MySQL Database Asset Protection Standards:: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
(New page: ==Introduction== MySQL is one of the most popular databases on the Internet and it is often used in conjunction with PHP. Besides its undoubted advantages such as easy of use and relativel...)
 
Line 3: Line 3:
<br>
<br>
This article describes the basic steps which should be performed in order to secure a MySQL database against both local and remote attacks.
This article describes the basic steps which should be performed in order to secure a MySQL database against both local and remote attacks.
==Chrooting the server==
The first step of securing MySQL is to prepare the chrooted environment, in which the MySQL server will run.
==Operating system==
The methods presented should also apply on most modern UNIX and UNIX-like systems.
==Prepare Chroot Environment==
<br>
In order to prepare the chrooted environment, we must create the following directory structure:<br>
<br>
mkdir -p /chroot/mysql/dev
mkdir -p /chroot/mysql/etc
mkdir -p /chroot/mysql/tmp
mkdir -p /chroot/mysql/var/tmp
mkdir -p /chroot/mysql/usr/local/mysql/libexec
mkdir -p /chroot/mysql/usr/local/mysql/share/mysql/english

Revision as of 13:40, 15 May 2007

Introduction

MySQL is one of the most popular databases on the Internet and it is often used in conjunction with PHP. Besides its undoubted advantages such as easy of use and relatively high performance, MySQL offers simple but very effective security mechanisms. Unfortunately, the default installation of MySQL, and in particular the empty root password and the potential vulnerability to buffer overflow attacks, makes the database an easy target for attacks.

This article describes the basic steps which should be performed in order to secure a MySQL database against both local and remote attacks.

Chrooting the server

The first step of securing MySQL is to prepare the chrooted environment, in which the MySQL server will run.

Operating system

The methods presented should also apply on most modern UNIX and UNIX-like systems.

Prepare Chroot Environment


In order to prepare the chrooted environment, we must create the following directory structure:

mkdir -p /chroot/mysql/dev mkdir -p /chroot/mysql/etc mkdir -p /chroot/mysql/tmp mkdir -p /chroot/mysql/var/tmp mkdir -p /chroot/mysql/usr/local/mysql/libexec mkdir -p /chroot/mysql/usr/local/mysql/share/mysql/english

Retrieved from "http://horseproject.wiki/index.php?title=MySQL_Database_Asset_Protection_Standards:&oldid=4283"