DIY: Secure a MySQL installation on Linux

Jack Wallen describes a quick way to secure a MySQL install on Linux. He notes that the server must be secure in order for the recommended script to be an effective solution.

Read my answer to a TechRepublic reader's question, and then please post additional tips for the member in the discussion.

Q: How does one secure a MySQL installation on a Linux server? A: It shouldn't surprise you that MySQL includes a tool that helps to secure the installation. This is only available on Linux, but it should be one of the first steps to take when the install is complete. Here's what you need to do.

The tool is the mysql_secure_installation command and is run from the bash prompt. This script is run from the mysql prompt and will do the following:

  • Set a root password. If a root password has already been set, it will have to be entered to continue to the remaining steps.
  • Remove all anonymous users.
  • Disable non-local root access.
  • Remove the test database and access rules related to it.
  • Reload privilege tables so the above changes are in effect.

The script will automatically determine what needs to be done and will walk you through the process of securing MySQL. Beyond running this script, it is critical to go through the paces of securing the server. But without allowing this script to help lock down the MySQL installation, your database server is vulnerable in ways even securing the server cannot help.

Ask Jack: If you have a DIY question, email it to me, and I'll do my best to answer it. (Read guidelines about submitting DIY questions.)