Documente Academic
Documente Profesional
Documente Cultură
http://centoshelp.org/servers/installing-conguring-mysq...
GO
Home Networking IPTables Advanced Networking Fundamentals NIC Bonding NIC Aliasing Servers Installing & Conguring MySQL Server Common Useful MySQL Commands MySQL Database Replication PHPMyAdmin On Centos Postx Mail Server On Centos Conguring AWStats Multiple Domains Hosted On The Same Server Installing & Conguring Nutch, Nutch-Gui, Sun JDK & Tomcat 6 On Centos Installing Zope/Plone v3.3.1 With The Unied Installer In Centos IM Proxying With Squid on Centos Installing PHP 5.2.x On Centos 5.x Correctly Installing & Conguring VSftpd WordPress Development Server on localhost Security Installing & Conguring AIDE on Centos Apache HTTPD with SSL (HTTPS, Secure Socket Layer) Denyhosts Fail2ban Restrict User Account To: cvs, scp, sftp, rsync Only With Centos Securing sshd SELinux Common Commands & Troubleshooting SELinux Module Building SSH Access Using Public / Private DSA Or RSA Keys Sudo An Advanced Howto Resources Commands Docs FAQs Repos Pre Install Options Post Install Options Scripts & Tools Troubleshooting Links
1 of 7
01/17/2012 09:33 AM
http://centoshelp.org/servers/installing-conguring-mysq...
Contact IRC
Requirements
1. Login to a terminal as root using one of these options: (su login | su -l | or: su -) 2. Yum and rpm must also be installed and functional (something is seriously wrong if they arent)
2 of 7
01/17/2012 09:33 AM
http://centoshelp.org/servers/installing-conguring-mysq...
---> Downloading header for mysql to pack into transaction set. mysql-5.0.27-1.fc6.i386.r 100% |=========================| 36 kB 00:00 ---> Package mysql.i386 0:5.0.27-1.fc6 set to be updated ---> Downloading header for mysql-server to pack into transaction set. mysql-server-5.0.27-1.fc6 100% |=========================| 33 kB 00:00 ---> Package mysql-server.x86_64 0:5.0.27-1.fc6 set to be updated ---> Downloading header for mysql to pack into transaction set. mysql-5.0.27-1.fc6.x86_64 100% |=========================| 36 kB 00:00 ---> Package mysql.x86_64 0:5.0.27-1.fc6 set to be updated --> Running transaction check --> Processing Dependency: perl-DBI for package: mysql-server --> Processing Dependency: perl(DBI) for package: mysql --> Processing Dependency: perl(DBI) for package: mysql-server --> Processing Dependency: perl-DBD-MySQL for package: mysql-server --> Restarting Dependency Resolution with new changes. --> Populating transaction set with selected packages. Please wait. ---> Downloading header for perl-DBI to pack into transaction set. perl-DBI-1.52-1.fc6.x86_6 100% |=========================| 16 kB 00:00 ---> Package perl-DBI.x86_64 0:1.52-1.fc6 set to be updated ---> Downloading header for perl-DBD-MySQL to pack into transaction set. perl-DBD-MySQL-3.0007-1.f 100% |=========================| 8.5 kB 00:00 ---> Package perl-DBD-MySQL.x86_64 0:3.0007-1.fc6 set to be updated --> Running transaction check Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: mysql i386 5.0.27-1.fc6 updates 3.3 M mysql x86_64 5.0.27-1.fc6 updates 3.3 M mysql-server x86_64 5.0.27-1.fc6 updates 10 M Installing for dependencies: perl-DBD-MySQL x86_64 perl-DBI x86_64
3.0007-1.fc6 1.52-1.fc6
core core
147 k 605 k
Transaction Summary ============================================================================= Install 5 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 18 M Is this ok [y/N]:
3 of 7
01/17/2012 09:33 AM
http://centoshelp.org/servers/installing-conguring-mysq...
You can test the MySQL daemon with the benchmarks in the 'sql-bench' directory: cd sql-bench ; perl run-all-tests Please report any problems with the /usr/bin/mysqlbug script! The latest information about MySQL is available on the web at http://www.mysql.com Support MySQL by buying support/licenses at http://shop.mysql.com [ OK ] Starting MySQL: [ OK ]
5. Change root database admin password: (note: once this step is complete youll need to login with: mysql -p -u root)
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('mypass'); Query OK, 0 rows affected (0.00 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) mysql>
4 of 7
01/17/2012 09:33 AM
http://centoshelp.org/servers/installing-conguring-mysq...
mysql>
8. Add a new user with database admin privs for all databases:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'warren'@'localhost' IDENTIFIED BY 'mypass' WITH GRANT OPTION; Query OK, 0 rows affected (0.00 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) mysql>
9. Add a new user with database admin privs for a specic database, in this case the database is called bugzilla: (note: The bugzilla database must rst be added, see below.)
mysql> GRANT ALL PRIVILEGES ON bugzilla.* TO 'warren'@'localhost' IDENTIFIED BY 'mypass'; Query OK, 0 rows affected (0.00 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) mysql> Alternatively, you can give someone access to only certain privileges by substituting "ALL PRIVILEGES" with any combination of the following (commas included): SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES
12. Improving local le security (after saving and exiting remember to: service mysqld restart for changes to take eect):
The next change is to disable the use of LOAD DATA LOCAL INFILE command, which will help to prevent against unauthorized reading from local files. This matters especially when new SQL Injection vulnerabilities in PHP applications are found. For that purpose, the following parameter should be added in the [mysqld] section in: /etc/my.cnf
5 of 7
01/17/2012 09:33 AM
http://centoshelp.org/servers/installing-conguring-mysq...
13. Disabling remote access to the MySQL server (after saving and exiting remember to: service mysqld restart for changes to take eect).
This change applies to the 3306/tcp port, on which MySQL listens by default. Because, according to the initial assumptions, the database will be used only by locally installed PHP applications, we can freely disable listening on that port. This will limit possibilities of attacking the MySQL database by direct TCP/IP connections from other hosts. Local communication will be still possible throw the mysql.sock socket. In order to disable listening on the mentioned port, the following parameter should be added to the [mysqld] section of /etc/my.cnf: skip-networking If, for some reason, remote access to the database is still required (e.g. to perform remote data backup), the SSH protocol can be used as follows: (modify to your needs) backuphost$ ssh mysqlserver /usr/local/mysql/bin/mysqldump -A > backup
Troubleshooting
How to test
1. Make sure mysql and mysql server are indeed installed and that they are the correct versions:
# rpm -qa | grep mysql && chkconfig --list | grep mysql mysql-5.0.27-1.fc6 mysql-5.0.27-1.fc6 mysql-gui-common-1.1.10-3.fc6 mysql-server-5.0.27-1.fc6 mysql-administrator-1.1.10-3.fc6 mysqld 0:off 1:off 2:off 3:off 4:off 5:off
6:off
3. Clear MySQL scrollback history (so sensitive data such as passwords cannot be seen by others with access):
]# cat /dev/null > ~/.mysql_history
6. Delete a null user (user without a username) from the MySQL Server database:
mysql> delete from mysql.user where user = ' '; Query OK, 1 rows affected (0.00 sec)
6 of 7
01/17/2012 09:33 AM
http://centoshelp.org/servers/installing-conguring-mysq...
More Information
Disclaimer
We test this stu on our own machines, really we do. But you may run into problems, if you do, come to #centoshelp on irc.freenode.net This has been tested on Centos 5.x and 6.x
Added Reading
http://dev.mysql.com/doc/
7 of 7
01/17/2012 09:33 AM