The security of the database is usually the most serious in the security operations, so in peacetime need to do firewall security policy, as well as master-slave replication real-time hot-standby and the corresponding disaster capacity backup measures, of course, whether it is compiled installed or binary package after the deployment of MySQL often ignore some security risks, Here is a brief introduction to MySQL after the deployment of the necessary limitations and adjustments. (mysql_x86_64 binary deployment can be see: http://jim123.blog.51cto.com/4763600/1835010)
Deletion of the MySQL documentation and important MY.CNF configuration file down the right
After MySQL is deployed, there will be some documentation in the environment path, which is not required in the actual production environment and should be removed here.
[[email protected] mysql]# ls |grep-e ' [A-z] ' copyinginstall-binaryreadme[[email protected] mysql]# ls |grep-e ' [A-z] ' |x Args rm-f;
MY.CNF is mysqld configuration file, usually my.cnf from the Support-files folder to copy the changes or their usual written files that its initial permission is too high, the default mysqld read the configuration file order can be viewed by viewing the Mysqld tool under the Environment directory
[[email protected] bin]# ./mysqld --help --verbose | head -15 Slightly ... Usage: ./mysqld [options]default options are read from the following files in the given order:/etc/my.cnf /etc/mysql/my.cnf /usr/local/mysql/ Etc/my.cnf ~/.my.cnf the following groups are read: mysqld server mysqld-5.5The following options may be given as the first Argument:[[email protected] etc]# ls -al|grep my.cnf -rw-r--r-- 1 root root 5050 10-22 15:05 my.cnf[[email protected] etc]# chmod 600 my.cnf[[email protected] etc]# ls -al|grep MY.CNF -RW------- 1 root root 5050 10-22 15:05 my.cnf
Second, delete the MySQL anonymous user and test library
The user information for MySQL is in the Mysql.user table, which is empty for anonymous users, that is, the user field
mysql> select user,host,password from mysql.user;+------+-----------+----------+| user | host | password |+------+-----------+----------+ | root | localhost | | | root | bogon | | | root | 127.0.0.1 | | | root | ::1 | | | | localhost | | | | bogon | |+------+-----------+----------+6 rows in set (0.00 sec) mysql> drop user ' @localhost; query ok, 0 rows affected (0.00 sec) mysql> drop user "@bogon; Query OK, 0 rows affected (0.00 SEC)
The test library is a security risk for MySQL and needs to be removed when it is not necessary
Mysql> Show databases;+--------------------+| Database |+--------------------+| Information_schema | | MySQL | | Performance_schema | | Test |+--------------------+4 rows in Set (0.00 sec) mysql> drop database test; Query OK, 0 rows affected (0.01 sec)
Finally in a good firewall on the basis of the root of the MySQL user to add passwords, the default installed after the MySQL is no password, add password can be used mysqladmin tool or directly modify the Mysql.user table, this is relatively simple, here will not repeat. So on the basis of the corresponding MySQL disaster capacity backup and other measures to ensure the data security of MySQL database
This article is from the "Technical essay" blog, please be sure to keep this source http://jim123.blog.51cto.com/4763600/1864671
Security measures for newly deployed MySQL servers