Learn about Centmin Mod LEMP Stack today
Register Now

MariaDB How do you protect your MariaDB?

Discussion in 'Centmin Mod Insights' started by Revenge, Feb 2, 2017.

  1. Revenge

    Revenge Active Member

    287
    64
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +227
    Local Time:
    1:07 PM
    1.9.x
    10.1.x
    I was reading some groups that are hacking servers with MongoDB because in the default configuration it allows external connections without a password.

    So i was curious with how do you protect your MariaDB server from external connections(if you don't need them off course)?

    I use the mysql variable skip_networking. It will ignore tcp/ip connection and only accept unix sockets.


     
  2. pamamolf

    pamamolf Well-Known Member

    2,533
    231
    63
    May 31, 2014
    Ratings:
    +394
    Local Time:
    3:07 PM
    Nginx-1.13.x
    MariaDB 10.1.x
    Using skip networking and block port 3306 at csf firewall i think is enough but let's wait for George's comment on this one as he is the expert :)

    Also i want to recommend you George to have the option skip-networking commented on the mycnf templates that you use so if anyone want to enable it to be there ready to go :)
     
  3. eva2000

    eva2000 Administrator Staff Member

    29,042
    6,590
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,785
    Local Time:
    10:07 PM
    Nginx 1.13.x
    MariaDB 5.5
    Well skip-networking will trip up and cause issues for folks who have remote mysql servers. Your firewall i.e. CSF firewall properly configured by default blocks access too

    look at bind address in my.cnf too https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_bind-address