Short version of question: How do I setup the user/groups for this configuration so that they all talk and cooperate meanwhile keeping things reasonably secure? Longer version of question: On my Suse 9.2 box I've successfully setup an HTML server using Apache 2.0.50, MySQL 4.0.21 using PHP 4.3.8. I'd like to administer MySQL using phpMyAdmin locally or remotely. I printed out reams of information a few weeks ago from the 'net as an aid to setting things up as securely as possible but became totally confused as to the privileges of the system users relative to each package. It's a little bit disconcerting when you can remotely access your database with full privileges as an anonymous user. :> I was also frustrated by successfully installing another package (Gallery 1.5rc1 or something) but the database not collecting/saving the information. I've also setup an SSH server but will deal with that after resolving my current issues. I walked away from it for awhile and now I'm ready to try again. For clarification purposes: User Group apache apache mysql mysql Each package is pretty complex standing alone. I think that attempting to tackle all of them in parallel caused information overload and seized up my brain. Any pointers, warnings or gotchas would be very much appreciated from anybody running that combination. I'm using Webmin to configure (for the most part) the servers. Thanks, Ken
columbo@wowway.com wrote on 10/03/2005 18.27.05:
On my Suse 9.2 box I've successfully setup an HTML server using Apache 2.0.50, MySQL 4.0.21 using PHP 4.3.8. I'd like to administer MySQL using phpMyAdmin locally or remotely. I printed out reams of information a few weeks ago from the 'net as an aid to setting things up as securely as possible but became totally confused as to the privileges of the system users relative to each package. It's a little bit disconcerting when you can remotely access your database with full privileges as an anonymous user. :>
The urgent things you need to do is to "harden" your mysql setup. Please find below my "policy" when I setup a mysql server (taken from various document/article I found "googling" and put together) 1) Change admin password MySQL root's account must be protected by a hard to guess password and for this reason one of the most important steps in securing MySQL is changing the database administrator's password, which is empty by default. mysql> SET PASSWORD FOR root@localhost=PASSWORD('new_password'); SET PASSWORD FOR root@localhost=PASSWORD('merlin0'); It is good practice not to change passwords from the command line, for example, by using the "mysqladmin password" command. This is especially important when other users work on the server. In that case the password could be easily revealed, e.g. by using the "ps aux" command or reviewing history files (~/.history, ~/.bash_history etc), when improper access rights are set to them. The grant tables define the initial MySQL user accounts and their access privileges. These accounts are set up as follows: Two accounts are created with a username of root. These are superuser accounts that can do anything. The initial root account passwords are empty, so anyone can connect to the MySQL server as root without a password and be granted all privileges. On Unix, both root accounts are for connections from the local host. Connections must be made from the local host by specifying a hostname of localhost for one account, or the actual hostname or IP number for the other. Two anonymous-user accounts are created, each with an empty username. The anonymous accounts have no passwords, so anyone can use them to connect to the MySQL server and both anonymous accounts are for connections from the local host. Connections must be made from the local host by specifying a hostname of localhost for one account, or the actual hostname or IP number for the other. These accounts have all privileges for the test database or other databases with names that start with test_. As noted, none of the initial accounts have passwords. 2) Disable remote access The first change applies to the 3306/tcp port, on which MySQL listens by default. Because, according to the initial assumptions, the database will be used only by locally installed PHP applications, we can freely disable listening on that port. This will limit possibilities of attacking the MySQL database by direct TCP/IP connections from other hosts. Local communication will be still possible throw the mysql.sock socket. In order to disable listening on the mentioned port, the following parameter should be added to the [mysqld] section of /etc/my.cnf: skip-networking 3) Improve local security The next change is to disable the use of LOAD DATA LOCAL INFILE command, which will help to prevent against unauthorized reading from local files. This matters especially when new SQL Injection vulnerabilities in PHP applications are found. For that purpose, the following parameter should be added in the [mysqld] section in /etc/my.cnf: set-variable=local-infile=0 see http://dev.mysql.com/doc/mysql/en/LOAD_DATA_LOCAL.html for more information 4) Change admin name It is also recommended to change the default name of administrator's account (root), to a different, harder to guess one. Such a change will make it difficult to perform brute-force and dictionary attacks on the administrator's password. In this case the intruder will have to guess not only the password, but first and foremost, the name of the administrator's account. mysql> update user set user="mydbadmin" where user="root"; mysql> flush privileges; 5) Anonymous access to the database (by using the nobody account) must be disabled and all sample databases and tables must be removed We must remove the sample database (test) and all accounts except the local root account: mysql> drop database test; mysql> use mysql; mysql> delete from db; mysql> delete from user where (host="localhost" and user="root"); mysql> flush privileges; This will prevent the database from establishing anonymous connections and -- irrespective of the skip-networking parameter in /etc/my.cnf -- remote connections as well. 6) Remove history Finally, we should also remove the content of the MySQL history file (~/.mysql_history), in which all executed SQL commands are being stored (especially passwords, which are stored as plain text): cat /dev/null > ~/.mysql_history Flush privileges regards, gaël
On Friday 11 March 2005 03:26, g.lams@itcilo.org wrote:
The urgent things you need to do is to "harden" your mysql setup. Please find below my "policy" when I setup a mysql server (taken from various document/article I found "googling" and put together)
Hi gaël, Thanks much! I'm in the process of 'hardening' mysql and a number of other key elements in the setup. After re-evaluating this undertaking, I've decided to attempt to harden my brain, also, with a few books on the topics of MySQL, Apache and Server Security even though it will cut into my Pysol and LBreakout2 time. :> Setting up an HTML server with MySQL & PHP isn't the trivial point and click task that I thought it would be. One of the most important things I've learned is that it's critical to know what the hell you're doing! ;> And I don't. Thanks again, Ken
participants (2)
-
columbo@wowway.com
-
g.lams@itcilo.org