Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!
« previous next »
Pages: [1]   Go Down

Author Topic: Secure MySQL on cPanel using 'securemysql'  (Read 4083 times)

0 Members and 1 Guest are viewing this topic.

Afijith

  • Guest
Secure MySQL on cPanel using 'securemysql'
« on: March 22, 2015, 12:15:20 am »
In cPanel, there is an inbuilt script known as securemysql located in /scripts. This script can be used to secure MySQL server configuration with numerous commands.

The script makes sure whether the MySQL root password is set or not, checks whether if the MySQL database data directory is correctly owned by user mysql so it cannot be read by rogue users or insecure / compromised PHP scripts.

To know more about the options that can be used with the script, use the h flag to query it for informational output:

Code: [Select]
root@aast [~]# /scripts/securemysql -h
securemysql 0.2
 Options:
 -q  - Quiet execution
 -F  - Bypass the help message
 -a  - Specify additional actions (comma separated list), or blank for all
 -h  - Print this message and exit.
This script attempts to secure the MySQL configuration by doing the following:
 (always executed) Ensure root password for MySQL is set.
 (always executed) Changes ownership of /var/db/mysql or /var/lib/mysql to mysql
 Additionally, the following actions can be specified:
    [optional]
    removeanon           - Remove any anonymous users
    removetestdb         - Remove test database
    removelockntmp       - Remove global lock tables and create tmp table privileges from users
    removeremoteroot     - Remove remote root login
    removehordeallhosts  - Remove insecure horde login and privileges
    removehordeblankpass - Remove horde users with blank password
 Examples:
    ./securemysql -q -F -a removeanon,removetestdb,removelockntmp,removeremoteroot
    ./securemysql -q -F -a "removeanon, removetestdb, removelockntmp"
    ./securemysql -q -F -aremovehordeallhosts
The examples show common usages for the scripts, including: removing anonymous users, removing test databases, removing the ability to remotely login as root, even fixing insecure Horde webmail SQL permissions.

The below example would  remove any Anonymous SQL users, remove test databases, remove the global lock tables, create tmp table privileges from users, and remove the ability to login to MySQL as root remotely.

Code: [Select]
root@aast [~]# /scripts/securemysql -F -a removeanon,removetestdb,removelockntmp,removeremoteroot
Removing anonymous users ... Done
Removing remote root login ... Done
Dropping global lock tables and create tmp tables permissions ... Done
Removing all privileges for test db ... Done
Flushing privileges table ... Done.
Dropping test database... Done
root@cpanel [~]#
It's first suggested to backup the data directory and run the securemysql script to remove the possibility of your system being compromised due: to anonymous users, weak or missing root privileges, or worse the ability to login as the root MySQL user remotely, from outside the server.

Thank you for reading, keep sharing!!  :)
Logged
Pages: [1]   Go Up
« previous next »