Basic steps you can take to harden your MySQL installation.
MySQL (http://www.mysql.com), one of the most popular open source database systems available today, is often used in conjunction with both the Apache web server and the PHP scripting language to drive dynamic content on the Web. However, MySQL is a complex piece of software internally and, given the fact that it often has to interact both locally and remotely with a broad range of other programs, special care should be taken to secure it as much as possible.
Some steps you can take are running MySQL in
running it as a nonroot user, and disabling MySQL’s
ability to load data from local files.
Luckily, none of these are as hard to do as they may
sound. To start with,
let’s look at how to
First create a user and group for MySQL to run as. Next, you’ll need to download the MySQL source distribution. After you’ve done that, unpack it and go into the directory that it created. Run this command to build MySQL and set up its directory structure for chrooting:
./configure --prefix=/mysql --with-mysqld-ldflags=-all-static && make
This configures MySQL to be installed in
and statically links the
mysqld binary. This will make setting up the chroot
environment much easier, since you won’t need to
copy any additional libraries to the environment.
After the compilation finishes, become root and then run these commands to install MySQL:
make install DESTDIR=/mysql_chroot ...