Data security is very important in today’s business. With the increase in digital data, the number of attackers is also increasing day by day. There are several security factors to keep in mind such as network access, OS security, MySQL/MariaDB security, and many more.
Let us discuss about MySQL/MariaDB security best practices for our Linux operating system.
10 MySQL/MariaDB Security Best Practices for Linux
- Install MySQL/MariaDB on Linux
First, we need to install MySQL/MariaDB using the following command:
$ sudo apt-get install mysql-serverNow, we have to type the following command in the root user mode:
# mysql_secure_installationAfter starting it, we can enter the root password and answer the sequence of questions by pressing the “Y” key.
- Bind the Database Server Using the Config File
The main MySQL configuration file is named “mysqld.cnf ” and it is placed in the “/etc/mysql/mysql.conf.d/” directory on Linux. We need to secure our MySQL instance and modify this file using the following command:
$ sudo nano /etc/mysql/mysql.conf.d/mysqld.cnfFirst, we need to change the “bind-address” option in the “[mysqld]” section. Then, the bind-address is set to “127.0.0.1”. This command ensures that our MySQL don’t connect from anywhere other than our local system.
bind-address = 127.0.0.1- Disable the LOCAL INFILE in MySQL/MariaDB
We must deactivate the “local_infile” using the following directive in the [mysqld] section. This prevents the users without file-level capabilities from loading files from the filesystem into the database.
local-infile = 0- Change the Default Port
We must change the default port number since ports are used to listen to TCP/IP connections. We can edit this in [mysqld] section in the config file.
Port = 8000- Set the Right Permission on the Config File
Then, we must check that all MySQL server files and data folders have suitable permissions. Only the root should be allowed to modify the config file. This prevents the other users on our Linux from making changes to the database server settings.
- Remove the MySQL/MariaDB Shell History
MySQL shell commands are saved in a history file called “/.mysql_history” by the MySQL client. This can be problematic since any usernames and passwords that are put on the shell will be logged in the history file for any user accounts that we create.
$ cat /dev/null > ~/.mysql_history- Avoid Using the Terminal or CLI to Run the MySQL/MariaDB Commands
Any command that we write on the terminal is saved in a history file. Any password that is entered in this history file is easily visible to an attacker who gains access to it. So, it is better to avoid using the Terminal to run the MySQL/MariaDB commands.
We must not enter the password of MySQL/MariaDB on the command line.
# mysql -u root -p1234_Output:
mysql: [Warning] Using a password on the command line interface can be insecure.
** many more outputs **The previously typed password will be seen in the last part of the command history file.
# historyOutput:
** many more outputs **
11 mysql -u root -p1234_
12 history- Correct Way to Enter the MySQL Password
As we explained in the previous point, we must not use the command line to enter our MySQL/MariaDB password because the attackers might gain access to our database. Let us see the correct way to enter our MySQL password:
# mysql -u root -p- Change Our Default MySQL Password
This is a mandatory practice that we have to follow on a regular basis. It can prevent the attackers who have been monitoring our activities for a long time. Here are the steps to change the default root password of our MySQL:
mysql> USE mysql;
Database changed
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'papan';
Query OK, 0 rows affected (0.01 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.01 sec)- Use Various Security Plugins and Libraries
There are various security plugins available on the internet to verify the client’s attempts to connect to the MySQL server. These security plugins and libraries protect our confidential information.
Conclusion
We can summarize that by following the mentioned MySQL and MariaDB security practices, we can easily protect ourselves from attackers. This article provides us with a decent overview of the kind of decisions that we must make when protecting our MySQL/MariaDB databases.
Frequently Asked Questions
How to install MySQL/MariaDB on Linux for enhanced security?
To install MySQL/MariaDB on Linux, use the command 'sudo apt-get install mysql-server' and then run 'mysql_secure_installation' in root user mode to set up security measures.
What is the purpose of binding the Database Server in MySQL/MariaDB on Linux?
Binding the Database Server in MySQL/MariaDB on Linux, by changing the 'bind-address' option to '127.0.0.1' in mysqld.cnf, ensures that MySQL connections are restricted to the local system only.
How can I disable LOCAL INFILE in MySQL/MariaDB for better security?
To enhance security, disable 'local_infile' by setting 'local-infile = 0' in the [mysqld] section of the MySQL/MariaDB configuration file.
What is the importance of changing the default port in MySQL/MariaDB security practices?
Changing the default port in MySQL/MariaDB is crucial as it helps in enhancing security by ensuring that the server listens to TCP/IP connections on a different port, reducing the risk of unauthorized access.
How can I set the right permissions on the MySQL/MariaDB configuration file for optimal security?
To set the right permissions on the MySQL/MariaDB configuration file, ensure that all server files and data folders have appropriate permissions, with only the root user having access for added security.
What are the best practices for securing MySQL/MariaDB on a Linux operating system?
Some best practices include installing MySQL/MariaDB securely, binding the Database Server, disabling LOCAL INFILE, changing the default port, and setting the right permissions on the configuration file.
Why is network access considered a critical security factor for MySQL/MariaDB on Linux?
Network access is crucial for MySQL/MariaDB security on Linux as it determines how connections are established, and securing network access helps prevent unauthorized access to the database server.
How does modifying the MySQL/MariaDB configuration file contribute to enhancing security on Linux?
Modifying the MySQL/MariaDB configuration file, such as changing the bind-address and port settings, plays a vital role in enhancing security by restricting access and controlling how the server communicates over the network.