12 MySQL/MariaDB Security kacha mma maka Linux
MySQL bụ sistemụ nchekwa data mepere emepe kachasị ewu ewu n'ụwa yana MariaDB ( ndụdụ nke MySQL) bụ sistemụ nchekwa data mepere emepe na-eto ngwa ngwa n'ụwa. Mgbe ị wụnye ihe nkesa MySQL, ọ nweghị nchebe na nhazi ndabere ya, yana ịchekwa ya bụ otu n'ime ọrụ dị mkpa na njikwa nchekwa data n'ozuzu.
Nke a ga-enye aka n'ịgbasi ike na ịkwalite nchekwa nchekwa ihe nkesa Linux n'ozuzu, ebe ndị na-awakpo na-enyochakarị adịghị ike n'akụkụ ọ bụla nke sistemụ, na ọdụ data n'oge gara aga bụ mpaghara ebumnuche ebumnuche. Otu ihe atụ a na-ahụkarị bụ mmanye nke mgbọrọgwụ okwuntughe maka nchekwa data MySQL.
N'ime ntuziaka a, anyị ga-akọwa uru nchekwa MySQL/MariaDB bara uru maka Linux.
1. Chekwaa nwụnye MySQL
Nke a bụ nzọụkwụ mbụ akwadoro ka ị wụnye ihe nkesa MySQL, n'ebe nchekwa nchekwa data. Edemede a na-enyere aka melite nchekwa nke ihe nkesa MySQL site na ịrịọ gị ka ị:
- tọọ paswọọdụ maka akaụntụ mgbọrọgwụ, ma ọ bụrụ na idebeghi ya n'oge echichi.
- gbanyụọ nbanye onye ọrụ mgbọrọgwụ dịpụrụ adịpụ site na iwepu akaụntụ mgbọrọgwụ nke a na-enweta site na mpụga onye ọbịa obodo.
- wepu akaụntụ onye ọrụ na-amaghị aha wee nwalee nchekwa data nke ndị ọrụ niile nwere ike ịnweta na ndabara, ọbụlagodi ndị ọrụ amaghị.
# mysql_secure_installation
Mgbe ịmechara ya, tọọ paswọọdụ mgbọrọgwụ wee zaa usoro ajụjụ site na itinye [Ee/Y] wee pịa [Tinye].
2. Jikọọ Database Server Iji Loopback Adreesị
Nhazi a ga-egbochi ohere site na igwe dịpụrụ adịpụ, ọ na-agwa sava MySQL ka ọ nabata njikọ sitere na localhost. Ị nwere ike ịtọ ya na faịlụ nhazi isi.
# vi /etc/my.cnf [RHEL/CentOS] # vi /etc/mysql/my.conf [Debian/Ubuntu] OR # vi /etc/mysql/mysql.conf.d/mysqld.cnf [Debian/Ubuntu]
Tinye ahịrị ndị a n'okpuru n'okpuru [mysqld] ngalaba.
bind-address = 127.0.0.1
3. Gbanyụọ LOCAL INFILE na MySQL
Dịka akụkụ nke nchekwa siri ike, ịkwesịrị gbanyụọ local_infile iji gbochie ịnweta sistemụ faịlụ dị n'ime MySQL site na iji ntuziaka a n'okpuru [mysqld] ngalaba.
local-infile=0
4. Gbanwee ọdụ ụgbọ mmiri MYSQL
Ọdụ ụgbọ mmiri na-edobe nọmba ọdụ ụgbọ mmiri MySQL nke a ga-eji gee ntị na njikọ TCP/ IP. Nọmba ọdụ ụgbọ mmiri ndabara bụ 3306 mana ị nwere ike ịgbanwe ya n'okpuru ngalaba [mysqld] dị ka egosiri.
Port=5000
5. Kwado MySQL Logging
Ndekọ bụ otu n'ime ụzọ kachasị mma isi ghọta ihe na-eme na ihe nkesa, ọ bụrụ na mwakpo ọ bụla, ị nwere ike ịhụ mmemme ọ bụla metụtara ntinye na faịlụ ndekọ ngwa ngwa. Ị nwere ike ime ka MySQL banye site na ịgbakwunye mgbanwe ndị a n'okpuru [mysqld] ngalaba.
log=/var/log/mysql.log
6. Tọọ ikike kwesịrị ekwesị na faịlụ MySQL
Gbaa mbọ hụ na ị nwere ikike edobere maka faịlụ ihe nkesa mysql niile yana akwụkwọ ndekọ data. Faịlụ /etc/my.conf kwesịrị ịbụ naanị edere ka mgbọrọgwụ. Nke a na-egbochi ndị ọrụ ndị ọzọ ịgbanwe nhazi nkesa nchekwa data.
# chmod 644 /etc/my.cnf
7. Hichapụ MySQL Shell History
Iwu niile ị na-eme na shei MySQL bụ ndị ahịa mysql na-echekwa na faịlụ akụkọ ihe mere eme: ~/.mysql_history. Nke a nwere ike ịdị ize ndụ, n'ihi na maka akaụntụ onye ọrụ ọ bụla ị ga-emepụta, aha njirimara na okwuntughe niile etinyere na shei ga-edekọ na faịlụ akụkọ ihe mere eme.
# cat /dev/null > ~/.mysql_history
8. Emela MySQL Iwu site na Commandline
Dị ka ị maraworị, a na-echekwa iwu niile ị pịnyere na ọdụ ọdụ n'ime faịlụ akụkọ ihe mere eme, dabere na shei ị na-eji (dịka ọmụmaatụ ~/.bash_history for bash). Onye na-awakpo nke jisiri ike nweta faịlụ akụkọ ihe mere eme a nwere ike ịhụ okwuntughe ọ bụla edere n'ebe ahụ ngwa ngwa.
A naghị atụ aro ka ị pịnye okwuntughe na ahịrị iwu, ihe dịka nke a:
# mysql -u root -ppassword_
Mgbe ị na-elele akụkụ ikpeazụ nke faịlụ akụkọ ihe mere eme iwu, ị ga-ahụ paswọọdụ pịnyere n'elu.
# history
Ụzọ kwesịrị ekwesị iji jikọọ MySQL bụ.
# mysql -u root -p Enter password:
9. Kọwaa ndị ọrụ nchekwa data akọwapụtara ngwa
Maka ngwa ọ bụla na-agba ọsọ na ihe nkesa, naanị nye ohere ịnweta onye ọrụ na-ahụ maka nchekwa data maka ngwa enyere. Dịka ọmụmaatụ, ọ bụrụ na ị nwere saịtị wordpress, mepụta otu onye ọrụ maka nchekwa data saịtị wordpress dị ka ndị a.
# mysql -u root -p MariaDB [(none)]> CREATE DATABASE osclass_db; MariaDB [(none)]> CREATE USER 'osclassdmin'@'localhost' IDENTIFIED BY '[email %!2'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON osclass_db.* TO 'osclassdmin'@'localhost'; MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> exit
ma cheta na ị na-ewepụ akaụntụ onye ọrụ mgbe niile na-anaghịzi ejikwa nchekwa data ngwa ọ bụla na nkesa.
10. Jiri mgbakwunye nchekwa na ọba akwụkwọ
MySQL gụnyere ọtụtụ plugins nchekwa maka: ịchọpụta mbọ ndị ahịa na-agba iji jikọọ na sava mysql, nkwenye paswọọdụ na nchekwa nchekwa maka ozi nwere mmetụta, nke dị na ụdị efu.
Ị nwere ike ịchọta ihe ndị ọzọ ebe a: https://dev.mysql.com/doc/refman/5.7/en/security-plugins.html
11. Gbanwee MySQL okwuntughe mgbe niile
Nke a bụ ndụmọdụ nkịtị/ngwa/usoro nchekwa. Ugboro ole ị na-eme nke a ga-adabere kpamkpam na iwu nchekwa gị. Agbanyeghị, ọ nwere ike igbochi \snoopers ndị nwere ike na-enyocha ọrụ gị ogologo oge, ịnweta sava mysql gị.
MariaDB [(none)]> USE mysql;
MariaDB [(none)]> UPDATE user SET password=PASSWORD('YourPasswordHere') WHERE User='root' AND Host = 'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;
12. Melite MySQL Server ngwugwu mgbe niile
A na-atụ aro nke ukwuu ịkwalite ngwungwu mysql/mariadb mgbe niile ka ị na-aga n'ihu na mmelite nchekwa yana ndozi ahụhụ, site na ebe nchekwa nke onye na-ere ahịa. Ngwunye na-adịkarị na ebe nchekwa sistemụ arụrụ arụ ọrụ emechiela.
# yum update # apt update
Mgbe ịmechara mgbanwe ọ bụla na sava mysql/mariadb, malitegharịa ọrụ ahụ mgbe niile.
# systemctl restart mariadb #RHEL/CentOS # systemctl restart mysql #Debian/Ubuntu
Ọ gwụla! Anyị na-enwe mmasị ịnụ gị site na ụdị nkọwa n'okpuru. Kekọrịta anyị ndụmọdụ nchekwa MySQL/MariaDB ọ bụla na-efu na listi dị n'elu.