安装mariadb
[root@mariadb ~]# yum -y install mariadb mariadb-server
[root@mariadb ~]# systemctl restart mariadb.service
[root@mariadb ~]# netstat -pntul | grep mysql
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 15787/mysqld
[root@mariadb ~]# mysqladmin -uroot -hlocalhost -p password "123456" //默认无密码,设置新密码
Enter password:
[root@mariadb ~]# mysql
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
[root@mariadb ~]# mysql -uroot -p123456
MariaDB [(none)]>
初始化安全脚本
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]> select user,host,password from mysql.user; //可以看到空用户,空密码都可以登录!
+------+-----------+-------------------------------------------+
| user | host | password |
+------+-----------+-------------------------------------------+
| root | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| root | proxy | |
| root | 127.0.0.1 | |
| root | ::1 | |
| | localhost | |
| | proxy | |
+------+-----------+-------------------------------------------+
6 rows in set (0.00 sec)
[root@mariadb ~]# mysql_secure_installation
...
Enter current password for root (enter for none):
OK, successfully used password, moving on...
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] n
... skipping.
Remove anonymous users? [Y/n] Y //是否移除匿名用户
... Success!
...
Disallow root login remotely? [Y/n] Y //是否允许root远程登录
... Success!
...
Remove test database and access to it? [Y/n] Y //是否移除test库
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
...
Reload privilege tables now? [Y/n] Y //是否刷新权限
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@mariadb ~]# mysql -uroot -p123456
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> select user,host,password from mysql.user;
+------+-----------+-------------------------------------------+
| user | host | password |
+------+-----------+-------------------------------------------+
| root | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| root | 127.0.0.1 | |
| root | ::1 | |
+------+-----------+-------------------------------------------+
3 rows in set (0.00 sec)
删除记录历史命令的文件内容
[root@mariadb ~]# > .bash_history
[root@mariadb ~]# > .mysql_history
数据库内设置密码
MariaDB [(none)]> set password for root@"localhost"=password('123456');
Query OK, 0 rows affected (0.00 sec)
数据安全
[root@mariadb ~]# mysql -uroot -p123456
MariaDB [(none)]> grant all on *.* to tcpuser@"%" identified by "123456";
Query OK, 0 rows affected (0.00 sec)
[root@mariadb ~]# tcpdump -w log -i eth0 src or dst port 3306
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
[root@guo ~]# mysql -utcpuser -p123456 -h 192.168.4.51 客户端链接数据库
MariaDB [(none)]> select * from mysql.user\G;
[root@mariadb ~]# tcpdump -A -r log
...
14:39:29.860487 IP 192.168.4.254.39290 > mariadb.mysql: Flags [P.], seq 125:154, ack 183, win 229, options [nop,nop,TS val 22095518 ecr 20353473], length 29
E..Q..@[email protected]....#zbi.[...........
.Q&..6.......select * from mysql.user
...这些数据明文传输,容易被抓取到,所以可以通过ssl或ssh加密数据进行传输