Différences

Ci-dessous, les différences entre deux révisions de la page.

--- mariadb_securisation [2023/07/05 19:21] – [Liste des utilisateurs] pascal
+++ mariadb_securisation [2023/07/05 19:46] (Version actuelle) – [Mot de passe root] pascal
@@ Ligne 6: / Ligne 6: @@
 Cette commande fait partie des packages mysql-server et mariadb-server.
 ===== Exécution de la commande =====
+==== Saisie du mot de passe root actuel ====
 <code>
+NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
+      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
+In order to log into MariaDB to secure it, we'll need the current
+password for the root user. If you've just installed MariaDB, and
+haven't set the root password yet, you should just press enter here.
+Enter current password for root (enter for none):
+OK, successfully used password, moving on...
 </code>
+Pas de mot de passe. le user root se connecte via socket sans mot de passe.
+==== Définition d'un mot de passe pour root ====
+<code>
+Setting the root password or using the unix_socket ensures that nobody
+can log into the MariaDB root user without the proper authorisation.
+You already have your root account protected, so you can safely answer 'n'.
+Switch to unix_socket authentication [Y/n] n
+ ... skipping.
+</code>
+Il ne faut pas définir de mot de passe pour root afin de n'autoriser que les connexions par socket depuis le compte root de la machine.
+==== Définition d'un mot de passe pour root ====
+<code>
+You already have your root account protected, so you can safely answer 'n'.
+Change the root password? [Y/n] n
+ ... skipping.
+</code>
+<code>
+By default, a MariaDB installation has an anonymous user, allowing anyone
+to log into MariaDB without having to have a user account created for
+them.  This is intended only for testing, and to make the installation
+go a bit smoother.  You should remove them before moving into a
+production environment.
+Remove anonymous users? [Y/n] Y
+ ... Success!
+</code>
+<code>
+Normally, root should only be allowed to connect from 'localhost'.  This
+ensures that someone cannot guess at the root password from the network.
+Disallow root login remotely? [Y/n] n
+ ... skipping.
+</code>
 ==== Suite de la commande ====
 <code>
+Setting the root password or using the unix_socket ensures that nobody
+can log into the MariaDB root user without the proper authorisation.
+You already have your root account protected, so you can safely answer 'n'.
+Switch to unix_socket authentication [Y/n] n
+ ... skipping.
+You already have your root account protected, so you can safely answer 'n'.
+Change the root password? [Y/n] n
+ ... skipping.
+By default, a MariaDB installation has an anonymous user, allowing anyone
+to log into MariaDB without having to have a user account created for
+them.  This is intended only for testing, and to make the installation
+go a bit smoother.  You should remove them before moving into a
+production environment.
+Remove anonymous users? [Y/n] Y
+ ... Success!
+Normally, root should only be allowed to connect from 'localhost'.  This
+ensures that someone cannot guess at the root password from the network.
+Disallow root login remotely? [Y/n] n
+ ... skipping.
+By default, MariaDB comes with a database named 'test' that anyone can
+access.  This is also intended only for testing, and should be removed
+before moving into a production environment.
+Remove test database and access to it? [Y/n] Y
+ - Dropping test database...
+ ... Success!
+ - Removing privileges on test database...
+ ... Success!
+Reloading the privilege tables will ensure that all changes made so far
+will take effect immediately.
+Reload privilege tables now? [Y/n] Y
+ ... Success!
+Cleaning up...
+All done!  If you've completed all of the above steps, your MariaDB
+installation should now be secure.
 </code>