DIY

DIY: Secure a MySQL installation on Linux

Jack Wallen describes a quick way to secure a MySQL install on Linux. He notes that the server must be secure in order for the recommended script to be an effective solution.

Read my answer to a TechRepublic reader's question, and then please post additional tips for the member in the discussion.

Q: How does one secure a MySQL installation on a Linux server? A: It shouldn't surprise you that MySQL includes a tool that helps to secure the installation. This is only available on Linux, but it should be one of the first steps to take when the install is complete. Here's what you need to do.

The tool is the mysql_secure_installation command and is run from the bash prompt. This script is run from the mysql prompt and will do the following:

  • Set a root password. If a root password has already been set, it will have to be entered to continue to the remaining steps.
  • Remove all anonymous users.
  • Disable non-local root access.
  • Remove the test database and access rules related to it.
  • Reload privilege tables so the above changes are in effect.

The script will automatically determine what needs to be done and will walk you through the process of securing MySQL. Beyond running this script, it is critical to go through the paces of securing the server. But without allowing this script to help lock down the MySQL installation, your database server is vulnerable in ways even securing the server cannot help.

Ask Jack: If you have a DIY question, email it to me, and I'll do my best to answer it. (Read guidelines about submitting DIY questions.)

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

3 comments
rpollard
rpollard

@Spitfire_Sysop: I have researched the web and found numerous articles on securing both MySQL and PHP's access to MySQL. The main thing to do in PHP is to use MySQLi's API calls and use placeholder syntax with the prepare() statement that binds variables to sequenced positions in the call. Resource: http://php.net/manual/en/mysqli.prepare.php For example:

Alpha_Dog
Alpha_Dog

Installing a server is the easy part... 10-20 minutes from bare metal if you use Turnkey Linux. It's keeping the server secure that needs professional advice.

Spitfire_Sysop
Spitfire_Sysop

Do you have any tips for avoiding SQL-injection attacks? These may be more coding tips than configuration advice but perhaps there are settings that can help you harden as well?