RPM包安装的MYSQL,您设置安全了吗?

2011年06月09日 Linux服务器 暂无评论 阅读 10,697 views 次

因为今天又接了个活,所以需要搭建本地的LAMP环境,为了简单方便,我就用YUM来直接安装。安装MYSQL后需要给他设置个ROOT密码,我不知道大家以前是如何设置的,我以前就用

/usr/bin/mysqladmin -u root password 'new-password'

这个命令,但今天当我在RHEL 6.1 系统上启动MYSQL的时候,发现这样做并不是安全的,下面我们就一起来看一下,系统是如何来帮我们做设置的。如果你是MYSQL老手的话,此文完全可以略过。

当我们安装好后,第一次启动数据库的时候,你会看到如下提示:

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h yufei.opsers.org password 'new-password'

Alternatively you can run:
/usr/bin/mysql_secure_installation

注意这一句:

Alternatively you can run: 
/usr/bin/mysql_secure_installation

不知道是我以前没有在意还是以前就没有,总之是今天我发现了。

这个就相当于一个安全设置啊,而且是交互式的,很不错,同时你也会从下面的设置中发现有些安全设置,可能你真的没有注意过(当然我以前也没有注意过)。好了,下面就看看MYSQL的交互式安全设置是什么样的。

运行下面的命令

[root@yufei ~]# /usr/bin/mysql_secure_installation

注意看提示说明:

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL

      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current password for the root user.  If you've just installed MySQL, and you haven't set the root password yet, the password will be blank, so you should just press enter here.

如果你已经设置了ROOT密码的话,就输入您的密码,如果没有的话,就是空密码

Enter current password for root (enter for none): 直接回车
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL

root user without the proper authorisation.

这个就是让我们来设置ROOT的密码了

Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MySQL installation has an anonymous user, allowing anyone

to log into MySQL without having to have a user account created for

them.  This is intended only for testing, and to make the installation

go a bit smoother.  You should remove them before moving into a

production environment.

删除匿名用户

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This

ensures that someone cannot guess at the root password from the network.

关掉远程连接

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can

access.  This is also intended only for testing, and should be removed

before moving into a production environment.

删除test数据库

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

重新更新权限

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...


All done!  If you've completed all of the above steps, your MySQL

installation should now be secure.

Thanks for using MySQL!

这样相关的设置就完成了,是不是要智能多了,这对于我这样的菜鸟来说,还是不错的选择。当然,如果你对MYSQL很熟悉的话,我相信这些设置你也肯定做了。最后补充一点,在RHEL 6.1上,MYSQL的版本是:

[root@yufei ~]# mysql -V
mysql  Ver 14.14 Distrib 5.1.52, for redhat-linux-gnu (x86_64) using readline 5.1

给我留言

Copyright © 羽飞博客 保留所有权利.   Ality主题 皖ICP备14013844号-1

用户登录