Mazarini

Outils pour utilisateurs

Outils du site

Piste : mariadb mysql
mariadb_securisation

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentesRévision précédente
Prochaine révision		Révision précédente
mariadb_securisation [2023/07/05 19:19] – [Lancement du client] pascalmariadb_securisation [2023/07/05 19:46] (Version actuelle) – [Mot de passe root] pascal
Ligne 6: Ligne 6:
 Cette commande fait partie des packages mysql-server et mariadb-server. Cette commande fait partie des packages mysql-server et mariadb-server.
 ===== Exécution de la commande ===== ===== Exécution de la commande =====
 +==== Saisie du mot de passe root actuel ====
 <code> <code>
 +NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
 +      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
 +
 +In order to log into MariaDB to secure it, we'll need the current
 +password for the root user. If you've just installed MariaDB, and
 +haven't set the root password yet, you should just press enter here.
 +
 +Enter current password for root (enter for none): 
 +OK, successfully used password, moving on...
 </code> </code>
 +Pas de mot de passe. le user root se connecte via socket sans mot de passe.
  
-==== Liste des bases ==== +==== Définition d'un mot de passe pour root ==== 
-<code bash> +<code>
-MariaDB [(none)]> show databases; +
-+---------------------+ +
-| Database            | +
-+---------------------+ +
-| #mysql50#lost+found | +
-| information_schema +
-| mysql               | +
-| performance_schema +
-| sys                 | +
-+---------------------+ +
-5 rows in set (0,001 sec)+
  
-MariaDB [(none)]+Setting the root password or using the unix_socket ensures that nobody 
 +can log into the MariaDB root user without the proper authorisation. 
 + 
 +You already have your root account protected, so you can safely answer 'n'
 + 
 +Switch to unix_socket authentication [Y/n
 + ... skipping.
 </code> </code>
 +Il ne faut pas définir de mot de passe pour root afin de n'autoriser que les connexions par socket depuis le compte root de la machine.
 +==== Définition d'un mot de passe pour root ====
 +<code>
 +You already have your root account protected, so you can safely answer 'n'.
  
-==== Liste des utilisateurs ==== +Change the root password? [Y/n] n 
-<code bash+ ... skipping. 
-MariaDB [(none)]show databases; +</code> 
-MariaDB [mysql]> use mysql; +<code
-Database changed +By default, a MariaDB installation has an anonymous user, allowing anyone 
-MariaDB [mysql]> select Host, User, Password from user; +to log into MariaDB without having to have a user account created for 
-+-----------+-------------+----------+ +them.  This is intended only for testing, and to make the installation 
-| Host      | User        | Password | +go a bit smoother.  You should remove them before moving into a 
-+-----------+-------------+----------+ +production environment.
-| localhost | mariadb.sys |          | +
-| localhost | root        | invalid  | +
-| localhost | mysql       | invalid  | +
-+-----------+-------------+----------+ +
-3 rows in set (0,002 sec)+
  
-MariaDB [mysql]+Remove anonymous users? [Y/n
 + ... Success!
 </code> </code>
-===== Configuration ===== +<code
-<code bash file=/etc/mysql/mariadb.conf.d/99-local.cnf> +Normally, root should only be allowed to connect from 'localhost' This 
-[mysqld+ensures that someone cannot guess at the root password from the network
-# Instead of skip-networking the default is now to listen only on + 
-# localhost which is more compatible and is not less secure. +Disallow root login remotely? [Y/nn 
-bind-address            = 10.1.40.1+ ... skipping.
 </code> </code>
-Object, autoriser la connexion depuis les autres machines du réseau local.+==== Suite de la commande ==== 
 +<code> 
 + 
 +Setting the root password or using the unix_socket ensures that nobody 
 +can log into the MariaDB root user without the proper authorisation. 
 + 
 +You already have your root account protected, so you can safely answer 'n'
 + 
 +Switch to unix_socket authentication [Y/n] n 
 + ... skipping. 
 + 
 +You already have your root account protected, so you can safely answer 'n'
 + 
 +Change the root password? [Y/n] n 
 + ... skipping. 
 + 
 +By default, a MariaDB installation has an anonymous user, allowing anyone 
 +to log into MariaDB without having to have a user account created for 
 +them.  This is intended only for testing, and to make the installation 
 +go a bit smoother.  You should remove them before moving into a 
 +production environment. 
 + 
 +Remove anonymous users? [Y/n] Y 
 + ... Success! 
 + 
 +Normally, root should only be allowed to connect from 'localhost' This 
 +ensures that someone cannot guess at the root password from the network. 
 + 
 +Disallow root login remotely? [Y/n] n 
 + ... skipping. 
 + 
 +By default, MariaDB comes with a database named 'test' that anyone can 
 +access.  This is also intended only for testing, and should be removed 
 +before moving into a production environment. 
 + 
 +Remove test database and access to it? [Y/n] Y 
 + - Dropping test database... 
 + ... Success! 
 + - Removing privileges on test database... 
 + ... Success! 
 + 
 +Reloading the privilege tables will ensure that all changes made so far 
 +will take effect immediately. 
 + 
 +Reload privilege tables now? [Y/n] Y 
 + ... Success! 
 + 
 +Cleaning up... 
 + 
 +All done!  If you've completed all of the above steps, your MariaDB 
 +installation should now be secure. 
 + 
 +</code> 
  
 ===== Suite ===== ===== Suite =====
mariadb_securisation.1688584775.txt.gz · Dernière modification : 2023/07/05 19:19 de pascal