Upload
ram-n-sangwan
View
76
Download
3
Embed Size (px)
Citation preview
MySQL DBA Training Session 16. Securing MySQL ServerRAM N SANGWAN
WWW.RNSANGWAN.COM
YOUTUBE CHANNEL : HTTP://YOUTUBE.COM/USER/THESKILLPEDIA
TO LEARN OR TEACH JOIN WWW.THESKILLPEDIA.COM
WWW.RNSANGWAN.COM 1
Who am I?
• Corporate Trainer
• More than 25 Years of Experience.
• More than 50 Technologies
• Managing Alliance Softech Pvt Ltd as Managing Director
• Running More than 300 Live Websites
• Major Technologies
◦ RDBMS : MySQL, Sybase (Now SAP ASE), DB2, Oracle, SQL Server, SAP HANA
◦ Linux : Virtualization, High Availability, Deployment
◦ PHP, Perl, Python
◦ Storage Technologies
◦ Many More…
WWW.RNSANGWAN.COM 2
About this Session
• Security Issues
• Operating System Security
• Filesystem Security
• Securing Mysql Installation
• Securing the MySQL Service
• Log Files and Security
• Network Security
• Securing the Initial MySQL Accounts
WWW.RNSANGWAN.COM 3
About this Session Contd..
• Setup Passwords for accounts
• Ready Script to secure your installation
• General Privilege Precautions
• Restricting the Server's Network Interfaces
• Upgrading the Privilege Tables
• Fixing Privileges through Script provided
• Security- SQL Mode Values
WWW.RNSANGWAN.COM 4
Security Issues
• Operating system security risks.
• Filesystem security risks.
• Network security risks.
WWW.RNSANGWAN.COM 5
Operating System Security
• Minimize the number of tasks that the server host is used for.
• It is best if the MySQL server machine is used exclusively for MySQL.
◦ No need to have login accounts except the system administrative accounts.
• Closing ports minimizes the number of avenues of attack to which the host is
exposed.
• There is also a performance benefit to minimizing the number of non-MySQL
services:
◦ More of the system's resources can be devoted to MySQL.
WWW.RNSANGWAN.COM 6
Filesystem Security
• All components of a MySQL installation should be owned by a login accountwith proper administrative privileges.
• The installation should be accessible to other users only to the extentnecessary.
• For this set up a dedicated login account to use for administering MySQL andgive that account ownership of the relevant files.
• An additional benefit of setting up this account is that you can use it to run theMySQL server, rather than running the server from the Unix root account.
WWW.RNSANGWAN.COM 7
Filesystem Security Contd..
• Every MySQL- related directory and file should have its user and groupownerships set to mysql.
• Files that only the server should be able to access should be owned by themysql account and readable only by it.
• Exceptions are : Unix socket file, global option files, error message files,language files, and character set files.
• In most cases, it's reasonable for client programs and other utilities to beworld-executable so that other users with login accounts on the system canrun them.
WWW.RNSANGWAN.COM 8
Securing Mysql Installation
• The chown and chgrp commands should be run as the system root user
because only root can assign directory and file ownership.
# chown -R mysql /usr/share/mysql
# chgrp -R mysql /usr/share/mysql
# chmod u=rwx,go=rx /usr/share/mysql
# chmod u=rwx,go=rx /usr/share/mysql/bin
(If applicable. Check your installation Tree)
# chmod -R go-rwx /var/lib/mysql/
(..check your data directory)
WWW.RNSANGWAN.COM 9
Securing Mysql Installation Contd..
• You should also protect the global option file, /etc/my.cnf, if it exists.
• The mysql user should own it and have read/write access to it, but other usersneed only read access:
# chown mysql /etc/my.cnf
# chgrp mysql /etc/my.cnf
# chmod u=rw,go=r /etc/my.cnf
WWW.RNSANGWAN.COM 10
Securing the MySQL Service
• You should start mysql service as root with a --user=mysql option.
• If you have the server set to start automatically during the system bootsequence, then put the --user option in an option file, /etc/my.cnf :
[mysqld]
user=mysql
• Each MySQL user on Unix that has a personal option file (~/.my.cnf).
• To protect this file each should use:
# chmod u=rw,go-rwx ~/.my.cnf
WWW.RNSANGWAN.COM 11
Log Files and Security
• You should keep the log contents secret.
• Log exposure constitutes a security risk that must be addressed by protectingthe log files, but logs also play a role in enhancing security:
• The binary log is needed for data security & recovery operations.
• The general query log gives you information about what clients are connecting,which may be helpful in detecting instances of malicious activity and determiningtheir source.
WWW.RNSANGWAN.COM 12
Network Security
• It's important to make sure that only authorized clients can connect to theserver to access its databases.
• You should make sure that MySQL accounts are protected with passwordsand do not have unnecessary privileges.
WWW.RNSANGWAN.COM 13
Securing the Initial MySQL Accounts
• MySQL Server controls client access using the mysql database, whichcontains the grant tables.
• Privileges listed in the grant tables are tied to accounts, each of which isdefined by a username and a hostname.
• The MySQL installation procedure sets up one or more initial accounts in thegrant tables.
• By default, these accounts have no passwords at first.
• The grant tables may also contain anonymous- user accounts that have ablank username and that can be used by anyone.
WWW.RNSANGWAN.COM 14
Setup Passwords for accounts
• Use the GRANT statement
• Use the SET PASSWORD statement
• Use the mysqladmin password command
• Modify the grant tables directly with the UPDATE statement
WWW.RNSANGWAN.COM 15
Setup Passwords for accounts Contd..
• Initially, assuming that the root accounts have no password, you can connectas follows without specifying a password option:
# mysql -u root mysql
• Account names and passwords are stored in the user table of the mysqldatabase.
• Modify any user table records for root to assign a password.
mysql> UPDATE user SET Password = PASSWORD(‘Z*sb7U#$') WHEREUser ='root';
WWW.RNSANGWAN.COM 16
Setup Passwords for accounts Contd..
• Remove any anonymous accounts:
mysql> DELETE FROM user WHERE User ='';
mysql> DELETE FROM db WHERE User ='';
• To see what effect the preceding operations have on the user table:
mysql> SELECT Host, User, Password FROM user;
• Finally, flush the grant tables:
mysql> FLUSH PRIVILEGES;
WWW.RNSANGWAN.COM 17
Ready Script to secure your installation
• MySQL comes with a mysql_secure_installation script with followingcapabilities:
• Set a password for the root accounts.
• Remove any remotely accessible root accounts.
• Remove the anonymous-user accounts.
• Remove the test database.
WWW.RNSANGWAN.COM 18
General Privilege Precautions
• Don't grant privileges for the mysql database.
• Be selective about granting administrative privileges.
◦ The FILE privilege allows users to cause the MySQL server to read and
write files in the server host filesystem.
◦ The PROCESS privilege allows use of SHOW PROCESSLIST to see all
client threads.
Output from this statement shows the statements that clients are executing,
which exposes data.
◦ The SUPER privilege allows a client to kill other client connections or to
change the runtime configuration of the server.
WWW.RNSANGWAN.COM 19
Restricting the Server's Network Interfaces
• Disable TCP/IP connections by starting the server with the --skip-networkingoption.
• For Unix servers, this is not an issue, because the Unix socket file is alwaysavailable.
• Place the following lines in an option file:
[mysqld]
bind-address=127.0.0.1
WWW.RNSANGWAN.COM 20
Upgrading the Privilege Tables
• As MySQL development proceeds, it sometimes occurs that new privilegesare implemented to go along with new features.
• For example, in MySQL 5, new features include stored routines and views,each of which is accompanied by privileges CREATE ROUTINE and CREATEVIEW
WWW.RNSANGWAN.COM 21
Fixing Privileges through Script provided
Run mysql_fix_privilege_tables to upgrade your grant tables program:
1. Make a backup of your mysql database:
# mysqldump mysql > mysql.sql
2. Run it using:
# mysql_fix_privilege_tables --password=root_password
When you run mysql_fix_privilege_tables, Duplicate column name errorsmight occur and can be ignored.
3. After upgrading the grant tables, stop the server and restart it.
4. Consider whether any of your MySQL accounts should be given the newprivileges.
WWW.RNSANGWAN.COM 22
Security- SQL Mode Values
• New SQL mode values are implemented from time to time.
• By default, new mode values are not enabled by default as part of yourserver's SQL mode.
• You can run the server in that mode by putting the following lines in an optionfile:
[mysqld]
sql-mode=TRADITIONAL
WWW.RNSANGWAN.COM 23
SQL Mode Values Contd..
• Strict mode enables general input value restrictions. Strict mode is enabledusing the STRICT_ALL_TABLES and STRICT_TRANS_TABLES modevalues.
• Division by zero can be treated as an error for data entry by enabling theERROR_FOR_DIVISION_BY_ZERO mode value and strict mode.
• By default, MySQL requires that the month and day values correspond to anactual legal date, except that it allows "zero" dates (' 0000-00-00') and datesthat have zero parts ('2009-12-00',' 2009-00-01').
• Zero dates and dates with zero parts are allowed, even in strict mode.
• To prohibit such dates, enable strict mode and the NO_ZERO_DATE andNO_ZERO_IN_DATE mode values.
WWW.RNSANGWAN.COM 24
SQL Mode Values Contd..
• The TRADITIONAL mode value is a composite mode that enables strict modeas well as the other restrictions.
• If you want your MySQL server to be as restrictive as possible about inputdata checking, the simplest way to achieve this is to enable TRADITIONALmode rather than a list of individual more-specific modes.
WWW.RNSANGWAN.COM 25
Thank You
WWW.RNSANGWAN.COM 26
• ls -la /var/lib/mysql/
• PURGE BINARY LOGS TO 'mysql-bin.010';
• PURGE BINARY LOGS BEFORE '2008-04-02 22:46:26';
• PURGE BINARY LOGS BEFORE NOW();
WWW.RNSANGWAN.COM 27