安装mysql5.6.48
1. 安装依赖包
yum install -y libaio perl perl-devel
2. 下载安装软件
gunzip mysql-5.6.48-linux-glibc2.12-x86_64.tar.gz
mkdir /usr/local/mysql56
tar xf mysql-5.6.48-linux-glibc2.12-x86_64.tar -C /usr/local/mysql56
tail -1 /etc/profile
export PATH=/usr/local/mysql56/bin/:$PATH
source /etc/profile
3. 创建用户,编写配置文件
useradd -s /sbin/nologin -M mysql
cat >/etc/my.cnf<<EOF
[mysqld]
basedir=/usr/local/mysql56
datadir=/data/3307/data
user=mysql
server_id=5107
log-error=/data/3307/error.log
log_bin=/data/3307/mysql-bin
skip_name_resolve
port=3307
[mysql]
socket=/data/3307/mysql.sock
EOF
4. 初始化并启动
yum -y install autoconf
/usr/local/mysql56/scripts/mysql_install_db --user=mysql --basedir=/usr/local/mysql56 --datadir=/data/3307/data
/usr/local/mysql56/support-files/mysql.server start
初始化的两个选项
–initialize: 会在错误日志中写一个随机的root密码,在error.log里搜索password即可
–initialize-secure: 初始化不会产生密码
5. 安全加固
- 删除非root或非localhost用户并修改root密码
mysql> select user,host from mysql.user;
+------+-----------+
| user | host |
+------+-----------+
| root | 127.0.0.1 |
| root | ::1 |
| | centos7 |
| root | centos7 |
| | localhost |
| root | localhost |
+------+-----------+
6 rows in set (0.00 sec)
mysql> delete from mysql.user where user !='root' or host!='localhost';
Query OK, 5 rows affected (0.00 sec)
mysql> select user,host from mysql.user;
+------+-----------+
| user | host |
+------+-----------+
| root | localhost |
+------+-----------+
1 row in set (0.00 sec)
- 删除test库
mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> desc db;
+-----------------------+---------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------------------+---------------+------+-----+---------+-------+
| Host | char(60) | NO | PRI | | |
| Db | char(64) | NO | PRI | | |
| User | char(16) | NO | PRI | | |
| Select_priv | enum('N','Y') | NO | | N | |
| Insert_priv | enum('N','Y') | NO | | N | |
| Update_priv | enum('N','Y') | NO | | N | |
| Delete_priv | enum('N','Y') | NO | | N | |
| Create_priv | enum('N','Y') | NO | | N | |
| Drop_priv | enum('N','Y') | NO | | N | |
| Grant_priv | enum('N','Y') | NO | | N | |
| References_priv | enum('N','Y') | NO | | N | |
| Index_priv | enum('N','Y') | NO | | N | |
| Alter_priv | enum('N','Y') | NO | | N | |
| Create_tmp_table_priv | enum('N','Y') | NO | | N | |
| Lock_tables_priv | enum('N','Y') | NO | | N | |
| Create_view_priv | enum('N','Y') | NO | | N | |
| Show_view_priv | enum('N','Y') | NO | | N | |
| Create_routine_priv | enum('N','Y') | NO | | N | |
| Alter_routine_priv | enum('N','Y') | NO | | N | |
| Execute_priv | enum('N','Y') | NO | | N | |
| Event_priv | enum('N','Y') | NO | | N | |
| Trigger_priv | enum('N','Y') | NO | | N | |
+-----------------------+---------------+------+-----+---------+-------+
22 rows in set (0.01 sec)
mysql> select * from mysql.db;
+------+---------+------+-------------+-------------+-------------+-------------+-------------+-----------+------------+-----------------+------------+------------+-----------------------+------------------+------------------+----------------+---------------------+--------------------+--------------+------------+--------------+
| Host | Db | User | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Create_tmp_table_priv | Lock_tables_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Execute_priv | Event_priv | Trigger_priv |
+------+---------+------+-------------+-------------+-------------+-------------+-------------+-----------+------------+-----------------+------------+------------+-----------------------+------------------+------------------+----------------+---------------------+--------------------+--------------+------------+--------------+
| % | test | | Y | Y | Y | Y | Y | Y | N | Y | Y | Y | Y | Y | Y | Y | Y | N | N | Y | Y |
| % | test\_% | | Y | Y | Y | Y | Y | Y | N | Y | Y | Y | Y | Y | Y | Y | Y | N | N | Y | Y |
+------+---------+------+-------------+-------------+-------------+-------------+-------------+-----------+------------+-----------------+------------+------------+-----------------------+------------------+------------------+----------------+---------------------+--------------------+--------------+------------+--------------+
2 rows in set (0.00 sec)
mysql> select * from mysql.db\G
*************************** 1. row ***************************
Host: %
Db: test
User:
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Grant_priv: N
References_priv: Y
Index_priv: Y
Alter_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: N
Execute_priv: N
Event_priv: Y
Trigger_priv: Y
*************************** 2. row ***************************
Host: %
Db: test\_%
User:
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Grant_priv: N
References_priv: Y
Index_priv: Y
Alter_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: N
Execute_priv: N
Event_priv: Y
Trigger_priv: Y
2 rows in set (0.00 sec)
mysql> drop database test;
Query OK, 0 rows affected (0.00 sec)
note: 在mysql5.6.x中,mysql库的db表库级别权限会针对test库的任意用户,任意地址有访问权限,即无权限的用户都可以对test库做操作。 所以在mysql5.6版本中要清理该表,mysql5.7版本中移除了test库,但增加了sys库,有对应的sys库的权限,在mysql5.7版本请忽略清理该表。
mysql> truncate table mysql.db;
Query OK, 0 rows affected (0.00 sec)
/*
如果是mysql5.7版本或mysql8.0的请忽略掉下面几个用户
*/
mysql> delete from mysql.db where user not in ('mysql.sys','mysql.session','mysqlxsys','root','mysql.infoschema') or host not in ('localhost');
Query OK, 0 rows affected (0.00 sec)
/* 验证数据*/
mysql> select * from mysql.db;
Empty set (0.00 sec)
- 在mysql5.6.x版本中可以使用mysql_secure_installation脚本也可以将非test库删除