Basic MySql Security
I managed to use the command line to copy over my databases, and I have implemented the general security tips
disallow password authentication
fail2ban
disallow root logins in my main apache config.
changed the default SSH port (although I see that some people don't think this is necessary).
ufw firewall only allowing my SSH port, 80, and 443.
But - what should I be doing in terms of MySql security specifically?
When I first set up my Linode using the LAMP stackscript, I used root as the user and I'm wondering if I need to change this, and how to do this safely.
I want to be able to use the automatic database backup plugin in Wordpress, and I have Linode backups turned on, but otherwise no one needs any access to my Linode other than me from my local machine at my home static IP.
I'm a supernewbie and I'd really appreciate some advice.
Thanks!
2 Replies
# netstat -lvnut
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 4821/mysqld
...
If you see 127.0.0.1:3306 (or the IPv6 equivalent, can't remember what it is right now) in the Local Address column, then MySQL is only listening on the loopback interface. If you see 0.0.0.0:3306 (or :::3306), it is accepting connections from the outside world and you should change bind-address
If you don't see it in the netstat output, then MySQL is probably using a UNIX socket (you can check with netstat -lvpn –protocol=unix) which is not open to the outside.