CentOS installation MySQL-5.6.10 + Security Configuration, centosmysql-5.6.10

CentOS installation MySQL-5.6.10 + Security Configuration, centosmysql-5.6.10

 

Note: All of the following operations are performed in the CentOS 6.5 x86_64-bit system.

 

# Preparations #

Before installing MySQL, make sure that you have installed various basic components using yum. For details, see CentOS basic components for LNMP environment installation.

Create a user group and user for mysql and Do Not Allow Logon permissions:

# Id mysqlid: mysql: None this user # groupadd mysql # useradd-g mysql-s/sbin/nologin mysql # id mysqluid = 500 (mysql) gid = 500 (mysql) group = 500 (mysql)

 

# MySQLInstall#

Prepare the installation directory for MySQL:

# mkdir -p /data/mysql/data# chown -R mysql:mysql /data/mysql

Start installing MySQL with source code:

# cd /usr/local/src# wget http://dev.mysql.com/get/Downloads/MySQL-5.6/mysql-5.6.10.tar.gz# tar zxf mysql-5.6.10.tar.gz# cd mysql-5.6.10# cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql-5.6.10 -DSYSCONFDIR=/usr/local/mysql-5.6.10/etc -DMYSQL_UNIX_ADDR=/usr/local/mysql-5.6.10/tmp/mysql.sock -DMYSQL_TCP_PORT=3306 -DMYSQL_USER=mysql -DMYSQL_DATADIR=/data/mysql/data -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DENABLED_LOCAL_INFILE=1...CMake Warning:  Manually-specified variables were not used by the project:    MYSQL_USER-- Build files have been written to: /usr/local/src/mysql-5.6.10# make && make install# mkdir -p /usr/local/mysql-5.6.10/etc# mkdir -p /usr/local/mysql-5.6.10/tmp# ln -s /usr/local/mysql-5.6.10/ /usr/local/mysql# chown -R mysql:mysql /usr/local/mysql-5.6.10# chown -R mysql:mysql /usr/local/mysql

Add the MySQL bin directory to the current environment:

# vim /etc/profileexport MYSQL_HOME=/usr/local/mysqlexport PATH=$PATH:$MYSQL_HOME/bin$ source /etc/profile

Execute the initial Initialization Configuration script and create the database and table that comes with the system:

# cd /usr/local/mysql# scripts/mysql_install_db --user=mysql --datadir=/data/mysql/data...OKTo start mysqld at boot time you have to copysupport-files/mysql.server to the right place for your systemPLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !To do so, start the server, then issue the following commands:  ./bin/mysqladmin -u root password 'new-password'  ./bin/mysqladmin -u root -h iZ94mobdenkZ password 'new-password'Alternatively you can run:  ./bin/mysql_secure_installationwhich will also give you the option of removing the testdatabases and anonymous user created by default.  This isstrongly recommended for production servers.See the manual for more instructions.You can start the MySQL daemon with:  cd . ; ./bin/mysqld_safe &You can test the MySQL daemon with mysql-test-run.pl  cd mysql-test ; perl mysql-test-run.plPlease report any problems with the ./bin/mysqlbug script!The latest information about MySQL is available on the web at  http://www.mysql.comSupport MySQL by buying support/licenses at http://shop.mysql.comWARNING: Found existing config file ./my.cnf on the system.Because this file might be in use, it was not replaced,but was used in bootstrap (unless you used --defaults-file)and when you later start the server.The new default config file was created as ./my-new.cnf,please compare it with your file and take the changes you need.WARNING: Default config file /etc/my.cnf exists on the systemThis file will be read by default by the MySQL serverIf you do not want to use this, either remove it, or use the--defaults-file argument to mysqld_safe when starting the server

Note: When MySQL is started, it will first go to/etc/my. cnf: Find the configuration file. If not, search $ basedir/my. cnf, that is,/usr/local/mysql-5.6.10/my. cnf,Therefore, make sure that/etc/my. cnf does not exist.Otherwise, it may fail to start.

The file exists in the system. Therefore, you may need to back up and rename the file, and then write the configuration file according to the above Configuration:

# mv /etc/my.cnf /etc/my.cnf.bak# vim /usr/local/mysql-5.6.10/my.cnf[mysqld]basedir=/usr/local/mysql-5.6.10datadir=/data/mysql/datasocket=/usr/local/mysql-5.6.10/tmp/mysql.sockuser=mysqlsql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES

Modify the root password of a MySQL user. Start MySQL in mysqld_safe safe mode:

# mysqld_safe --user=mysql --skip-grant-tables --skip-networking &[1] 3970[root@iZ94mobdenkZ ~]# 141230 19:02:31 mysqld_safe Logging to '/data/mysql/data/centos.err'.141230 19:02:32 mysqld_safe Starting mysqld daemon with databases from /data/mysql/data

At this time, the mysqd_safe security mode has been enabled. open another window to connect the client to the MySQL server:

# mysqlWelcome to the MySQL monitor.  Commands end with ; or \g.Your MySQL connection id is 1Server version: 5.6.10 Source distributionCopyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> use mysql;mysql> update user set password=password('yourpassword') where user='root';mysql> flush privileges;mysql> exit;

After modification, kill the mysqld_safe process:

# ps aux | grep mysqlroot      3970  0.0  0.2 106308  1492 pts/1    S    19:02   0:00 /bin/sh /usr/local/mysql/bin/mysqld_safe --user=mysql --skip-grant-tables --skip-networkingmysql     4143  0.1 18.0 558280 90316 pts/1    Sl   19:02   0:00 /usr/local/mysql-5.6.10/bin/mysqld --basedir=/usr/local/mysql-5.6.10 --datadir=/data/mysql/data --plugin-dir=/usr/local/mysql-5.6.10/lib/plugin --user=mysql --skip-grant-tables --skip-networking --log-error=/data/mysql/data/centos.err --pid-file=/data/mysql/data/centos.pid --socket=/usr/local/mysql-5.6.10/tmp/mysql.sockroot      4313  0.0  0.1 103252   836 pts/0    S+   19:05   0:00 grep mysql# kill -9 3970# kill -9 4143

Or return to the window that just started mysqld_safe ctrl + c to kill the process.

Copy the Service Startup Script:

# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld# chmod +x /etc/init.d/mysqld

Set to start the MySQL service at startup and enable the MySQL service properly (optional ):

# chkconfig mysqld on# service mysqldUsage: mysqld  {start|stop|restart|reload|force-reload|status}  [ MySQL server options ]# service mysqld startStarting MySQL.      

In the future, you can use the service mysqld command to enable or disable the MySQL database.

Finally, we recommend that you run the Security Settings script in the production environment to disable remote connection from the root user, and remove the test database and anonymous user:

# /usr/local/mysql-5.6.10/bin/mysql_secure_installationNOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!In order to log into MySQL to secure it, we'll need the currentpassword for the root user.  If you've just installed MySQL, andyou haven't set the root password yet, the password will be blank,so you should just press enter here.Enter current password for root (enter for none):

Note: the root password entered above refers to the password of the MySQL root Account set above.

So far, the MySQL database has been installed.

 

# MySQL Security Configuration #

1. Make sure that you cannot use the root account of the system when starting MySQL. You must create a new mysql account, for example:

# mysqld_safe --user=mysql

2. After MySQL is installed and the database is initialized, the default root account password is blank. You must set a password for it to ensure high security. For example:

mysql> user mysql;mysql> update user set password=password('yourpassword') where user='root';mysql> flush privileges;

3. delete default databases and users:

mysql> show databases;+--------------------+| Database           |+--------------------+| information_schema || mysql              || performance_schema || test               |+--------------------+mysql> drop daabase test;mysql> use mysql;mysql> select host,user from user;+--------------+------+| host         | user |+--------------+------+| 127.0.0.1    | root || ::1          | root || centos       |      || centos       | root || localhost    |      || localhost    | root |+--------------+------+mysql> delete from user where not(host='localhost' and user='root');mysql> flush privileges;

Note: The data in the preceding user table may be different.

4. When developing a website to connect to a database, we recommend that you create a user with the update, select, delete, insert, drop table, and create table permissions only for a database, the username and password of the database of a project are stolen, and other projects are affected, for example:

mysql>create database yourdbname default charset utf8 collate utf8_general_ci;mysql>create user 'yourusername'@'localhost' identified by 'yourpassword';mysql> grant select,insert,update,delete,create,drop privileges on yourdbname.* To 'yourusername'@localhost identified by 'yourpassword';

5. The directory where the database file is located cannot be accessed by unauthorized users. You need to control access to this directory, for example:

# chown -R mysql:mysql /data/mysql/data# chmod -R go-rwx /data/mysql/data