# cat Dockerfile
#######################################################
FROM mysql:5.7.27
RUN userdel mysql && \
useradd -m -d /home/mysql -u 1000 -U mysql && \
chown -R mysql:mysql /run/mysqld && \
chown -R mysql:mysql /var/log/mysql && \
chown -R mysql:mysql /var/log/mysql/error.log && \
chown -R mysql:mysql /var/lib/mysql && \
chown -R mysql:mysql /var/lib/mysql-files && \
chown -R mysql:mysql /var/lib/mysql-keyring && \
ln -sf /dev/null /root/.bash_history && \
ln -sf /dev/null /home/mysql/.bash_history
ENV MYSQL_TCP_PORT="33306" \
MYSQL_HISTFILE=/dev/null
ENTRYPOINT ["/entrypoint.sh"]
EXPOSE 33306 33060
CMD ["mysqld"]
#######################################################
# docker exec -it -u root ab034664962d mysql -u root -p"MySQL@123"
# docker exec -it -u mysql ab034664962d mysql -u root -p"MySQL@123"
# history -c
# grep -rn "MySQL@123" /var/lib/docker/
如果你没有的MySQL镜像没有做安全加固,那么在容器中shell操作,会被记录到文件中,从宿主机可以搜索到。
More on MySQL password security
https://planet.mysql.com/entry/?id=19614
How To Secure MySQL Servers?
https://www.sinesupport.com/2019/03/22/how-to-secure-mysql-in-cpanel-servers
MySQL使用痕迹清理~/.mysql_history
https://www.cnblogs.com/milantgh/p/3602206.html
How to Harden MySQL from Attackers?
https://blog.0daylabs.com/2014/01/09/12-steps-for-hardening-mysql-from-attackers
MySQL 安全加固
https://vxhly.github.io/views/liunx/mysql-database-user-policy.html#%E4%BF%AE%E6%94%B9-root-%E7%94%A8%E6%88%B7%E5%8F%A3%E4%BB%A4