Basic security optimizations after MySQL installation

MySQL5.6 and the following version, after installation by default comes with a test database, and in MySQL5.6, Mysql.user user table with user name is empty user, and so on the default settings, these are unsafe, easy for others to take advantage of the opportunity. So you need to do some optimization after installing MySQL, to enhance the security of MySQL database.

• 1. Basic environment information of operating system and MySQL:

Operating system version, operating system kernel version: Lsb_release-a, uname-r

MySQL database version:mysql> select version ();

MySQL database installed after the default database list:mysql> show databases; MySQL database installation After the default User list:mysql> Select User, host from Mysql.user;

• 2. Correction Method:

1), delete other accounts except [email protected] and [email protected] $hostname:mysql> drop user ' @ ' localhost ';mysql> drop user ' @ ' a Pptest ';mysql> drop user ' root ' @ ':: 1 '; # ipv6mysql> drop user ' root ' @ ' apptest ';mysql> Select User, host from Mysql.user; # Verify if Delete succeeded 2), delete test database:mysql> drop test;mysql> show databases; # Verify whether the deletion succeeded 3), modify the default root password:mysql> set password for ' root ' @ ' localhost ' = password ("CHISCDC"); It is best to reset the root password by following the Mysqladmin Interactive command. shell> mysqladmin-uroot-hlocalhost-p-s/application/mysql/3306/mysql.sock passwordshell> mysqladmin-uroot-h& lt;hostname>-p-s/application/mysql/3306/mysql.sock Password

• 3, usually to the database user authorization problem:

Adhere to the principle of minimizing permissions, to a library has only one dedicated user has permission to operate, that is, in the authorization, you need to specify the database name, host name, and do not include any wildcard "%" in the hostname. Mysql> grant all privileges in jhmytest.* to ' test ' @ ' 192.168.231.9/255.255.255.0 ' identified by ' CHISCDC ';mysql> FL Ush privileges;mysql> Show grants for ' Test ' @ ' 192.168.231.9/255.255.255.0 '; # View User Permissions

4, other security precautions to prevent the MySQL database password leakage:

prohibit entering a database password on the shell command line: When a plaintext password is entered on the shell command line, it is logged to the Operation history file (which can be viewed through the historical command), resulting in a password leak. 1), through the mysqladmin command to modify the MySQL user password: Error procedure, after pasword directly with the password string: shell> mysqladmin-uroot-p-s/application/mysql/3306/ Mysql.sock password "CHISCDC" correct practice: Do not write any strings after the password keyword, enter the new password interactively: shell> mysqladmin-uroot-p-s/application/ Mysql/3306/mysql.sock Password

2), log in to MySQL via MySQL command:

Error procedure, after-p directly follows the password string: shell> mysql-uroot-pchiscdc-s/application/mysql/3306/mysql.sock

Correct practice: Do not write any strings after-p, enter the new password interactively: shell> mysql-uroot-p-s/application/mysql/3306/mysql.sock

3), the database is backed up by the mysqldump command: Error procedure, the database password is stated in the backup script, followed by the password string directly after-p: #!/bin/bash# backup the MySQL database scriptsuser= "root" Passwd= "CHISCDC" Mysqldump-u${user}-p${passwd} DBname > Dbname.sql Correct practice "Official documentation is the safest practice, click here to view official documentation": by Mysql_config_ The editor command-line tool writes the MySQL user name, password, socket, etc. to a separate file (automatically encrypted), and the file assigns only the user read-only permission (400) to the file. The user name password is then read in the Script mysqldump command through the--defults-file parameter:shell> mysql_config_editor set--login-path=client--user=root--host =localhost--socket=/application/mysql/3306/mysql.sock--password shell> mysql_config_editor print--all set, Log in to the MySQL database on the host server specified above, and do not need to enter user name, password, etc.

New backup script, no need to specify host name, username, password, etc.: #!/bin/bash# backup the MySQL Database Scripts mysqldump--all-databases > Backup1.sql # End O F File

Basic security optimizations after MySQL installation