Mailinglist Archive: opensuse (3337 mails)

< Previous Next >
Re: [suse-sles-e] Question: How can I prevent a open mysql-port to the internet?
  • From: Sunny <sloncho@xxxxxxxxx>
  • Date: Wed, 26 Apr 2006 15:12:15 -0500
  • Message-id: <e7eeb230604261312o2ffd83b0w5ab44fa1845c71f@xxxxxxxxxxxxxx>
On 4/26/06, Thomas Albl wrote:
> Hi all,
>
> I have one Question (maybe it spreads in many :) )about hardening a
> Web-Server:
>
> I have compiled apache & mysql on a sles8. But too bad the mysql port is
> open to the world.
>
> I have another server on which i can prevent logging into on all ports
> (without going over inetd/xinetd) by editing a file called hosts.allow,
> respective hosts.deny
>
> I want this feature on the second server too. As I recall now, I may
> haven't looked in the file host.deny for any entrys. I'll give it a try
> tomorrow, but anyway - is the hosts.deny / hosts.allow with IP-Adresses
> a common way to harden the Server a little bit?
>
> If not - how can I reach the effect, that services are only available
> from a very tiny list of IP-Adresses?
>
> (Without a Firewall?)
>
> --
> Ciao Omm
>

The prefered way is to enable the firewall, and to prevent access on
that port from outside.

You can also edit the mysql config file, look for the "bind" option.
Bind it to localhost, and it will make mysql to listen on for local
requests.

--
--
Svetoslav Milenov (Sunny)

Windows is a 32-bit extension to a 16-bit graphical shell for an 8-bit
operating system originally coded for a 4-bit microprocessor by a
2-bit company that can't stand 1 bit of competition.
< Previous Next >
This Thread
  • No further messages