Home > Database > Mysql Tutorial > How to set up the most secure MySQL database?

How to set up the most secure MySQL database?

小云云
Release: 2017-11-18 13:46:38
Original
2558 people have browsed it

When doing project development, we need to use a database, so the security of the database is also very important. The database is a data management platform, and its security can be said to be composed of both the internal security of the system and the network security. part to decide. For system administrators, they must first ensure the security of the system itself. When installing the MySQL database, the basic environment needs to be well configured. Let’s learn about some MySQL database security settings with Duo Backup today!

1. Modify the root user password and delete the empty password

The root user of MySQL installed by default has an empty password. For security reasons, it must be changed to a strong password. The so-called strong password. An irregular password of at least 8 characters consisting of letters, numbers and symbols. Use the command mysaladmin that comes with MySQL to change the root password. You can also log in to the database and modify the field contents of the user table under the database mysql. The modification method is as follows:

# /usr/local/mysql/bin/mysqladmin -u root password “upassword” //使用mysqladmin
  #mysql> use mysql;
  #mysql> update user set password=password('upassword') where user='root';
  #mysql> flush privileges; //强制刷新内存授权表,否则用的还是在内存缓冲的口令
Copy after login

 2. Delete the default database and database user

Under normal circumstances, the MySQL database is installed locally, and only the local php script is required to read mysql, so many users do not need it, especially those installed by default. After MySQL is initialized, it will automatically generate an empty user and test library for installation testing. This will pose a threat to the security of the database. It is necessary to delete them all. In the final state, only a single root will be retained. Of course, users and databases will be added as needed in the future.

 

 #mysql> show databases;
  #mysql> drop database test; //删除数据库test
  #use mysql;
  #delete from db; //删除存放数据库的表信息,因为还没有数据库信息。
  #mysql> delete from user where not (user='root') ; // 删除初始非root的用户
  #mysql> delete from user where user='root' and password=''; //删除空密码的root,尽量重复操作
  Query OK, 2 rows affected (0.00 sec)
  #mysql> flush privileges; //强制刷新内存授权表。
Copy after login

 3. Change the default mysql administrator account

The administrator name of the system mysql is root, and under normal circumstances, the database administrator has not made any changes. This To a certain extent, it facilitates the exhaustive malicious behavior of system users. At this time, when changing the user name to a complex one, please do not set it to admin or administrator, because they are also in the easy-to-guess user dictionary.

 mysql> update user set user="newroot" where user="root"; //改成不易被猜测的用户名
  mysql> flush privileges;
Copy after login

4. About password management

Passwords are a very important factor in database security management. Do not save plain text passwords in the database. If your computer is compromised, an intruder can obtain all passwords and use them. Instead, use MD5(), SHA1(), or a one-way hash function. Don't choose passwords from a dictionary either, there are specialized programs to crack them, choose a strong password of at least eight characters, consisting of letters, numbers and symbols. When accessing passwords, use the SQL statement of mysql's built-in function password() to encrypt the password and store it. For example, the following method is used to add new users to the users table.

 #mysql> insert into users values (1,password(1234),'test');
Copy after login

5. Use an independent user to run msyql

Never run the MySQL server as the root user. This is very dangerous because any user with FILE permissions can create files as root (for example, ~root/.bashrc). mysqld refuses to run as root unless explicitly specified using the --user=root option. Mysqld should be run as a normal, unprivileged user. As in the previous installation process, create an independent mysql account in Linux for the database. This account is only used to manage and run MySQL.

To start mysqld as another Unix user, add the user option to specify the user name of the [mysqld] group in the /etc/my.cnf option file or the my.cnf option file in the server data directory.

 #vi /etc/my.cnf
  [mysqld]
  user=mysql
Copy after login

This command causes the server to start with the specified user. Whether you start it manually or through mysqld_safe or mysql.server, you can ensure that the identity of mysql is used. You can also add user parameters when starting the database.

 # /usr/local/mysql/bin/mysqld_safe --user=mysql &

To run mysqld as another Linux user without root, you do not need to change the root user name in the user table , because the user name of the MySQL account has nothing to do with the user name of the Linux account. Make sure that when mysqld is run, it is only run as a linux user with read or write permissions on the database directory.

6. Prohibit remote connection to the database

In the command line netstat -ant, you can see that the default 3306 port is open. At this time, the network monitoring of mysqld is turned on, allowing users to remotely access the account. Password to connect to the local database. By default, remote connection to data is allowed. In order to disable this function, enable skip-networking, do not monitor any TCP/IP connections of sql, cut off remote access rights, and ensure security. If you need to manage the database remotely, you can do so by installing PhpMyadmin. If you really need to connect to the database remotely, at least modify the default listening port and add firewall rules to only allow data from the mysql listening port of the trusted network to pass.

# vi /etc/my.cf
  将#skip-networking注释去掉。
  # /usr/local/mysql/bin/mysqladmin -u root -p shutdown //停止数据库
  #/usr/local/mysql/bin/mysqld_safe --user=mysql & //后台用mysql用户启动mysql
Copy after login

 7. Limit the number of connected users

Multiple remote connections by a user of the database will cause performance degradation and affect the operations of other users, so it is necessary to limit them. This can be accomplished by limiting the number of connections allowed for a single account by setting the max_user_connections variable in mysqld in the my.cnf file. The GRANT statement can also support resource control options to limit the server's allowed use of an account. 

 #vi /etc/my.cnf
  [mysqld]
  max_user_connections 2
Copy after login

 8. User directory permission restrictions

  默认的mysql是安装在/usr/local/mysql,而对应的数据库文件在/usr/local/mysql/var目录下,因此,必须保证该目录不能让未经授权的用户访问后把数据库打包拷贝走了,所以要限制对该目录的访问。确保mysqld运行时,只使用对数据库目录具有读或写权限的linux用户来运行。

 # chown -R root /usr/local/mysql/ //mysql主目录给root
 # chown -R mysql.mysql /usr/local/mysql/var //确保数据库目录权限所属mysql用户
Copy after login

  9、命令历史记录保护

  数据库相关的shell操作命令都会分别记录在.bash_history,如果这些文件不慎被读取,会导致数据库密码和数据库结构等信息泄露,而登陆数据库后的操作将记录在.mysql_history文件中,如果使用update表信息来修改数据库用户密码的话,也会被读取密码,因此需要删除这两个文件,同时在进行登陆或备份数据库等与密码相关操作时,应该使用-p参数加入提示输入密码后,隐式输入密码,建议将以上文件置空。

 # rm .bash_history .mysql_history //删除历史记录
  # ln -s /dev/null .bash_history //将shell记录文件置空
  # ln -s /dev/null .mysql_history //将mysql记录文件置
Copy after login

  10、禁止MySQL对本地文件存取

  在mysql中,提供对本地文件的读取,使用的是load data local infile命令,默认在5.0版本中,该选项是默认打开的,该操作令会利用MySQL把本地文件读到数据库中,然后用户就可以非法获取敏感信息了,假如你不需要读取本地文件,请务必关闭。

  测试:首先在测试数据库下建立sqlfile.txt文件,用逗号隔开各个字段

# vi sqlfile.txt
  1,sszng,111
  2,sman,222
  #mysql> load data local infile 'sqlfile.txt' into table users fields terminated by ','; //读入数据
  #mysql> select * from users;
  +--------+------------+----------+
  | userid | username | password |
  +--------+------------+----------+
  | 1 | sszng | 111 |
  | 2 | sman | 222 |
  +--------+------------+----------+
Copy after login

  成功的将本地数据插入数据中,此时应该禁止MySQL中用“LOAD DATA LOCAL INFILE”命令。网络上流传的一些攻击方法中就有用它LOAD DATA LOCAL INFILE的,同时它也是很多新发现的SQL Injection攻击利用的手段!黑客还能通过使用LOAD DATALOCAL INFILE装载“/etc/passwd”进一个数据库表,然后能用SELECT显示它,这个操作对服务器的安全来说,是致命的。可以在my.cnf中添加local-infile=0,或者加参数local-infile=0启动mysql。

#/usr/local/mysql/bin/mysqld_safe --user=mysql --local-infile=0 &
  #mysql> load data local infile 'sqlfile.txt' into table users fields terminated by ',';
  #ERROR 1148 (42000): The used command is not allowed with this MySQL version
  --local-infile=0选项启动mysqld从服务器端禁用所有LOAD DATA LOCAL命令,假如需要获取本地文件,需要打开,但是建议关闭。
Copy after login

  11、MySQL服务器权限控制

  MySQL 权限系统的主要功能是证实连接到一台给定主机的用户,并且赋予该用户在数据库上的SELECT、INSERT、UPDATE和DELETE等权限(详见 user超级用户表)。它的附加的功能包括有匿名的用户并对于MySQL特定的功能例如LOAD DATA INFILE进行授权及管理操作的能力。

  管理员可以对user,db,host等表进行配置,来控制用户的访问权限,而user表权限是超级用户权限。只把user表的权限授予超级用户如服务器或数据库主管是明智的。对其他用户,你应该把在user表中的权限设成'N'并且仅在特定数据库的基础上授权。你可以为特定的数据库、表或列授权,FILE 权限给予你用LOAD DATA INFILE和SELECT ... INTO OUTFILE语句读和写服务器上的文件,任何被授予FILE权限的用户都能读或写MySQL服务器能读或写的任何文件。(说明用户可以读任何数据库目录下的文件,因为服务器可以访问这些文件)。 FILE权限允许用户在MySQL服务器具有写权限的目录下创建新文件,但不能覆盖已有文件在user表的File_priv设置Y或N。,所以当你不需要对服务器文件读取时,请关闭该权限。

#mysql> load data infile 'sqlfile.txt' into table loadfile.users fields terminated by ',';
  Query OK, 4 rows affected (0.00 sec) //读取本地信息sqlfile.txt'
  Records: 4 Deleted: 0 Skipped: 0 Warnings: 0
  #mysql> update user set File_priv='N' where user='root'; //禁止读取权限
  Query OK, 1 row affected (0.00 sec)
  Rows matched: 1 Changed: 1 Warnings: 0
  mysql> flush privileges; //刷新授权表
  Query OK, 0 rows affected (0.00 sec)
  #mysql> load data infile 'sqlfile.txt' into table users fields terminated by ','; //重登陆读取文件
  #ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) //失败
  # mysql> select * from loadfile.users into outfile 'test.txt' fields terminated by ',';
  ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
Copy after login

  为了安全起见,随时使用SHOW GRANTS语句检查查看谁已经访问了什么。然后使用REVOKE语句删除不再需要的权限。

  12、使用chroot方式来控制MySQL的运行目录

  Chroot是linux中的一种系统高级保护手段,它的建立会将其与主系统几乎完全隔离,也就是说,一旦遭到什么问题,也不会危及到正在运行的主系统。这是一个非常有效的办法,特别是在配置网络服务程序的时候。

  13、关闭对Web访问的支持

  如果不打算让Web访问使用MySQL数据库,没有提供诸如PHP这样的Web语言的时候,重新设置或编译你的PHP,取消它们对MySQL的默认支持。假如服务器中使用php等web程序,试试用Web形式非法的请求,如果得到任何形式的MySQL错误,立即分析原因,及时修改Web程序,堵住漏洞,防止 MySQL暴露在web面前。

  对于Web的安全检查,在MySQL官方文档中这么建议,对于web应用,至少检查以下清单:

  试试用Web形式输入单引号和双引号(‘'’和‘"’)。如果得到任何形式的MySQL错误,立即分析原因。

  试试修改动态URL,可以在其中添加%22(‘"’)、%23(‘#’)和%27(‘'’)。

  试试在动态URL中修改数据类型,使用前面示例中的字符,包括数字和字符类型。你的应用程序应足够安全,可以防范此类修改和类似攻击。

  试试输入字符、空格和特殊符号,不要输入数值字段的数字。你的应用程序应在将它们传递到MySQL之前将它们删除或生成错误。将未经过检查的值传递给MySQL是很危险的!

  将数据传给MySQL之前先检查其大小。

  用管理账户之外的用户名将应用程序连接到数据库。不要给应用程序任何不需要的访问权限。

  14、数据库备份策略

  一般可采用本地备份和网络备份的形式,可采用MySQL本身自带的mysqldump的方式和直接复制备份形式,

  直接拷贝数据文件最为直接、快速、方便,但缺点是基本上不能实现增量备份。为了保证数据的一致性,需要在备份文件前,执行以下 SQL 语句:FLUSH TABLES WITH READ LOCK;也就是把内存中的数据都刷新到磁盘中,同时锁定数据表,以保证拷贝过程中不会有新的数据写入。这种方法备份出来的数据恢复也很简单,直接拷贝回原来的数据库目录下即可。

  使用mysqldump可以把整个数据库装载到一个单独的文本文件中。这个文件包含有所有重建您的数据库所需要的SQL命令。这个命令取得所有的模式(Schema,后面有解释)并且将其转换成DDL语法(CREATE语句,即数据库定义语句),取得所有的数据,并且从这些数据中创建INSERT语句。这个工具将您的数据库中所有的设计倒转。因为所有的东西都被包含到了一个文本文件中。这个文本文件可以用一个简单的批处理和一个合适SQL语句导回到MySQL中。

  使用 mysqldump进行备份非常简单,如果要备份数据库” nagios_db_backup ”,使用命令,同时使用管道gzip命令对备份文件进行压缩,建议使用异地备份的形式,可以采用Rsync等方式,将备份服务器的目录挂载到数据库服务器,将数据库文件备份打包在,通过crontab定时备份数据:

#!/bin/sh
  time=`date +"("%F")"%R`
  $/usr/local/mysql/bin/mysqldump -u nagios -pnagios nagios | gzip >/home/sszheng/nfs58/nagiosbackup/nagios_backup.$time.gz
  # crontab -l
  # m h dom mon dow command
  00 00 * * * /home/sszheng/shnagios/backup.sh
Copy after login

  恢复数据使用命令:

 gzip -d nagios_backup./(2008-01-24/)00/:00.gz
  nagios_backup.(2008-01-24)00:00
  #mysql –u root -p nagios < /home/sszheng/nfs58/nagiosbackup/nagios_backup./(2008-01-24/)12/:00
Copy after login

  三、Mysqld安全相关启动选项

  下列mysqld选项影响安全:

 --allow-suspicious-udfs
Copy after login

  该选项控制是否可以载入主函数只有xxx符的用户定义函数。默认情况下,该选项被关闭,并且只能载入至少有辅助符的UDF。这样可以防止从未包含合法UDF的共享对象文件载入函数。 --

local-infile[={0|1}]
Copy after login

  如果用--local-infile=0启动服务器,则客户端不能使用LOCAL in LOAD DATA语句。  

--old-passwords
Copy after login

  强制服务器为新密码生成短(pre-4.1)密码哈希。当服务器必须支持旧版本客户端程序时,为了保证兼容性这很有用。

  (OBSOLETE) --safe-show-database
Copy after login

  在以前版本的MySQL中,该选项使SHOW DATABASES语句只显示用户具有部分权限的数据库名。在MySQL 5.1中,该选项不再作为现在的 默认行为使用,有一个SHOW DATABASES权限可以用来控制每个账户对数据库名的访问。

 --safe-user-create
Copy after login

  如果启用,用户不能用GRANT语句创建新用户,除非用户有mysql.user表的INSERT权限。如果你想让用户具有授权权限来创建新用户,你应给用户授予下面的权限:

mysql> GRANT INSERT(user) ON mysql.user TO &#39;user_name&#39;@&#39;host_name&#39;;
Copy after login

  这样确保用户不能直接更改权限列,必须使用GRANT语句给其它用户授予该权限。

--secure-auth
Copy after login

  不允许鉴定有旧(pre-4.1)密码的账户。

 --skip-grant-tables
Copy after login

  这个选项导致服务器根本不使用权限系统。这给每个人以完全访问所有的数据库的权力!(通过执行mysqladmin flush-privileges或mysqladmin eload命令,或执行FLUSH PRIVILEGES语句,你能告诉一个正在运行的服务器再次开始使用授权表。)

 --skip-name-resolve
Copy after login

  主机名不被解析。所有在授权表的Host的列值必须是IP号或localhost。

--skip-networking
Copy after login

  在网络上不允许TCP/IP连接。所有到mysqld的连接必须经由Unix套接字进行。

 -skip-show-database
Copy after login

1.如果使用该选项,只允许有SHOW DATABASES权限的用户执行SHOW DATABASES语句,该语句显示所有数据库名。

2.如果不使用该选项,则允许所有用户执行SHOW DATABASES,但只显示用户有SHOW DATABASES权限或部分数据库权限的数据库名。请注意全局权限指数据库的权限。、

以上就是MySQL数据库安全设置的方法,有需要的小伙伴们赶紧收藏起来吧。

相关推荐:

Mysql安全性测试

怎样使MySQL安全以对

Windows下设置MySQL安全权限

The above is the detailed content of How to set up the most secure MySQL database?. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template