Improve MySQL Installation Security – mysql_secure_installation
This program enables you to improve the security of your MySQL installation in the following ways:
- You can set a password for root accounts.
- You can remove root accounts that are accessible from outside the local host.
- You can remove anonymous-user accounts.
- You can remove the test database (which by default can be accessed by all users, even anonymous users), and privileges that permit anyone to access databases with names that start with test.
With Ubuntu based systems you have the option of running the mysql_secure_installation script to initialize passwords and perform other security-related tasks. It manages for you much of the secure installation steps by assigning passwords for the accounts with the username root and removing the anonymous accounts.
The mysql_secure_installation tool helps to improve MySQL Installation Security. To execute this tool MySQL server service requires to be running. If you see the following error, it means mysqld is not running:
ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
You can just run the following command line to make sure that MySQL Server is started:
root@gs2:~# service mysql start mysql start/running, process 2194
Now you should be ready run mysql_secure_installation and this program enables you to improve the security of your MySQL.
root@gs2:~# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we’ll need the current password for the root user. If you’ve just installed MySQL, and you haven’t set the root password yet, the password will be blank, so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL root user without the proper authorization.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from ’localhost’. This ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MySQL comes with a database named ’test’ that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you’ve completed all of the above steps, your MySQL installation should now be secure.
Thanks for using MySQL!
root@gs2:~#
Installations and securing MySQL database are part of the duties of a database administrator. In the next post I will covered the howto connect/logon and create a database in MySQL and how to use MySQL to perform different tasks. I will show you how to grant user access and manage your MySQL databases.