Secure MySQL Against Attack

• When connecting to MySQL always require a password.

• Never run the MySQL server as the Linux root user.
  • Any user with the FILE privilege is able to cause the server to create files as root if the MySQL server is running as the Linux root user.
    • For example: ~root/.bashrc
  • To prevent this, mysqld refuses to run as root unless explicitly specified using the --user=root option.
  • mysqld should be run as an ordinary, unprivileged user instead.
    • Make sure this is the only user with read or write privileges in the database directories.
    • Create a separate Linux account named mysqld
      • Use this account only for administering MySQL.

• Do not grant the PROCESS or SUPER privilege to non-administrative users.
  • The SUPER privilege can be used to:
    • Terminate client connections
    • Change server operation by changing the value of system variables
    • Control replication servers

• Do not grant the FILE privilege to non-administrative users.
  • The FILE privilege may also be used to read any file that is world-readable or accessible to any Linux user.
  • Any user could use LOAD DATA to load /etc/passwd into a table, which then can be displayed with SELECT.

• Limit the number of connections allowed to a single account, by setting the max_user_connections variable in mysqld
  • Reduces the possibility of denial of service attack.

Is there a security checklist?

---

---

© 2007 John Michael Pierobon

Notes