List of MySQL primary protection checks

Chris Anley chris@ngssoftware.com.
Translation: zhouzhen [E.S. T]

List of MySQL primary protection checks

The following are important references to reinforce the security of your Mysql Server:
Http://www.securityfocus.com/infocus/1726
Http://www.securityfocus.com/infocus/1667
Http://www.kitebird.com/articles/ins-sec.html

 

• Read the MySQL security guide:
SQL .com/doc/mysql/en/Security.html "target = http://dev.mysql.com/doc/mysql/en/Security.html

• Configure IPTables (Linux) or IPSec filtering ruleset (Windows) on your Mysql server ).

• Frequent access to SQL .com/products/mysql/ "target = http://www.mysql.com/products/mysql/to check for updates.

• Delete all non-root Mysql users

• Rename the root user of Mysql

• Create a Mysql user for each web application-or, if possible, create a user for each role of each web application. For example, you can create a Mysql user to update the table and create another user with low permissions for the select table.

• Ensure that Mysql users are restricted by IP addresses and passwords. For more information, see section 5.4 of the Mysql user manual, "Mysql Access Permissions.

• Use a low-Permission mysql user to run the Mysql daemon. This is the default option for some platforms, but not for others. For example, on windows, Mysql runs with the permission of the local system.

• Run mysqld under the -- chroot option. Make sure that the Mysql user cannot access files other than the restricted directory. It is worth noting that Mysql users should be prohibited from reading the configuration files of the operating system. In some cases, you must prevent Mysql users from changing the Mysql configuration file.

• Do not grant unnecessary permissions to users, especially File_priv and Grant_priv. If you need to integrate the file system with Mysql from the inside,
To achieve this goal, you can create a separate Mysql user for your application.

• Add "set-variable = local-infile = 0" to my. cnf to disable the load data local infile command.

• Understand Mysql vulnerabilities! SecurityFocus and ICAT often check for the latest Mysql database vulnerabilities.

Ps: With the development of php injection, more and more php + mysql websites are under attack. There are too few articles about how to configure and prevent Mysql. So I translated

The MySQL Lockdown Checklist in Hackproofing MySQL is helpful.