Installing & Conguring MySQL Server : CentOS Help

http://centoshelp.org/servers/installing-conguring-mysq...

Welcome, Tuesday 17th January 2012

Search CentOS Help...

GO

Home Networking IPTables Advanced Networking Fundamentals NIC Bonding NIC Aliasing Servers Installing & Conguring MySQL Server Common Useful MySQL Commands MySQL Database Replication PHPMyAdmin On Centos Postx Mail Server On Centos Conguring AWStats Multiple Domains Hosted On The Same Server Installing & Conguring Nutch, Nutch-Gui, Sun JDK & Tomcat 6 On Centos Installing Zope/Plone v3.3.1 With The Unied Installer In Centos IM Proxying With Squid on Centos Installing PHP 5.2.x On Centos 5.x Correctly Installing & Conguring VSftpd WordPress Development Server on localhost Security Installing & Conguring AIDE on Centos Apache HTTPD with SSL (HTTPS, Secure Socket Layer) Denyhosts Fail2ban Restrict User Account To: cvs, scp, sftp, rsync Only With Centos Securing sshd SELinux Common Commands & Troubleshooting SELinux Module Building SSH Access Using Public / Private DSA Or RSA Keys Sudo An Advanced Howto Resources Commands Docs FAQs Repos Pre Install Options Post Install Options Scripts & Tools Troubleshooting Links

1 of 7

01/17/2012 09:33 AM

Installing & Conguring MySQL Server : CentOS Help

http://centoshelp.org/servers/installing-conguring-mysq...

Contact IRC

Installing & Conguring MySQL Server

This Howto will show you how to install MySQL 5.x, start the service, make sure the server starts on reboot, login via terminal, change the root database admin password, change the name of the root user, add a new user with specic privileges to a specic database, add a new DBA, add a new database, remove all anonymous logins, remove all non-root users, added le security steps, disable remote access (via port 3306), purge the scrollback history, and nally the installation of the gui tool mysql-administrator.

Applicable to Centos Versions:

Centos 5.x Centos 6.x

Requirements
1. Login to a terminal as root using one of these options: (su login | su -l | or: su -) 2. Yum and rpm must also be installed and functional (something is seriously wrong if they arent)

Doing the Work

1. Install mysql mysql-server:
# yum install mysql mysql-server Loading "priorities" plugin Loading "changelog" plugin Loading "fastestmirror" plugin Loading "allowdowngrade" plugin Loading "kernel-module" plugin Loading "fedorakmod" plugin Loading "installonlyn" plugin Loading "protectbase" plugin Setting up Install Process Setting up repositories livna 100% |=========================| 1.1 kB 00:00 updates 100% |=========================| 1.2 kB 00:00 core 100% |=========================| 1.1 kB 00:00 extras 100% |=========================| 1.1 kB 00:00 Loading mirror speeds from cached hostfile Reading repository metadata in from local files primary.xml.gz 100% |=========================| 1.8 MB 00:06 extras : ################################################## 5594/5594 0 packages excluded due to repository priority protections 0 packages excluded due to repository protections Parsing package install arguments Resolving Dependencies --> Populating transaction set with selected packages. Please wait.

2 of 7

01/17/2012 09:33 AM

Installing & Conguring MySQL Server : CentOS Help

http://centoshelp.org/servers/installing-conguring-mysq...

---> Downloading header for mysql to pack into transaction set. mysql-5.0.27-1.fc6.i386.r 100% |=========================| 36 kB 00:00 ---> Package mysql.i386 0:5.0.27-1.fc6 set to be updated ---> Downloading header for mysql-server to pack into transaction set. mysql-server-5.0.27-1.fc6 100% |=========================| 33 kB 00:00 ---> Package mysql-server.x86_64 0:5.0.27-1.fc6 set to be updated ---> Downloading header for mysql to pack into transaction set. mysql-5.0.27-1.fc6.x86_64 100% |=========================| 36 kB 00:00 ---> Package mysql.x86_64 0:5.0.27-1.fc6 set to be updated --> Running transaction check --> Processing Dependency: perl-DBI for package: mysql-server --> Processing Dependency: perl(DBI) for package: mysql --> Processing Dependency: perl(DBI) for package: mysql-server --> Processing Dependency: perl-DBD-MySQL for package: mysql-server --> Restarting Dependency Resolution with new changes. --> Populating transaction set with selected packages. Please wait. ---> Downloading header for perl-DBI to pack into transaction set. perl-DBI-1.52-1.fc6.x86_6 100% |=========================| 16 kB 00:00 ---> Package perl-DBI.x86_64 0:1.52-1.fc6 set to be updated ---> Downloading header for perl-DBD-MySQL to pack into transaction set. perl-DBD-MySQL-3.0007-1.f 100% |=========================| 8.5 kB 00:00 ---> Package perl-DBD-MySQL.x86_64 0:3.0007-1.fc6 set to be updated --> Running transaction check Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: mysql i386 5.0.27-1.fc6 updates 3.3 M mysql x86_64 5.0.27-1.fc6 updates 3.3 M mysql-server x86_64 5.0.27-1.fc6 updates 10 M Installing for dependencies: perl-DBD-MySQL x86_64 perl-DBI x86_64

3.0007-1.fc6 1.52-1.fc6

core core

147 k 605 k

Transaction Summary ============================================================================= Install 5 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 18 M Is this ok [y/N]:

2. Start MySQL server daemon (mysqld):

# chkconfig --level 2345 mysqld on; service mysqld start Initializing MySQL database: Installing all prepared tables Fill help tables To start mysqld at boot time you have to copy support-files/mysql.server to the right place for your system PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so, start the server, then issue the following commands: /usr/bin/mysqladmin -u root password 'new-password' /usr/bin/mysqladmin -u root -h angstrom password 'new-password' See the manual for more instructions. You can start the MySQL daemon with: cd /usr ; /usr/bin/mysqld_safe &

3 of 7

01/17/2012 09:33 AM

Installing & Conguring MySQL Server : CentOS Help

http://centoshelp.org/servers/installing-conguring-mysq...

You can test the MySQL daemon with the benchmarks in the 'sql-bench' directory: cd sql-bench ; perl run-all-tests Please report any problems with the /usr/bin/mysqlbug script! The latest information about MySQL is available on the web at http://www.mysql.com Support MySQL by buying support/licenses at http://shop.mysql.com [ OK ] Starting MySQL: [ OK ]

3. Login as root database admin to MySQL server:

# mysql -u root Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 to server version: 5.0.27 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql>

4. Delete ALL users who are not root:

mysql> delete from mysql.user where not (host="localhost" and user="root"); Query OK, 5 rows affected (0.15 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) mysql>

5. Change root database admin password: (note: once this step is complete youll need to login with: mysql -p -u root)
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('mypass'); Query OK, 0 rows affected (0.00 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) mysql>

6. Change root username to something less guessable for higher security.

mysql> update mysql.user set user="mydbadmin" where user="root"; Query OK, 2 rows affected (0.00 sec) Rows matched: 2 Changed: 2 Warnings: 0 mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) mysql>

7. Remove anonymous access to the database(s):

mysql> DELETE FROM mysql.user WHERE User = ''; Query OK, 2 rows affected (0.00 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)

4 of 7

01/17/2012 09:33 AM

Installing & Conguring MySQL Server : CentOS Help

http://centoshelp.org/servers/installing-conguring-mysq...

mysql>

8. Add a new user with database admin privs for all databases:
mysql> GRANT ALL PRIVILEGES ON *.* TO 'warren'@'localhost' IDENTIFIED BY 'mypass' WITH GRANT OPTION; Query OK, 0 rows affected (0.00 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) mysql>

9. Add a new user with database admin privs for a specic database, in this case the database is called bugzilla: (note: The bugzilla database must rst be added, see below.)
mysql> GRANT ALL PRIVILEGES ON bugzilla.* TO 'warren'@'localhost' IDENTIFIED BY 'mypass'; Query OK, 0 rows affected (0.00 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) mysql> Alternatively, you can give someone access to only certain privileges by substituting "ALL PRIVILEGES" with any combination of the following (commas included): SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES

10. Add a MySQL database:

mysql> create database bugzilla; Query OK, 1 row affected (0.15 sec) mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) mysql> quit Bye

11. Installing mysql-administrator:

The MySql Administrator packages for Centos 5.x can be found here: MySQL Administrator Packages: http://people.centos.org/hughesjr/mysql-gui-tools/i386/ Possible Dependencies: http://centos.karan.org/el5/extras/testing/i386/RPMS/ To install these packages download the desired tools into a directory on your desktop or a directory on the server, cd into the directory and issue this command: rpm -ivh *.rpm Make sure that the rpms you want to install are the only files in the directory.

12. Improving local le security (after saving and exiting remember to: service mysqld restart for changes to take eect):
The next change is to disable the use of LOAD DATA LOCAL INFILE command, which will help to prevent against unauthorized reading from local files. This matters especially when new SQL Injection vulnerabilities in PHP applications are found. For that purpose, the following parameter should be added in the [mysqld] section in: /etc/my.cnf

5 of 7

01/17/2012 09:33 AM

Installing & Conguring MySQL Server : CentOS Help

set-variable=local-infile=0

http://centoshelp.org/servers/installing-conguring-mysq...

13. Disabling remote access to the MySQL server (after saving and exiting remember to: service mysqld restart for changes to take eect).
This change applies to the 3306/tcp port, on which MySQL listens by default. Because, according to the initial assumptions, the database will be used only by locally installed PHP applications, we can freely disable listening on that port. This will limit possibilities of attacking the MySQL database by direct TCP/IP connections from other hosts. Local communication will be still possible throw the mysql.sock socket. In order to disable listening on the mentioned port, the following parameter should be added to the [mysqld] section of /etc/my.cnf: skip-networking If, for some reason, remote access to the database is still required (e.g. to perform remote data backup), the SSH protocol can be used as follows: (modify to your needs) backuphost$ ssh mysqlserver /usr/local/mysql/bin/mysqldump -A > backup

Troubleshooting
How to test
1. Make sure mysql and mysql server are indeed installed and that they are the correct versions:
# rpm -qa | grep mysql && chkconfig --list | grep mysql mysql-5.0.27-1.fc6 mysql-5.0.27-1.fc6 mysql-gui-common-1.1.10-3.fc6 mysql-server-5.0.27-1.fc6 mysql-administrator-1.1.10-3.fc6 mysqld 0:off 1:off 2:off 3:off 4:off 5:off

6:off

2. Starting mysqld on boot:

# chkconfig --level 2345 mysqld on && service mysqld restart && chkconfig --list | grep mysqld Stopping MySQL: [ OK ] Starting MySQL: [ OK ] mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off

3. Clear MySQL scrollback history (so sensitive data such as passwords cannot be seen by others with access):
]# cat /dev/null > ~/.mysql_history

4. Show all users in the MySQL Server database:

mysql> select * from mysql.user; 8 rows in set (0.00 sec)

5. Delete a user from the MySQL Server database:

mysql> delete from mysql.user where host = "dev.mydomain.com";Query OK, 2 rows affected (0.00 sec)

6. Delete a null user (user without a username) from the MySQL Server database:
mysql> delete from mysql.user where user = ' '; Query OK, 1 rows affected (0.00 sec)

6 of 7

01/17/2012 09:33 AM

Installing & Conguring MySQL Server : CentOS Help

http://centoshelp.org/servers/installing-conguring-mysq...

Common problems and xes

Problem: User has not properly logged in with roots environment. Fix: (switch to root with one of the following methods): su login su -l su -

More Information
Disclaimer
We test this stu on our own machines, really we do. But you may run into problems, if you do, come to #centoshelp on irc.freenode.net This has been tested on Centos 5.x and 6.x

Added Reading
http://dev.mysql.com/doc/

Copyright 2010 CentosHelp.org 40 queries. 2.420 seconds

7 of 7

01/17/2012 09:33 AM