1、使用 mysql_secure_installation
2、 Bind Database Server To Loopback Address,Add the following line below under [mysqld] section
[mysqld]
bind-address = 127.0.0.1
3、 Disable LOCAL INFILE in MySQL, Add the following line below under [mysqld] section
[mysqld]
local-infile=0
4. Change MYSQL Default Port
5、Enable MySQL Logging
log=/var/log/mysql.log
6. Set Appropriate Permission on MySQL Files
chmod 644 /etc/my.cnf
7. Delete MySQL Shell History
cat /dev/null > ~/.mysql_history
8. Don’t Run MySQL Commands from Commandline
# mysql -u root -ppassword 不可取,密码会记录在命令历史用
使用以下方式:
# mysql -u root -p
Enter password:
9. Define Application-Specific Database Users
使用 Authentication Plugins等
详情参考:https://dev.mysql.com/doc/refman/5.7/en/security-plugins.html
10. Use Additional Security Plugins and Libraries
11. Change MySQL Passwords Regularly
> UPDATE mysql.user SET password=PASSWORD('YourPasswordHere') WHERE User='root' AND Host = 'localhost';
12. Update MySQL Server Package Regularly
关注MySQL安全漏洞等信息,及时更新,打补丁