Security measures for newly deployed MySQL servers

The security of the database is usually the most serious in the security operations, so in peacetime need to do firewall security policy, as well as master-slave replication real-time hot-standby and the corresponding disaster capacity backup measures, of course, whether it is compiled installed or binary package after the deployment of MySQL often ignore some security risks, Here is a brief introduction to MySQL after the deployment of the necessary limitations and adjustments. (mysql_x86_64 binary deployment can be see: http://jim123.blog.51cto.com/4763600/1835010)

Deletion of the MySQL documentation and important MY.CNF configuration file down the right

After MySQL is deployed, there will be some documentation in the environment path, which is not required in the actual production environment and should be removed here.

[[email protected] mysql]# ls |grep-e ' [A-z] ' copyinginstall-binaryreadme[[email protected] mysql]# ls |grep-e ' [A-z] ' |x Args rm-f;

MY.CNF is mysqld configuration file, usually my.cnf from the Support-files folder to copy the changes or their usual written files that its initial permission is too high, the default mysqld read the configuration file order can be viewed by viewing the Mysqld tool under the Environment directory

[[email protected] bin]# ./mysqld --help --verbose | head -15      Slightly ... Usage: ./mysqld [options]default options are read from the following  files in the given order:/etc/my.cnf /etc/mysql/my.cnf /usr/local/mysql/ Etc/my.cnf ~/.my.cnf the following groups are read: mysqld server  mysqld-5.5The following options may be given as the first  Argument:[[email protected] etc]# ls -al|grep my.cnf -rw-r--r--  1  root root    5050 10-22 15:05 my.cnf[[email protected]  etc]# chmod 600 my.cnf[[email protected] etc]# ls -al|grep  MY.CNF -RW-------  1 root root    5050 10-22 15:05  my.cnf

Second, delete the MySQL anonymous user and test library

The user information for MySQL is in the Mysql.user table, which is empty for anonymous users, that is, the user field

mysql> select user,host,password from mysql.user;+------+-----------+----------+|  user | host      | password |+------+-----------+----------+ | root | localhost |          | |  root | bogon     |           | |  root | 127.0.0.1 |          | |  root | ::1       |           | |       | localhost |           | |       | bogon     |           |+------+-----------+----------+6 rows in set (0.00 sec) mysql> drop user  ' @localhost; query ok, 0 rows affected  (0.00 sec) mysql> drop user  "@bogon;     Query OK, 0 rows affected  (0.00 SEC)

The test library is a security risk for MySQL and needs to be removed when it is not necessary

Mysql> Show databases;+--------------------+| Database |+--------------------+| Information_schema | | MySQL | | Performance_schema | | Test |+--------------------+4 rows in Set (0.00 sec) mysql> drop database test; Query OK, 0 rows affected (0.01 sec)

Finally in a good firewall on the basis of the root of the MySQL user to add passwords, the default installed after the MySQL is no password, add password can be used mysqladmin tool or directly modify the Mysql.user table, this is relatively simple, here will not repeat. So on the basis of the corresponding MySQL disaster capacity backup and other measures to ensure the data security of MySQL database

This article is from the "Technical essay" blog, please be sure to keep this source http://jim123.blog.51cto.com/4763600/1864671

Security measures for newly deployed MySQL servers