Wednesday, July 22, 2009

Secure MySQL Install

Can be used for the Install on Synology or Any Windows or Unix based Install

  • To restart mysql on Synology /usr/syno/etc/rc.d/S21mysql.sh
  • mysqladmin -u mysql -p shutdown
  • To restartOn Synology WebGUI, System->Restore defaults->Reset MYSQL Database Password will reset password for MYSQL databaseInstalled phpMyAdmin
  • To Connect mysql -h host -u user -p myout.lst
  • For admin mysqladmin -u mysql -p pingstatusshutdown
  • show global status or show grants
  • connect with mysql using user=root and verify user table in mysql database. Update password using phpmyadmin. Note if you login using user=mysql you wont see the user table. Do not ever give anyone (except MySQL root accounts) access to the user table in the mysql database. Set passwords to all root accounts using password() function or phpmyadmin
  • mysql_install_db creates one root account (superuser) for connection from localhost only. Two anonymous-user accounts are created each with empty username and these anonymous accounts have no password so abobe can connect to mysql.On Windows, one anonymous account is for connections from the local host. It has no global privileges. (Before MySQL 5.1.16, it has all global privileges, just like the root accounts.) The other is for connections from any host and has all privileges for the test database and for other databases with names that start with test
  • mysql> select host,user,password from user
    localhost root *7D2ABFF56C15D67445082FBB4ACD2DCD26C0ED57
    Athena root *7D2ABFF56C15D67445082FBB4ACD2DCD26C0ED57
    Athena *7D2ABFF56C15D67445082FBB4ACD2DCD26C0ED57
     localhost *7D2ABFF56C15D67445082FBB4ACD2DCD26C0ED57
    localhost scott *F2F68D0BB27A773C1D944270E5FAFED515A3FA40
  • shell> mysql -u rootmysql> SET PASSWORD FOR ''@'localhost' = PASSWORD('newpwd');
    mysql> SET PASSWORD FOR     ''@'%' = PASSWORD('newpwd');
    OR
    shell> mysqladmin -u root password "newpwd"
    shell> mysqladmin -u root -h host_name password "newpwd"
    OR
    shell> mysql -u rootmysql> UPDATE mysql.user SET Password = PASSWORD('newpwd')
    -> WHERE User = 'root';mysql> FLUSH PRIVILEGES;
  • That account allows anonymous access but has full privileges, so removing it improves security. If you prefer to remove the anonymous accounts instead, do so as follows:
    shell> mysql -u root
    mysql> DROP USER '';
    DROP USER     ''@'localhost';
  • Note [mysqld]user=mysql in my.cnf shows that mysqld deamon runs as mysql user and not root
  • Coming Up-> howto secure phpMyAdmin and Enable Remote Access via open Port
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)