The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Поиск:  Каталог документации

4. Configuring MySQL

4.1. Securing MySQL

Because you are using MySQL to authenticate users, you need to restrict network access to Port 3306.

I suggest to just bind MySQL only to the loopback interface This makes sure nobody can connect to your MySQL Daemon via the network.

Edit /etc/init.d/mysql.server and change line 107 as following:

Original line:

$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file&

Changed line:

$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file \

(Re-)start your MySQL-Daemon by issuing /etc/init.d/mysql.server start

To ensure the configuration change was successful issue: netstat -an|grep LISTEN. The Output should be looking similar to this:

bond:~ # netstat -an|grep LISTEN
tcp        0      0*               LISTEN

4.2. Setting up rinetd

This step is only necessary if you run the mysql sever on another host than the mailserver. It allows you to securely connect from another host by allowing only defined IP adresses.

The example used is from the view of the host serving the MySQL database. Lets assume your mailserver has the IP and the MySQL host has

Edit /etc/rinetd.conf and add: 3306 3306

This means: The MySQL host is listening on port 3306. If is attempting a connection, it is forwared to All other hosts are rejected.

Inferno Solutions
Hosting by

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру