CentOS 6.5安装MySQL 5.6.10及安全配置(3)

# /usr/local/mysql-5.6.10/bin/mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MySQL to secure it, we'll need the current password for the root user. If you've just installed MySQL, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none):

注:上面输入的root密码指的是前面设置的MySQL的root账户的密码。

至此,MySQL数据库已经安装完毕。

#MySQL的安全配置#

1、确保启动MySQL不能使用系统的root账号,必须是新建的mysql账号,比如:

# mysqld_safe --user=mysql

2、MySQL安装好运行初始化数据库后,默认的root账户密码为空,必须给其设置一个密码,同时保证该密码具有较高的安全性。比如:

mysql> user mysql; mysql> update user set password=password('yourpassword') where user='root'; mysql> flush privileges;

3、删除默认数据库及用户:

mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | test | +--------------------+ mysql> drop daabase test; mysql> use mysql; mysql> select host,user from user; +--------------+------+ | host | user | +--------------+------+ | 127.0.0.1 | root | | ::1 | root | | centos | | | centos | root | | localhost | | | localhost | root | +--------------+------+ mysql> delete from user where not(host='localhost' and user='root'); mysql> flush privileges;

注:上面的user表中的数据可能会有所不同。

4、当开发网站连接数据库的时候,建议建立一个用户只针对某个库有update/select/delete/insert/drop table/create table等权限,减小某个项目的数据库的用户名和密码被窃取后造成其他项目受影响,比如:

mysql>create database yourdbname default charset utf8 collate utf8_general_ci; mysql>create user 'yourusername'@'localhost' identified by 'yourpassword'; mysql> grant select,insert,update,delete,create,drop privileges on yourdbname.* To 'yourusername'@localhost identified by 'yourpassword';

5、数据库文件所在的目录不允许未经授权的用户访问,需要控制对该目录的访问,比如:

# chown -R mysql:mysql /data/mysql/data # chmod -R go-rwx /data/mysql/data

CentOS安装LNMP环境的基础组件

在安装LNMP环境之前,请确保已经使用yum安装了以下各类基础组件(如果系统已自带,还可以考虑yum update下基础组件):

gcc

cmake

openssl+openssl-devel

pcre+pcre-devel

bzip2+bzip2-devel

libcurl+curl+curl-devel

libjpeg+libjpeg-devel

libpng+libpng-devel

freetype+freetype-devel

php-mcrypt+libmcrypt+libmcrypt-devel

libxslt+libxslt-devel

gmp+gmp-devel

libxml2+libxml2-devel

mhash

ncurses+ncurses-devel

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/820012d50fd56779d1b429d0052d138d.html