LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 01-21-2013, 02:29 AM   #1
kikinovak
Senior Member
 
Registered: Jun 2011
Location: Montpezat (South France)
Distribution: ElementaryOS, Ubuntu LTS, Slackware
Posts: 1,537

Rep: Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709
Securing MySQL


Hi,

Usually, I install and configure MySQL like this:

Code:
  # cd /etc/mysql
  # cp my-small.cnf my.cnf
  # mysql_install_db
  # chown -R mysql:mysql /var/lib/mysql
  # chmod 0755 /etc/rc.d/rc.mysqld
  # /etc/rc.d/rc.mysqld start
  # mysql_secure_installation
  ...
  Set root password? [Y/n]
  ...
  # mysql -u root -p
  Enter password:
  Welcome to the MySQL monitor.
  ...
  mysql> show databases;
  +--------------------+
  | Database           |
  +--------------------+
  | information_schema |
  | mysql              |
  +--------------------+
  2 rows in set (0.00 sec)

  mysql> use mysql;
  Database changed

  mysql> select user, host, password from user;
  +------+-----------+-------------------------------------------+
  | user | host      | password                                  |
  +------+-----------+-------------------------------------------+
  | root | localhost | *6883418C147A759B04D78A2D1E4E0C5BB0CDD1B4 |
  | root | 127.0.0.1 | *6883418C147A759B04D78A2D1E4E0C5BB0CDD1B4 |
  +------+-----------+-------------------------------------------+
  2 rows in set (0.00 sec)

  mysql> quit
  Bye
On recent versions of MySQL, there's also a root@::1 user defined. Since I don't use IPv6 for now and deactivate it, I also drop this user.

Now I wonder if there's some extra security to be gained by adding the following statement to my.cnf:

Code:
bind-address = 127.0.0.1
Debian and Ubuntu add this statement out of the box, but not Slackware, so I wonder if it makes sense to add it. In theory, since I only have root@localhost and root@127.0.0.1 defined explicitly as users, folks from remote machines shouldn't be able to connect remotely.

What's your opinion on this?
 
Old 01-21-2013, 04:17 AM   #2
ppr:kut
Member
 
Registered: Aug 2006
Location: Netherlands
Distribution: Slackware
Posts: 356

Rep: Reputation: 91
Slackware uses --skip-networking by default, which disallows any connections over tcp/ip, be it from remote or from 127.0.0.1. You can only connect using named pipes or over the UNIX socket. So adding the bind-address statement does not provide any additional security.
 
3 members found this post helpful.
Old 01-21-2013, 09:31 AM   #3
kikinovak
Senior Member
 
Registered: Jun 2011
Location: Montpezat (South France)
Distribution: ElementaryOS, Ubuntu LTS, Slackware
Posts: 1,537

Original Poster
Rep: Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709
Thanks very much for the information !
 
Old 01-21-2013, 09:57 AM   #4
kikinovak
Senior Member
 
Registered: Jun 2011
Location: Montpezat (South France)
Distribution: ElementaryOS, Ubuntu LTS, Slackware
Posts: 1,537

Original Poster
Rep: Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709
Quote:
Originally Posted by ppr:kut View Post
Slackware uses --skip-networking by default, which disallows any connections over tcp/ip, be it from remote or from 127.0.0.1. You can only connect using named pipes or over the UNIX socket. So adding the bind-address statement does not provide any additional security.
Erm... I just took a peek at the source out of curiosity, and I couldn't find the option you mention. Where is it?
 
Old 01-21-2013, 10:19 AM   #5
ppr:kut
Member
 
Registered: Aug 2006
Location: Netherlands
Distribution: Slackware
Posts: 356

Rep: Reputation: 91
It's in the rc.mysql script
 
1 members found this post helpful.
Old 01-21-2013, 12:08 PM   #6
kikinovak
Senior Member
 
Registered: Jun 2011
Location: Montpezat (South France)
Distribution: ElementaryOS, Ubuntu LTS, Slackware
Posts: 1,537

Original Poster
Rep: Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709Reputation: 709
OK thanks again !!!
 
  


Reply

Tags
mysql


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
mysql error Can't connect to local MySQL server through socket '/var/lib/mysql/mysql. SpellChainz Linux - Newbie 1 06-23-2007 03:35 PM
mysql error Can't connect to local MySQL server through socket '/var/lib/mysql/mysql. Dannux Linux - Software 3 03-24-2006 08:44 AM
Securing MySQL int0x80 Linux - Security 7 11-23-2005 05:47 PM
securing php, apache and mysql javier_ccs Linux - Security 5 10-18-2005 11:08 AM


All times are GMT -5. The time now is 11:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration