Shulou(Shulou.com)06/01 Report--

2 database security reinforcement. 28

2.1 modify the root user default password and delete the empty password. 30

2.2 remove default database and unnecessary database users. 31

2.3 run msyql32 with an independent user

2.4 about the management of non-root database users. 33

2.5 Management of default administrator usernames. 34

2.6 user directory permission restrictions. 35

2.7 Command History Protection. 36

2.8 prohibit users from connecting to the database remotely. 37

2.9 prohibit MySQL from accessing local files. 38

2.10 MySQL server access control. 39

2.11 enable MySQL error log. 40

2.12 Database backup strategy. 41

2.13 Mysqld security related startup options

The MySQL version is 5.5; depending on the operating system, installation media, and settings during installation, the installation directory will be different from the examples in this article. The following table shows the default installation directory and structure in the MySQL manual.

The Linux operating system is installed in RPM mode. The default installation path is shown in the table below.

Table 2-1 File path after Linux installation

Directory

Contents of Directory

/ usr/bin

Client programs and scripts

/ usr/sbin

The mysqld server

/ var/lib/mysql

Log files, databases

/ usr/share/info

Manual in Info format

/ usr/share/man

Unix manual pages

/ usr/include/mysql

Include (header) files

/ usr/lib/mysql

Libraries

/ usr/share/mysql

Miscellaneous support files, including error messages, character set files, sample configuration files, SQL for database installation

/ usr/share/sql-bench

Benchmarks

The MySQL global configuration files used in this article will also be located in different directories depending on the operating system and how they are installed; the following table shows the possible locations under Linux.

Table 2-2 possible locations of global configuration files under Linux

File Name

Purpose

/ etc/my.cnf

Global options

/ etc/mysql/my.cnf

Global options

SYSCONFDIR/my.cnf

Global options

$MYSQL_HOME/my.cnf

Global options

Defaults-extra-file

The file specified with-- defaults-extra-file=path, if any

~ / .my.cnf

User-specific options

The example Linux environment in this article is installed in rpm mode; the installation path is the default value and the global configuration file is / etc/my.cnf.

The example in this article has added what is needed to run the required command file to the system variable.

2.1 modify the root user default password and delete the empty password

Implementation purpose

The default installation of MySQL root users is an empty password, for security reasons, must be changed to a strong password, the so-called strong password, at least 8 digits, irregular passwords made up of letters, numbers and symbols.

Problem influence

In order to ensure the user's secure login.

Current state of the system

View the current password of the system and view the user table of mysql.

Implementation steps

Use the command mysqladmin included with MySQL to modify the root password. At the same time, you can log in to the database and modify the field contents of the user table under the database mysql. The modification method is as follows:

Method 1: use the mysqladmin command or go to the usr/bin directory and use the mysqladmin tool to change the password.

# / usr/bin/mysqladmin-u root-p password

Enter the old password and the new password at the prompt after enter.

Method 2: log in to the database to change the password.

# mysql-u root-p

# mysql > use mysql

# mysql > update user set password= password ('newpassword') where user='root'

# mysql > flush privileges

The "flush privileges" command forces the memory authorization table to be refreshed so that the changes take effect immediately.

Fallback scheme

Restore the original password to the pre-hardened settings.

Judgment basis

Connect to the database with the original password, and if the login fails and the authentication problem is prompted, the modification is successful.

Implementation risk

Low

Importance level

★★★

2.2 remove default database and unnecessary database users

Implementation purpose

In general, after the MySQL database is installed, only local access is allowed and many users do not need it, especially those installed by default.

Problem influence

After initialization, MySQL will automatically generate empty users and test libraries for installation testing, which will pose a threat to the security of the database. It is necessary to delete all of them. Only root and ultravr can be retained in the final state. Of course, users and databases will be added later as needed.

Current state of the system

There is additional user information that is not necessary in the test database and in the user table in the mysql database.

Implementation steps

# mysql-u root-p

# mysql > show databases

# mysql > drop database test; / / Delete database test

# mysql > use mysql

# mysql > delete from db; / / Delete the table information that holds the database because there is no database information yet.

# mysql > delete from user where user 'root' and user' ultravr'; / / Delete initial non-root and ultravr users

# mysql > delete from user where user='root' and password=''; / / Delete root with empty password

# mysql > delete from user where user='ultravr' and password=''; / / Delete ultravr with empty password

# mysql > flush privileges; / / forcibly refresh the memory authorization table.

Fallback scheme

Restore the original user to the settings before reinforcement.

Judgment basis

Query whether there is a corresponding database and user data information.

Implementation risk

Low

Importance level

★★★

2.2 remove default database and unnecessary database users

Implementation purpose

In general, after the MySQL database is installed, only local access is allowed and many users do not need it, especially those installed by default.

Problem influence

After initialization, MySQL will automatically generate empty users and test libraries for installation testing, which will pose a threat to the security of the database. It is necessary to delete all of them. Only root and ultravr can be retained in the final state. Of course, users and databases will be added later as needed.

Current state of the system

There is additional user information that is not necessary in the test database and in the user table in the mysql database.

Implementation steps

# mysql-u root-p

# mysql > show databases

# mysql > drop database test; / / Delete database test

# mysql > use mysql

# mysql > delete from db; / / Delete the table information that holds the database because there is no database information yet.

# mysql > delete from user where user 'root' and user' ultravr'; / / Delete initial non-root and ultravr users

# mysql > delete from user where user='root' and password=''; / / Delete root with empty password

# mysql > delete from user where user='ultravr' and password=''; / / Delete ultravr with empty password

# mysql > flush privileges; / / forcibly refresh the memory authorization table.

Fallback scheme

Restore the original user to the settings before reinforcement.

Judgment basis

Query whether there is a corresponding database and user data information.

Implementation risk

Low

Importance level

★★★

2.3 run msyql with an independent user

Implementation purpose

Mysqld refuses to run with root unless explicitly specified with the-user=root option. Mysqld should be run with an ordinary unprivileged user. As in the previous installation process, set up a separate mysql account in linux for the database, which is used only to manage and run MySQL.

Problem influence

Never run the MySQL server as a user using root. This is dangerous because any user with FILE privileges can create files with root (for example, ~ root/.bashrc).

Current state of the system

The currently running mysql user is root.

Implementation steps

To start mysqld with another Linux user, add the user option to specify the user name of the [mysqld] group in the / etc/my.cnf option file or in the my.cnf option file of the server data directory.

Method 1: modify the / etc/my.cnf document to configure the startup user of mysqld

# cp / etc/my.cnf / etc/my.cnf.bak / / Please back up / etc/my.cnf before modification

# vi / etc/my.cnf

[mysqld]

User=mysql

This command enables the server to start with the specified user, whether you start it manually or via mysqld_safe or mysql.server, to ensure that you use the identity of mysql

Method 2: when starting the database, add the user parameter.

# mysqld_safe-user=mysql &

When mysqld runs, it runs only with linux users who have read or write permissions to the database directory.

Fallback scheme

Restore / etc/my.cnf to its pre-reinforced state.

Judgment basis

Use the ps command to query the executor of the MySQL process.

Implementation risk

Low

Importance level

★

2.4 on the management of non-root database users

Implementation purpose

Use a low-privileged user to access the authorized database to prevent the administrator's password from leaking or the account used by the business system with high privileges.

Problem influence

Because root users have the highest database permissions, there are many security threats to the direct use of root users for business systems in daily use.

Current state of the system

There are no other users in the system except root users.

Implementation steps

We need to create a business database where individual users access FusionCloud UltraVR locally only.

# mysql-u root-p

# mysql > CREATE USER ultravr@'localhost' IDENTIFIED BY 'mypassword'

# mysql > GRANT ALL ON lego.* TO 'ultravr'@'localhost';// authorization has full permissions on the lego database.

# mysql > flush privileges; / / forcibly refresh the memory authorization table.

For the system ultravr installed by ISO and VHD, you need to execute the following command to harden it:

# mysql-u root-p

# mysql > REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'ultravr'@'localhost';// withdraws all permissions on all databases.

# mysql > GRANT ALL ON lego.* TO 'ultravr'@'localhost';// authorization has full permissions on the lego database.

# mysql > flush privileges; / / forcibly refresh the memory authorization table.

Please do not assign the permissions of the mysql database to ordinary users, especially the mysql.user table stores a lot of user sensitive information. It is recommended that only administrators have access to this table.

If you need to set additional permissions, please refer to the description of GRANT in the Mysql manual. It should be noted that the normal operation of FusionCloud UltraVR at least requires the account to add tables, delete tables, modify tables, insert, delete, modify table records, and execute stored procedures on the lego database.

Fallback scheme

Delete the newly created user.

Judgment basis

# mysql > show GRANTS FOR 'ultravr'@'localhost'

+-+

| | Grants for ultravr@localhost |

+-+

| | GRANT USAGE ON *. * TO 'ultravr'@'localhost' IDENTIFIED BY PASSWORD' * 63DAA25989C7E01EB96570FA4DBE154711BEB361' |

| | GRANT ALL PRIVILEGES ON `lego`. * TO 'ultravr'@'localhost' |

+-+

Implementation risk

Low

Importance level

★★★★

2.5 Management of default administrator usernames

Implementation purpose

Modify the default administrator name of the administrator of mysql to reduce the success of malicious behavior of exhaustive system users.

Problem influence

The administrator name of mysql is root, which, to some extent, facilitates the exhaustive malicious behavior of system users, which can be changed to complex user names. Please do not set them to admin or administraror, because they are also in the user dictionary that is easy to guess.

Current state of the system

The current administrator user is root.

Implementation steps

# mysql-u root-p

# mysql > use mysql

# mysql > update user set user= "newroot" where user= "root"; / / change to a user name that is not easy to guess

# mysql > flush privileges

Fallback scheme

Follow the steps above to update the administrator name to root.

Judgment basis

Re-login to Mysql using root failed; the modified user login prompt was successful.

Implementation risk

Low

Importance level

★★

2.6 user directory permission restrictions

Implementation purpose

The default mysql database files are in the / var/lib/mysql directory, so you must make sure that the directory is not accessed by unauthorized users and that the database is packaged and copied away, and that mysqld runs with only linux users who have read or write permissions to the database directory.

Problem influence

Restrict access to the / var/lib/mysql directory to ensure data security.

Current state of the system

Record the current permissions of / var/lib/mysql.

Implementation steps

Linux operating system:

# chown-R mysql.mysql / var/lib/mysql / / ensure that the database directory permissions belong to the mysql user

# chmod-R 700 / var/lib/mysql / / mysql home directory gives mysql users read, write and execute permissions

Fallback scheme

Restore the above directory permissions to before reinforcement.

Judgment basis

Use ls-l / var/lib | grep mysql view permission under Linux.

Implementation risk

High

Importance level

★★★★

2.7 Command History Protection

Implementation purpose

The shell operation commands related to the database will be recorded in .bash _ history respectively. If these files are read inadvertently, the information such as the database password and database structure will be disclosed, and the operation after logging into the database will be recorded in the .mysql _ history file. If the update table information is used to modify the database user password, the password will also be read, so these two files need to be deleted. At the same time, when logging in or backing up the database and other password-related operations, you should use the-p parameter to prompt for the password, and then enter the password implicitly. It is recommended to leave the above files empty.

Problem influence

Careless use of .bash _ history and .MySQL _ history files leads to information disclosure.

Current state of the system

Two files record the command information operated in shell.

Implementation steps

Find the location of the .MySQL _ history and .bash _ history files.

# find /-name .bash _ history

/ root/.bash_history

# find /-name .MySQL _ history

/ root/.mysql_history

You can back up these two files if necessary.

# cp / root/.bash_history / root/.bash_history.bak

# cp / root/.mysql_history / root/.mysql_history.bak

Empty .bash_history and .MySQL _ history

# rm .bash _ history .MySQL _ history / / Delete history

# ln-s / dev/null .bash _ history / / leave the shell record file empty

# ln-s / dev/null. MySQL _ history / / leave the mysql record file empty

Fallback scheme

Restore the .bash _ history and .MySQL _ history files.

Judgment basis

View the contents of the corresponding file.

Implementation risk

Low

Importance level

★★★

2.8 prohibit users from connecting to the database remotely

Implementation purpose

Highly privileged users are not allowed to access the database remotely, and if necessary, all users can be set to local access only.

Problem influence

Allowing highly privileged users (such as root) to access the database remotely may cause the database to be blocked on the network, while only allowing local access can establish the first interception through the security measures of the operating system to reduce the risk of the database being exposed to the network.

Current state of the system

The default root can connect to the database remotely.

Implementation steps

Prohibit the root account from accessing the database remotely.

# mysql-u root-p

# mysql > use mysql

# mysql > delete from user where user='root' and host'localhost'

# mysql > delete from user where user='ultravr' and host'localhost'

# mysql > flush privileges

Fallback scheme

Restore the user table to its pre-hardened state.

Judgment basis

When using a root connection remotely, it cannot be accessed, prompting that access is denied.

Implementation risk

Low

Importance level

★★★

2.9 prohibit MySQL from accessing local files

Implementation purpose

In mysql, it provides reading of local files, using the load data local infile command. By default in version 5.0, this option is turned on by default. LOAD DATA LOCAL INFILE is used in some * * methods circulated on the network, and it is also a means used by many newly discovered SQL Injection***.

Problem influence

The reading of local files is turned on by default, and using the load data local infile command will read the local files into the database, and then users can illegally obtain sensitive information. There is no need to read the local file, be sure to close it. The "LOAD DATA LOCAL INFILE" command should be disabled in MySQL.

Current state of the system

Reading of local files is enabled by default.

Implementation steps

Method 1: add a local-infile=0 to [mysqld] in my.cnf.

Method 2: add the parameter local-infile=0 when starting MySQL.

# mysqld_safe-user=mysql-local-infile=0 &

The-local-infile=0 option starts mysqld to disable all LOAD DATA LOCAL commands from the server. If you need to get local files, you need to open them, but it is recommended to close them.

Fallback scheme

Restore my.cnf to its pre-hardened state.

Judgment basis

# mysql > use mysql

# mysql > load data local infile 'sqlfile.txt' into table users fields terminated by','

# ERROR 1148 (42000): The used command is not allowed with this MySQL version

Implementation risk

Low

Importance level

★★★

2.10 MySQL server permission control

Implementation purpose

The main function of the MySQL privilege system is to verify the user connected to a given host and to give the user SELECT, INSERT, UPDATE and DELETE permissions on the database (see the user superuser table for details). There is also the ability to authorize and manage MySQL-specific functions such as LOAD DATA INFILE.

Problem influence

Administrators can configure tables such as user,db,host to control user access, while user table permissions are superuser permissions. It is wise to grant permissions to only the user table to a super user such as a server or database manager. For other users, you should set the permissions in the user table to'N' and authorize them only on a specific database basis. You can authorize specific databases, tables, or columns, and FILE permissions give you LOAD DATA INFILE and SELECT. INTO OUTFILE statements read and write files on the server, and any user granted FILE permission can read or write any file that the MySQL server can read or write. (indicates that the user can read files in any database directory because the server can access them.)

Current state of the system

Record sqlfile.txt and user information.

Implementation steps

FILE permissions allow users to create new files in a directory where the MySQL server has write permissions, but cannot overwrite existing files to set Y or N in the File_priv of the user table. So when you do not need to read the server file, please turn off this permission.

# mysql-u root-p

# mysql > use mysql

# mysql > update user set File_priv='N' where user='root'; / / disable read permissions

# mysql > update user set File_priv='N' where user='ultravr'; / / disable read permissions

# mysql > flush privileges

Fallback scheme

Return to the state before reinforcement.

Judgment basis

# mysql-u root-p

# mysql > use mysql

# mysql > load data infile 'sqlfile.txt' into table user fields terminated by','; / / re-login to read the file

# ERROR 1045 (28000): Access denied for user 'notroot'@'localhost' (using password: YES) / / failed

# mysql > select * from user into outfile 'test.txt' fields terminated by','

ERROR 1045 (28000): Access denied for user 'notroot'@'localhost' (using password: YES)

Implementation risk

Low

Importance level

★★★

2.11 enable MySQL error log

Implementation purpose

Turning on the Mysql error log improves the ability to detect malicious access.

Implementation steps

After logging in to Mysql

# mysql > show variables like 'log_%'

+-+

| | Variable_name | Value |

+-+

| | log_bin | ON |

| | log_bin_trust_function_creators | OFF |

| | log_error | / var/lib/mysql/linux-vrserver-02.err |

| | log_output | FILE |

| | log_queries_not_using_indexes | OFF |

| | log_slave_updates | OFF |

| | log_slow_queries | OFF |

| | log_warnings | 1 | |

Check whether log_error has a record, and Value is the log location.

If Value is OFF, add a line under [mysqld] of my.cnf:

Log-error=log_path/error.log

Then restart the database.

Fallback scheme

Restore my.cnf to its pre-hardened state.

Implementation risk

Low

Importance level

★★★

2.12 Database backup strategy

Implementation purpose

It is recommended that you use the backup configuration data feature provided by FusionCloud UltraVR to back up the database.

Implementation steps

Log in to the FusionCloud UltraVR system and go to the Management-> backup configuration data page to configure. Refer to the help system for detailed operation.

Implementation risk

Low

Importance level

★★★

2.13 Mysqld security related startup options

Implementation purpose

Some safety-related parameters can be specified when MySQL starts, which will have an important impact on the security of the system. This section describes these security-related parameters. Users can choose according to their own needs when starting MySQL.

Implementation steps

Add the appropriate startup options to my.cnf:

-- local-infile [= {0 | 1}]

If you start the server with local-infile=0, the client cannot use the LOCAL IN LOAD DATA statement.

For the security risks of LOCAL IN LOAD DATA, please refer to Section 2.9 of this article. It is recommended that you use local-infile=0 to start the server.

-- old-passwords

Forces the server to generate a pre-4.1 password hash for the new password. This is useful to ensure compatibility when the server must support older client programs. However, do not enable this option if you do not consider holding an older version of the client program.

-- safe-user-create

If enabled, the user cannot create a new user with the Grant statement unless the user has INSERT permission for the mysql.user table. If you want the user to have authorization to create a new user, you should grant the user the following permissions:

Mysql > GRANT INSERT (user) ON mysql.user TO 'user_name'@'host_name'

This ensures that the user cannot change the permission column directly, which must be granted to other users using the Grant statement.

-- secure-auth

Authentication of accounts with old (pre-4.1) passwords is not allowed.

-- skip-symbolic-links

It is recommended that you turn on this option to disable the have_symlink (symbolic link) attribute.

Implementation risk

Low

Importance level

★★★

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.