MySQL Security Checklist
Background
1.Read the MySQL security guidelines at http://dev.mysql.com/doc/mysql/en/Security.html.
2.Visit http://www.mysql.com/products/mysql/ often, and check for updates.
3.Know
your bugs! Check vulnerability databases such as SecurityFocus and ICAT
regularly for MySQL bugs, and (if you can stand the noise levels)
subscribe to security mailing lists such as VulnWatch, BugTraq, and the
MySQL mailing lists.
Operating System
1.Deploy IPTables (Linux), an IPSec filtering ruleset (Windows), or some other host-based firewall software on your MySQL servers.
2.Use a low-privileged mysql account to run the MySQL daemon. This is the default on some platforms, but not others.
3.Run mysqld with the --chroot option.
4.Ensure that the MySQL user cannot access files
outside of a limited set of directories. Specifically, the MySQL user
should be prohibited from reading operating system configuration files.
In some cases you might want to prevent the MySQL user from being able
to modify the MySQL configuration files.
5.Ensure that MySQL data files (normally residing
beneath the MySQL data directory) cannot be read by users other than
the root or Administrator account, and the account that MySQL is
running under.
6.Plaintext credentials. Ensure that no user other
than the MySQL user can read any MySQL configuration and log files. The
files my.cnf, my.ini, and master.info commonly have plaintext usernames
and passwords in them, and the query log file (if present) is likely to
contain passwords.
7.Turn off unnecessary services or daemons.
8.Make sure you don't have anything in your .mysql_history file.
MySQL Users
1.Set a "strong" password for the root@localhost account.
2.Remove all non-root MySQL users.
3.Rename the root MySQL user to something obscure.
4.If remote connections are enabled, specify REQUIRE SSL in the GRANT statement used to set up the user.
5.Create a MySQL user for each web application—or
possibly for each role within each web application. For instance, you
might have one MySQL user that you use to update tables, and another,
lower-privileged user that you use to "select" from tables.
6.Ensure that MySQL users are restricted by IP
address as well as passwords. See section 5.4 of the MySQL manual, "The
MySQL Access Privilege System," for more information.
7.Don't give accounts privileges that they don't absolutely need, especially File_priv, Grant_priv, and Super_priv.
8.Never give anyone (other than root or whatever you call your root account) access to the mysql.user table.
MySQL Configuration
1.Enable logging via the --log option.
2.Disable the LOAD DATA LOCAL INFILE command by adding set-variable=local-infile=0 to the my.cnf file.
3.Remove any unused UDFs
4.If you're using only local connections, disable TCP/IP connections via the --skip-networking option.
5.Depending on your operating system, and how your
data directory is configured, you might want to disallow the use of
symbolic links via the skip-symbolic-links option.
6.Remove the default test database.
7.Ensure MySQL traffic is encrypted.
Routine Audit
1.Check your logs.
2.Enumerate users and use the "show grants" statement regularly to see what privileges are granted to which users.
3.Periodically do a quick check on password hashes.
Background
1.Read the MySQL security guidelines at http://dev.mysql.com/doc/mysql/en/Security.html.
2.Visit http://www.mysql.com/products/mysql/ often, and check for updates.
3.Know
your bugs! Check vulnerability databases such as SecurityFocus and ICAT
regularly for MySQL bugs, and (if you can stand the noise levels)
subscribe to security mailing lists such as VulnWatch, BugTraq, and the
MySQL mailing lists.
Operating System
1.Deploy IPTables (Linux), an IPSec filtering ruleset (Windows), or some other host-based firewall software on your MySQL servers.
2.Use a low-privileged mysql account to run the MySQL daemon. This is the default on some platforms, but not others.
3.Run mysqld with the --chroot option.
4.Ensure that the MySQL user cannot access files
outside of a limited set of directories. Specifically, the MySQL user
should be prohibited from reading operating system configuration files.
In some cases you might want to prevent the MySQL user from being able
to modify the MySQL configuration files.
5.Ensure that MySQL data files (normally residing
beneath the MySQL data directory) cannot be read by users other than
the root or Administrator account, and the account that MySQL is
running under.
6.Plaintext credentials. Ensure that no user other
than the MySQL user can read any MySQL configuration and log files. The
files my.cnf, my.ini, and master.info commonly have plaintext usernames
and passwords in them, and the query log file (if present) is likely to
contain passwords.
7.Turn off unnecessary services or daemons.
8.Make sure you don't have anything in your .mysql_history file.
MySQL Users
1.Set a "strong" password for the root@localhost account.
2.Remove all non-root MySQL users.
3.Rename the root MySQL user to something obscure.
4.If remote connections are enabled, specify REQUIRE SSL in the GRANT statement used to set up the user.
5.Create a MySQL user for each web application—or
possibly for each role within each web application. For instance, you
might have one MySQL user that you use to update tables, and another,
lower-privileged user that you use to "select" from tables.
6.Ensure that MySQL users are restricted by IP
address as well as passwords. See section 5.4 of the MySQL manual, "The
MySQL Access Privilege System," for more information.
7.Don't give accounts privileges that they don't absolutely need, especially File_priv, Grant_priv, and Super_priv.
8.Never give anyone (other than root or whatever you call your root account) access to the mysql.user table.
MySQL Configuration
1.Enable logging via the --log option.
2.Disable the LOAD DATA LOCAL INFILE command by adding set-variable=local-infile=0 to the my.cnf file.
3.Remove any unused UDFs
4.If you're using only local connections, disable TCP/IP connections via the --skip-networking option.
5.Depending on your operating system, and how your
data directory is configured, you might want to disallow the use of
symbolic links via the skip-symbolic-links option.
6.Remove the default test database.
7.Ensure MySQL traffic is encrypted.
Routine Audit
1.Check your logs.
2.Enumerate users and use the "show grants" statement regularly to see what privileges are granted to which users.
3.Periodically do a quick check on password hashes.
No comments:
Post a Comment