Get the most out of your Centmin Mod LEMP stack
Become a Member

MariaDB How do you protect your MariaDB?

Discussion in 'Centmin Mod Insights' started by Revenge, Feb 2, 2017.

  1. Revenge

    Revenge Active Member

    326
    69
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +252
    Local Time:
    7:31 AM
    1.9.x
    10.1.x
    I was reading some groups that are hacking servers with MongoDB because in the default configuration it allows external connections without a password.

    So i was curious with how do you protect your MariaDB server from external connections(if you don't need them off course)?

    I use the mysql variable skip_networking. It will ignore tcp/ip connection and only accept unix sockets.

     
  2. pamamolf

    pamamolf Well-Known Member

    2,978
    275
    83
    May 31, 2014
    Ratings:
    +485
    Local Time:
    9:31 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    Using skip networking and block port 3306 at csf firewall i think is enough but let's wait for George's comment on this one as he is the expert :)

    Also i want to recommend you George to have the option skip-networking commented on the mycnf templates that you use so if anyone want to enable it to be there ready to go :)
     
  3. eva2000

    eva2000 Administrator Staff Member

    32,260
    7,165
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,892
    Local Time:
    5:31 PM
    Nginx 1.13.x
    MariaDB 5.5
    Well skip-networking will trip up and cause issues for folks who have remote mysql servers. Your firewall i.e. CSF firewall properly configured by default blocks access too

    look at bind address in my.cnf too https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_bind-address