[SOLVED] Changed root name for MySQL. Lynis gives warning. Should I worry?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Changed root name for MySQL. Lynis gives warning. Should I worry?
I have installed LAMP on Debian 7.0 and have changed the MySQL root name to something else to enhance security. Lynis consequently gives a warning
Code:
No MySQL root password set [DBS-1816]
I can log into MySQL as root without a password but cannot do anything once I am in that way because the user "root" is no longer in the name table. If I enter
Code:
mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('trickyPassword');
I get
Code:
ERROR 1133 (42000): Can't find any matching row in the user table
Distribution: Slackware 14.2 soon to be Slackware 15
Posts: 699
Rep:
Is there an entry in the user table where user='root' and host = 'localhost'? Check it and see. There can be several root entries, and there might not be one with localhost as the host;
use mysql;
select user,host from user;
That will display all of the entries in the user table, you want to see if there is a line like this:
+----------------+----------+
| host | user |
+----------------+----------+
....
| localhost | root |
If not, then see what root entries do exist and with what host. Those are the ones you want to use to set the password. Or maybe you want to get rid of them and create a root@localhost entry. It depends on how you want your root account accessed.
Is there an entry in the user table where user='root' and host = 'localhost'? Check it and see. There can be several root entries, and there might not be one with localhost as the host;
use mysql;
select user,host from user;
That will display all of the entries in the user table, you want to see if there is a line like this:
+----------------+----------+
| host | user |
+----------------+----------+
....
| localhost | root |
If not, then see what root entries do exist and with what host. Those are the ones you want to use to set the password. Or maybe you want to get rid of them and create a root@localhost entry. It depends on how you want your root account accessed.
Quote:
Code:
use mysql;
The password-free login as 'root' will not even let me do that.
Code:
$ mysql -u root
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 56
Server version: 5.5.37-0+wheezy1 (Debian)
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use mysql;
ERROR 1044 (42000): Access denied for user ''@'localhost' to database 'mysql'
mysql>
I changed the root name for security reasons. The way that I did it is outlined here.
If I understand what that link is saying, you changed the root user name to admin? Did you try logging in as "admin"?
"Admin" was used there as an example. I changed the root user name to a secret name that I can log in as. I'm just wondering if I should ignore the Lynis warning.
Distribution: Slackware 14.2 soon to be Slackware 15
Posts: 699
Rep:
Well, in a real world production system, you would not do this. Root is root, and you secure it instead of renaming it. But it's your server so do what you want.
To answer your question - if the root account has no privileges, then ignore the warning.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.