Data security is very important in today’s business. With the increase in digital data, the number of attackers is also increasing day by day. There are several security factors to keep in mind such as network access, OS security, MySQL/MariaDB security, and many more.
Let us discuss about MySQL/MariaDB security best practices for our Linux operating system.
10 MySQL/MariaDB Security Best Practices for Linux
- Install MySQL/MariaDB on Linux
First, we need to install MySQL/MariaDB using the following command:
$ sudo apt-get install mysql-serverNow, we have to type the following command in the root user mode:
# mysql_secure_installationAfter starting it, we can enter the root password and answer the sequence of questions by pressing the “Y” key.
- Bind the Database Server Using the Config File
The main MySQL configuration file is named “mysqld.cnf ” and it is placed in the “/etc/mysql/mysql.conf.d/” directory on Linux. We need to secure our MySQL instance and modify this file using the following command:
$ sudo nano /etc/mysql/mysql.conf.d/mysqld.cnfFirst, we need to change the “bind-address” option in the “[mysqld]” section. Then, the bind-address is set to “127.0.0.1”. This command ensures that our MySQL don’t connect from anywhere other than our local system.
bind-address = 127.0.0.1- Disable the LOCAL INFILE in MySQL/MariaDB
We must deactivate the “local_infile” using the following directive in the [mysqld] section. This prevents the users without file-level capabilities from loading files from the filesystem into the database.
local-infile = 0- Change the Default Port
We must change the default port number since ports are used to listen to TCP/IP connections. We can edit this in [mysqld] section in the config file.
Port = 8000- Set the Right Permission on the Config File
Then, we must check that all MySQL server files and data folders have suitable permissions. Only the root should be allowed to modify the config file. This prevents the other users on our Linux from making changes to the database server settings.
- Remove the MySQL/MariaDB Shell History
MySQL shell commands are saved in a history file called “/.mysql_history” by the MySQL client. This can be problematic since any usernames and passwords that are put on the shell will be logged in the history file for any user accounts that we create.
$ cat /dev/null > ~/.mysql_history- Avoid Using the Terminal or CLI to Run the MySQL/MariaDB Commands
Any command that we write on the terminal is saved in a history file. Any password that is entered in this history file is easily visible to an attacker who gains access to it. So, it is better to avoid using the Terminal to run the MySQL/MariaDB commands.
We must not enter the password of MySQL/MariaDB on the command line.
# mysql -u root -p1234_Output:
mysql: [Warning] Using a password on the command line interface can be insecure.
** many more outputs **The previously typed password will be seen in the last part of the command history file.
# historyOutput:
** many more outputs **
11 mysql -u root -p1234_
12 history- Correct Way to Enter the MySQL Password
As we explained in the previous point, we must not use the command line to enter our MySQL/MariaDB password because the attackers might gain access to our database. Let us see the correct way to enter our MySQL password:
# mysql -u root -p- Change Our Default MySQL Password
This is a mandatory practice that we have to follow on a regular basis. It can prevent the attackers who have been monitoring our activities for a long time. Here are the steps to change the default root password of our MySQL:
mysql> USE mysql;
Database changed
mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'papan';
Query OK, 0 rows affected (0.01 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.01 sec)- Use Various Security Plugins and Libraries
There are various security plugins available on the internet to verify the client’s attempts to connect to the MySQL server. These security plugins and libraries protect our confidential information.
Conclusion
We can summarize that by following the mentioned MySQL and MariaDB security practices, we can easily protect ourselves from attackers. This article provides us with a decent overview of the kind of decisions that we must make when protecting our MySQL/MariaDB databases.