12 Mafi kyawun Ayyukan Tsaro na MySQL/MariaDB don Linux
MySQL shine mashahurin tsarin tushen tushen tushen bayanai na duniya kuma MariaDB (cokali mai yatsa na MySQL) shine tsarin buɗaɗɗen tushen tushen bayanai cikin sauri a duniya. Bayan shigar da uwar garken MySQL, ba shi da tsaro a cikin saitunan tsoho, kuma kiyaye shi yana ɗaya daga cikin mahimman ayyuka a cikin sarrafa bayanai gaba ɗaya.
Wannan zai ba da gudummawa ga taurare da haɓaka tsaro na uwar garken Linux gabaɗaya, kamar yadda maharan koyaushe suna bincika rashin lafiyar kowane sashe na tsarin, kuma bayanan bayanan sun kasance a baya sune mahimman wuraren da ake hari. Misali gama gari shine tilastawa tushen kalmar sirri don bayanan MySQL.
A cikin wannan jagorar, zamuyi bayanin mafi kyawun aikin tsaro na MySQL/MariaDB don Linux.
1. Amintaccen Shigar MySQL
Wannan shine matakin farko da aka ba da shawarar bayan shigar da uwar garken MySQL, zuwa ga amintaccen uwar garken bayanai. Wannan rubutun yana sauƙaƙe inganta tsaro na uwar garken MySQL ta hanyar tambayar ku:
- saitin kalmar sirri don tushen asusun, idan ba ku saita shi yayin shigarwa ba.
- kashe ramut mai amfani da shiga ta hanyar cire tushen asusun da ake samun dama daga wajen mai masaukin gida.
- cire asusun mai amfani da ba a san su ba da gwada bayanan bayanan da duk masu amfani za su iya shiga ta tsohuwa, har ma da masu amfani da ba a san su ba.
# mysql_secure_installation
Bayan kunna shi, saita tushen kalmar sirri kuma amsa jerin tambayoyin ta shigar da [Ee/Y] sannan danna [Enter].
2. Daure Database Server To Loopback Address
Wannan saitin zai hana shiga daga injunan nesa, yana gaya wa uwar garken MySQL don karɓar haɗin kai daga cikin localhost kawai. Kuna iya saita shi a babban fayil ɗin sanyi.
# vi /etc/my.cnf [RHEL/CentOS] # vi /etc/mysql/my.conf [Debian/Ubuntu] OR # vi /etc/mysql/mysql.conf.d/mysqld.cnf [Debian/Ubuntu]
Ƙara layin da ke ƙasa ƙarƙashin sashin [mysqld].
bind-address = 127.0.0.1
3. Kashe LOCAL INFILE a cikin MySQL
A matsayin wani ɓangare na ƙarfafa tsaro, kuna buƙatar musaki local_infile don hana isa ga tsarin fayil ɗin da ke cikin MySQL ta amfani da umarni mai zuwa ƙarƙashin sashin [mysqld].
local-infile=0
4. Canza MYSQL Default Port
Mai canza tashar tashar jiragen ruwa yana saita lambar tashar tashar MySQL wacce za a yi amfani da ita don saurare akan haɗin TCP/IP. Tsohuwar lambar tashar tashar jiragen ruwa ita ce 3306 amma kuna iya canza shi a ƙarƙashin sashin [mysqld] kamar yadda aka nuna.
Port=5000
5. Kunna MySQL Logging
Logs suna ɗaya daga cikin mafi kyawun hanyoyin fahimtar abin da ke faruwa akan uwar garken, idan an kai hari, zaka iya ganin duk wani aiki da ya shafi kutse daga fayilolin log ɗin cikin sauƙi. Kuna iya kunna shigar MySQL ta ƙara mai canzawa mai zuwa ƙarƙashin sashin [mysqld].
log=/var/log/mysql.log
6. Saita Izinin Dace akan Fayilolin MySQL
Tabbatar cewa kuna da izini masu dacewa da aka saita don duk fayilolin uwar garken mysql da kundayen adireshi. Fayil ɗin /etc/my.conf yakamata a iya rubuta shi kawai zuwa tushen. Wannan yana toshe sauran masu amfani daga canza saitunan uwar garken bayanai.
# chmod 644 /etc/my.cnf
7. Share MySQL Shell History
Duk umarnin da kuka aiwatar akan harsashi MySQL ana adana su ta abokin ciniki na mysql a cikin fayil ɗin tarihi: ~/.mysql_history. Wannan na iya zama haɗari, saboda ga kowane asusun mai amfani da za ku ƙirƙira, duk sunayen mai amfani da kalmomin shiga da aka buga akan harsashi za a rubuta su a cikin fayil ɗin tarihi.
# cat /dev/null > ~/.mysql_history
8. Kada ku Run MySQL Dokokin daga Commandline
Kamar yadda kuka riga kuka sani, duk umarnin da kuka buga akan tashar ana adana su a cikin fayil ɗin tarihi, gwargwadon harsashin da kuke amfani da shi (misali ~/.bash_history for bash). Maharin da ya sami damar shiga wannan fayil ɗin tarihin yana iya ganin kowane kalmar sirri da aka yi rikodin a wurin cikin sauƙi.
Ba a ba da shawarar rubuta kalmomin shiga ba akan layin umarni, wani abu kamar haka:
# mysql -u root -ppassword_
Lokacin da kuka duba sashin ƙarshe na fayil ɗin tarihin umarni, zaku ga kalmar sirri da aka buga a sama.
# history
Hanyar da ta dace don haɗa MySQL shine.
# mysql -u root -p Enter password:
9. Ƙayyade takamaiman Masu amfani da Database na Aikace-aikace
Ga kowane aikace-aikacen da ke gudana akan uwar garken, ba da damar kawai ga mai amfani wanda ke kula da bayanan bayanai don aikace-aikacen da aka bayar. Misali, idan kuna da rukunin yanar gizon wordpress, ƙirƙirar takamaiman mai amfani don bayanan rukunin yanar gizon wordpress kamar haka.
# mysql -u root -p MariaDB [(none)]> CREATE DATABASE osclass_db; MariaDB [(none)]> CREATE USER 'osclassdmin'@'localhost' IDENTIFIED BY '[email %!2'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON osclass_db.* TO 'osclassdmin'@'localhost'; MariaDB [(none)]> FLUSH PRIVILEGES; MariaDB [(none)]> exit
kuma ku tuna koyaushe cire asusun mai amfani waɗanda ba sa sarrafa kowane bayanan aikace-aikacen akan sabar.
10. Yi Amfani da Ƙarin Tsaro Plugins da Laburare
MySQL ya haɗa da adadin plugins na tsaro don: tabbatar da yunƙurin abokan ciniki don haɗawa da sabar mysql, tabbatar da kalmar sirri da adana ma'auni don mahimman bayanai, waɗanda duk suna cikin sigar kyauta.
Kuna iya samun ƙarin anan: https://dev.mysql.com/doc/refman/5.7/en/security-plugins.html
11. Canja MySQL Passwords akai-akai
Wannan yanki ne gama gari na bayanai/aiki/nasihar tsaro na tsarin. Sau nawa ka yi wannan zai dogara kacokan akan manufofin tsaro na cikin gida. Koyaya, yana iya hana \snoopers waɗanda ƙila suna bin ayyukanku na dogon lokaci daga samun damar shiga uwar garken mysql.
MariaDB [(none)]> USE mysql;
MariaDB [(none)]> UPDATE user SET password=PASSWORD('YourPasswordHere') WHERE User='root' AND Host = 'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;
12. Sabunta kunshin MySQL Server akai-akai
Ana ba da shawarar sosai don haɓaka fakitin mysql/mariadb akai-akai don ci gaba da sabunta tsaro da gyaran kwaro, daga ma'ajiyar dillali. Yawanci fakiti a cikin tsoffin ma'ajin tsarin aiki sun tsufa.
# yum update # apt update
Bayan yin kowane canje-canje ga uwar garken mysql/mariadb, koyaushe zata sake farawa sabis.
# systemctl restart mariadb #RHEL/CentOS # systemctl restart mysql #Debian/Ubuntu
Shi ke nan! Muna son ji daga gare ku ta hanyar sharhin da ke ƙasa. Yi raba tare da mu kowane matakan tsaro na MySQL/MariaDB da suka ɓace a cikin jerin sama.