Get the most out of your Centmin Mod LEMP stack
Become a Member

MariaDB How do you protect your MariaDB?

Discussion in 'Centmin Mod Insights' started by Revenge, Feb 2, 2017.

  1. Revenge

    Revenge Active Member

    469
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +354
    Local Time:
    2:48 PM
    1.9.x
    10.1.x
    I was reading some groups that are hacking servers with MongoDB because in the default configuration it allows external connections without a password.

    So i was curious with how do you protect your MariaDB server from external connections(if you don't need them off course)?

    I use the mysql variable skip_networking. It will ignore tcp/ip connection and only accept unix sockets.


     
  2. pamamolf

    pamamolf Premium Member Premium Member

    4,068
    427
    83
    May 31, 2014
    Ratings:
    +832
    Local Time:
    4:48 PM
    Nginx-1.25.x
    MariaDB 10.3.x
    Using skip networking and block port 3306 at csf firewall i think is enough but let's wait for George's comment on this one as he is the expert :)

    Also i want to recommend you George to have the option skip-networking commented on the mycnf templates that you use so if anyone want to enable it to be there ready to go :)
     
  3. eva2000

    eva2000 Administrator Staff Member

    53,178
    12,112
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,647
    Local Time:
    11:48 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Well skip-networking will trip up and cause issues for folks who have remote mysql servers. Your firewall i.e. CSF firewall properly configured by default blocks access too

    look at bind address in my.cnf too https://dev.mysql.com/doc/refman/5.7/en/server-options.html#option_mysqld_bind-address