CentOS installation MySQL5.6.10 and Security Configuration tutorial detailed _mysql

Note: All of the following actions are performed under the CentOS 6.5 x86_64 bit system.

#准备工作 #

Before installing MySQL, make sure that you have installed the following types of underlying components using Yum (if the system has been taken, you can also consider the underlying components under Yum Update):

GCC
cmake
openssl+openssl-devel
pcre+pcre-devel
bzip2+bzip2-devel
libcurl+curl+curl-devel
libjpeg+libjpeg-devel
libpng+libpng-devel
freetype+freetype-devel
php-mcrypt+libmcrypt+ Libmcrypt-devel
libxslt+libxslt-devel
gmp+gmp-devel
libxml2+libxml2-devel
mhash
Ncurses+ncurses-devel
XML2

The user groups and users of MySQL are then created, and logon permissions are not allowed:

# ID MySQL
id:mysql: No this user
# groupadd mysql #
useradd-g mysql-s/sbin/nologin mysql
# id mysql
u id=500 (MySQL) gid=500 (MySQL) group =500 (MySQL)

#MySQL的安装 #

Prepare a directory for MySQL installation:

# mkdir-p/data/mysql/data
# chown-r Mysql:mysql/data/mysql

Start source installation MySQL:

# cd/usr/local/src # wget http://dev.mysql.com/get/Downloads/MySQL-5.6/mysql-5.6.10.tar.gz # tar ZXF mysql-5.6.10.tar.gz # CD mysql-5.6.10 # cmake-dcmake_install_prefix=/usr/local/mysql-5.6.10-dsysconfdir=/usr/local/ Mysql-5.6.10/etc-dmysql_unix_addr=/usr/local/mysql-5.6.10/tmp/mysql.sock-dmysql_tcp_port=3306-dmysql_user= Mysql-dmysql_datadir=/data/mysql/data-ddefault_charset=utf8-ddefault_collation=utf8_general_ci-dwith_myisam_ Storage_engine=1-dwith_innobase_storage_engine=1-dwith_archive_storage_engine=1-dwith_blackhole_storage_engine
=1-denabled_local_infile=1 ... CMake warning:manually-specified variables were not used by the Project:mysql_user-builds files have been to: /usr/local/src/mysql-5.6.10 # make && make install # mkdir-p/USR/LOCAL/MYSQL-5.6.10/ETC # mkdir-p/usr/local/my  Sql-5.6.10/tmp # ln-s/usr/local/mysql-5.6.10//usr/local/mysql # chown-r mysql:mysql/usr/local/mysql-5.6.10 # Chown-r Mysql:mysql/usr/local/mysql

Add MySQL Bin directory to the current environment:

# vim/etc/profile
export mysql_home=/usr/local/mysql
export path= $PATH: $MYSQL _home/bin
$ source/etc/ Profile

Perform the initial initialization configuration script and create the database and table with the system itself:

# cd/usr/local/mysql # scripts/mysql_install_db--user=mysql--datadir=/data/mysql/data ... OK to start mysqld at boot time and have to copy Support-files/mysql.server to the right place for your system please REME
Mber to SET A PASSWORD for the MySQL root USER! To does so, start the server, then issue the following commands:./bin/mysqladmin-u root password ' new-password './bin/mysq Ladmin-u root-h iz94mobdenkz password ' new-password ' Alternatively you can run:./bin/mysql_secure_installation which WI ll also give you to the option of removing the test databases and anonymous user created by default.
This is strongly recommended for production servers.
The manual for more instructions. You can start the MySQL daemon with:cd. ;./bin/mysqld_safe & can test the MySQL daemon with mysql-test-run.pl CD mysql-test;
Perl mysql-test-run.pl Please have the problems with the/bin/mysqlbug script!
The latest information about the MySQL is available on the Web at http://www.mysql.comSupport MySQL by buying support/licenses in http://shop.mysql.com warning:found existing config file./my.cnf on the Syst
Em. Because this file might is in use, it is not replaced, but is used in bootstrap (unless you used--defaults-file) and WH
En you later start the server.
The new default Config file is created as./MY-NEW.CNF, please compare it with your file and take the changes for you.  Warning:default config file/etc/my.cnf exists on the ' system this file ' is read by Default by the ' MySQL server If you Don't want to use this, either remove it, or use the--defaults-file argument to Mysqld_safe when starting the server

Note: Because MySQL in the start, will first go to/etc/my.cnf to find the configuration file, if not found then search $basedir/my.cnf, or/usr/local/mysql-5.6.10/my.cnf, so must ensure that/etc/ MY.CNF does not exist or may cause failure to start.

The file is found on the system in practice, so it may be necessary to back up the file name first, and then write the configuration file according to the configuration above:

# mv/etc/my.cnf/etc/my.cnf.bak
# vim/usr/local/mysql-5.6.10/my.cnf
[mysqld]
basedir=/usr/local/ mysql-5.6.10
datadir=/data/mysql/data
socket=/usr/local/mysql-5.6.10/tmp/mysql.sock
user=mysql
Sql_mode=no_engine_substitution,strict_trans_tables

Modify the password for MySQL user root, which is started using Mysqld_safe Safe mode:

# Mysqld_safe--user=mysql--skip-grant-tables--skip-networking &
[1] 3970
[Root@iz94mobdenkz ~]# 141230 19:02:31 mysqld_safe Logging to '/data/mysql/data/centos.err '.
141230 19:02:32 Mysqld_safe starting mysqld daemon with databases From/data/mysql/data

This time has already started the Mysqd_safe Safe mode, opens another window as the client to connect the MySQL server:

# MySQL
Welcome to the MySQL monitor. Commands End With; or \g.
Your MySQL Connection ID is 1
Server version:5.6.10 Source distribution
Copyright (c), 2013, Oracle and/or I TS affiliates. All rights reserved.
Oracle is a registered trademark to Oracle Corporation and/or its
affiliates. The other names may is trademarks of their respective
owners.
Type ' help, ' or ' \h ' for help. Type ' \c ' to clear the current input statement.
mysql> use MySQL;
mysql> Update user Set Password=password (' YourPassword ') where user= ' root ';
mysql> flush Privileges;
Mysql> exit;

After modification, use Kill to kill the Mysqld_safe process:

# PS aux | grep MySQL
root 3970 0.0 0.2 106308 1492 pts/1 S 19:02 0:00/bin/sh/usr/local/mysql/bin/mysqld_safe--user=mysql Ip-grant-tables--skip-networking
MySQL 4143 0.1 18.0 558280 90316 pts/1 Sl 19:02 0:00/usr/local/mysql-5.6.10/bin/my Sqld--basedir=/usr/local/mysql-5.6.10--datadir=/data/mysql/data--plugin-dir=/usr/local/mysql-5.6.10/lib/plugin --user=mysql--skip-grant-tables--skip-networking--log-error=/data/mysql/data/centos.err--pid-file=/data/mysql/  Data/centos.pid--socket=/usr/local/mysql-5.6.10/tmp/mysql.sock
root 4313 0.0 0.1 103252 836 pts/0 S+ 19:05 0:00 grep MySQL
# kill-9 3970
# kill-9 4143

Or go back to the window that just started mysqld_safe. Ctrl + C to kill the process also OK.

Replication Service startup script:

# cp/usr/local/mysql/support-files/mysql.server/etc/init.d/mysqld
# chmod +x/etc/init.d/mysqld

Set boot up MySQL service and open MySQL service normally (non-essential):

# chkconfig mysqld on
# service mysqld
usage:mysqld {start|stop|restart|reload|force-reload|status} [MySQL Server Options]
# service mysqld start
starting MySQL.

You can then open/close the MySQL database directly via the service mysqld command.

Finally, it is recommended to run the security settings script in the production environment, prohibit the root user from remote connection, remove the test database and anonymous users, and so on:

#/usr/local/mysql-5.6.10/bin/mysql_secure_installation Note:running All PARTS The This SCRIPT is recommended to all
MySQL
SERVERS in PRODUCTION use! Please READ each step carefully!
In order to log into MySQL to secure it, we'll need the current password for the
root user. If you ' ve just installed MySQL, and you
haven ' t set the root password yet, the password'll be blank, so you
sh Ould just press ENTER here.
Enter current password for root (enter for none):

Note: The root password entered above refers to the password of the MySQL root account previously set.

At this point, the MySQL database has been installed.

#MySQL的安全配置 #

1, to ensure that the start of MySQL can not use the system root account, must be a new MySQL account, such as:

# Mysqld_safe--user=mysql

2, MySQL installed to run initialization database, the default root account password is empty, you must set a password, while ensuring that the password has a high security. Like what:

mysql> user MySQL;
mysql> Update user Set Password=password (' YourPassword ') where user= ' root ';
mysql> flush Privileges;

3, delete the default database and users:

mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| Performance_schema |
| Test |
+--------------------+
mysql> drop daabase test;
mysql> use MySQL;
Mysql> select Host,user from user;
+--------------+------+
| host | user |
+--------------+------+
| 127.0.0.1 | root |
| :: 1 | Root |
| CentOS | | |
CentOS | Root |
| localhost | | |
localhost | Root |
+--------------+------+
mysql> Delete from user where not (host= ' localhost ' and user= ' root ');
mysql> flush Privileges;

Note: The data in the user table above may be different.

4, when the development of the Web site to connect the database, it is recommended to establish a user only for a library has update/select/delete/insert/drop table/create table and other permissions, Reducing the user name and password of a project's database causes other items to be affected, such as:

Mysql>create database yourdbname default charset UTF8 collate utf8_general_ci;
Mysql>create user ' yourusername ' @ ' localhost ' identified by ' YourPassword ';
Mysql> Grant Select,insert,update,delete,create,drop privileges on yourdbname.* to ' YourUserName ' @localhost Identified by ' YourPassword ';

5. The directory in which the database file resides does not allow unauthorized users access, and you need to control access to the directory, such as:

# chown-r Mysql:mysql/data/mysql/data
# chmod-r Go-rwx/data/mysql/data

The above is a small set to introduce the CentOS under the installation of MySQL5.6.10 and Security Configuration tutorial detailed, I hope to help you, if you have any questions please give me a message, small series will promptly reply to everyone. Here also thank you very much for the cloud Habitat Community website support!