.\r\n\r\nEnter current password for root (enter for none):\r\nOK, successfully used password, moving on...\r\n\r\nSetting the root password ensures that nobody can log into the MySQL\r\nroot user without the proper authorisation.\r\n\r\nSet root password? [Y\/n] y\r\nNew password:\r\nRe-enter new password:\r\nPassword updated successfully!\r\nReloading privilege tables..\r\n ... Success!\r\n\r\n\r\nBy default, a MySQL installation has an anonymous user, allowing anyone\r\nto log into MySQL without having to have a user account created for\r\nthem.  This is intended only for testing, and to make the installation\r\ngo a bit smoother.  You should remove them before moving into a\r\nproduction environment.\r\n\r\nRemove anonymous users? [Y\/n] y\r\n ... Success!\r\n\r\nNormally, root should only be allowed to connect from 'localhost'.  This\r\nensures that someone cannot guess at the root password from the network.\r\n\r\nDisallow root login remotely? [Y\/n] y\r\n ... Success!\r\n\r\nBy default, MySQL comes with a database named 'test' that anyone can\r\naccess.  This is also intended only for testing, and should be removed\r\nbefore moving into a production environment.\r\n\r\nRemove test database and access to it? [Y\/n] y\r\n - Dropping test database...\r\n ... Success!\r\n - Removing privileges on test database...\r\n ... Success!\r\n\r\nReloading the privilege tables will ensure that all changes made so far\r\nwill take effect immediately.\r\n\r\nReload privilege tables now? [Y\/n] y\r\n ... Success!\r\n\r\nCleaning up...\r\n\r\n\r\n\r\nAll done!  If you've completed all of the above steps, your MySQL\r\ninstallation should now be secure.\r\n\r\nThanks for using MySQL!\r\n<\/pre>\n<h2>Step 2: Set \u201cbind-address\u201d Parameter<\/h2>\n<p>The next step is to set the \u201cbind-address\u201d parameter within the \u201c[mysqld]\u201d section in \/etc\/my.cnf. Configure this to your VPS local loopback network device, which is \u201c127.0.0.1\u201d. Please make sure that you only perform this step if you confirm no other server will need to access the database on your VPS.<\/p>\n<pre>\r\n[root@vps ~]# vi \/etc\/my.cnf\r\n[mysqld]\r\n..\r\nbind-address = 127.0.0.1\r\n..\r\n<\/pre>\n<h2>Step 3: Restart Your MySQL Server<\/h2>\n<p>After setting the \u201cbind-address\u201d parameter, you need to restart your MySQL server for the changes to take effect.<\/p>\n<pre>\r\n[root@vps ~]# service mysqld restart\r\n<\/pre>\n<h2>Step 4: Verify the MySQL Port<\/h2>\n<p>Finally, verify that the MySQL port is listening to 127.0.0.1 only.<\/p>\n<pre>\r\n[root@vps ~]# netstat -plunt | grep 3306\r\ntcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 8224\/mysqld\r\n<\/pre>\n<p>By following these steps, you can ensure that your MySQL server is secure. Whether you&#8217;re running a <a href=\"https:\/\/webhostinggeeks.com\/blog\/litespeed-web-server-explained\/\">LiteSpeed<\/a>, <a href=\"https:\/\/webhostinggeeks.com\/blog\/apache-http-server-explained\/\">Apache<\/a>, or <a href=\"https:\/\/webhostinggeeks.com\/blog\/nginx-server-explained\/\">Nginx<\/a> server, securing your MySQL installation is a critical step in maintaining a secure web environment.<\/p>\n<h2>Commands Mentioned<\/h2>\n<ul>\n<li><span class=\"fw-bold\">mysql_secure_installation<\/span> \u2013 This command runs the MySQL secure installation wizard, which guides you through several steps to secure your MySQL installation.<\/li>\n<li><span class=\"fw-bold\">vi \/etc\/my.cnf<\/span> \u2013 This command opens the MySQL configuration file in a text editor, allowing you to set the \u201cbind-address\u201d parameter.<\/li>\n<li><span class=\"fw-bold\">service mysqld restart<\/span> \u2013 This command restarts your MySQL server, allowing any changes you&#8217;ve made to take effect.<\/li>\n<li><span class=\"fw-bold\">netstat -plunt | grep 3306<\/span> \u2013 This command checks whether the MySQL port is listening to 127.0.0.1 only.<\/li>\n<\/ul>\n<h2>Conclusion<\/h2>\n<p>Securing your MySQL server is a crucial step in maintaining a secure web environment. By following the steps outlined in this guide, you can ensure that your MySQL installation is secure, regardless of whether you&#8217;re using a <a href=\"https:\/\/webhostinggeeks.com\/blog\/what-is-dedicated-server-hosting\/\">dedicated<\/a>, a <a href=\"https:\/\/webhostinggeeks.com\/blog\/what-is-vps-hosting\/\">VPS<\/a>, or <a href=\"https:\/\/webhostinggeeks.com\/blog\/what-is-cloud-hosting\/\">cloud<\/a> hosting.<\/p>\n<p>Remember, securing your MySQL server is not a one-time task, but an ongoing responsibility. Regularly reviewing and updating your security settings, as well as staying informed about the latest security best practices and potential vulnerabilities, will help keep your MySQL server, and by extension your web applications, safe and secure.<\/p>\n<p>Whether you&#8217;re a seasoned webmaster or a beginner, this guide provides a comprehensive and easy-to-follow approach to securing your MySQL server. By following these steps, you can contribute to the overall security of your web environment and ensure the integrity and confidentiality of your data.<\/p>\n<h2>FAQ<\/h2>\n<ol itemscope itemtype=\"https:\/\/schema.org\/FAQPage\">\n<li itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\">\n<p class=\"fw-bold\" itemprop=\"name\">What is the purpose of the mysql_secure_installation command?<\/p>\n<p itemprop=\"acceptedAnswer\" itemscope itemtype=\"https:\/\/schema.org\/Answer\">\n                <span itemprop=\"text\">The mysql_secure_installation command is a script that performs several security-related operations on your MySQL installation. It helps you secure your MySQL server by setting a password for the root accounts, removing root accounts that are accessible from outside the localhost, removing anonymous-user accounts, and removing the test database.<\/span>\n            <\/p>\n<\/li>\n<li itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\">\n<p class=\"fw-bold\" itemprop=\"name\">Why do I need to set the \u201cbind-address\u201d parameter?<\/p>\n<p itemprop=\"acceptedAnswer\" itemscope itemtype=\"https:\/\/schema.org\/Answer\">\n                <span itemprop=\"text\">Setting the \u201cbind-address\u201d parameter to \u201c127.0.0.1\u201d ensures that your MySQL server only accepts connections from clients running on the same machine, i.e., localhost. This is a security measure to prevent remote connections to your MySQL server.<\/span>\n            <\/p>\n<\/li>\n<li itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\">\n<p class=\"fw-bold\" itemprop=\"name\">Why is it necessary to restart the MySQL server after changing the configuration?<\/p>\n<p itemprop=\"acceptedAnswer\" itemscope itemtype=\"https:\/\/schema.org\/Answer\">\n                <span itemprop=\"text\">Restarting the MySQL server allows any changes you&#8217;ve made to the configuration file to take effect. If you don&#8217;t restart the server, it will continue to use the old configuration until the next restart.<\/span>\n            <\/p>\n<\/li>\n<li itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\">\n<p class=\"fw-bold\" itemprop=\"name\">What does the netstat command do?<\/p>\n<p itemprop=\"acceptedAnswer\" itemscope itemtype=\"https:\/\/schema.org\/Answer\">\n                <span itemprop=\"text\">The netstat command is used to display network connections, routing tables, interface statistics, and more. In this context, it&#8217;s used to verify that the MySQL port is listening to 127.0.0.1 only.<\/span>\n            <\/p>\n<\/li>\n<li itemscope itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\">\n<p class=\"fw-bold\" itemprop=\"name\">What are the security risks of not securing a MySQL server?<\/p>\n<p itemprop=\"acceptedAnswer\" itemscope itemtype=\"https:\/\/schema.org\/Answer\">\n                <span itemprop=\"text\">If a MySQL server is not secured, it can be vulnerable to a variety of attacks. These include unauthorized access to the database, data theft, data corruption, and even denial-of-service (DoS) attacks. By not securing your MySQL server, you risk exposing sensitive data and potentially disrupting your web services.<\/span>\n            <\/p>\n<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>MySQL, the world&#8217;s most popular open source database and the second most widely used open-source relational database management system (RDBMS), is a crucial component of many web applications. However, its&#8230;<\/p>\n","protected":false},"author":6,"featured_media":5283,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wds_primary_category":0,"footnotes":""},"categories":[2055,1008],"tags":[1256,1536,1585],"class_list":["post-5280","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-centos","category-mysql","tag-centos-6-5","tag-linux","tag-mysql"],"_links":{"self":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/5280","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/comments?post=5280"}],"version-history":[{"count":0,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/posts\/5280\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media\/5283"}],"wp:attachment":[{"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/media?parent=5280"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/categories?post=5280"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webhostinggeeks.com\/howto\/wp-json\/wp\/v2\/tags?post=5280"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}