Supporting over 70 collations, more than 30 character sets, multiple storage engines, and deployment in virtualized environment, MySQL is a mission-critical database server that is used by production servers all over the world. It is capable of hosting a vast number of individual databases and it can provide support for various roles across your entire network. MySQL server has become synonymous with the World Wide Web (WWW), is used by desktop software, extends local services, and is one of the world’s most popular relational database systems. The purpose of this process is to show you how to download, install, and lockdown MariaDB, which is the default implementation of MySQL in CentOS 7. MariaDB is open source and fully compatible with MySQL and adds several new features; for example, a non-blocking client API library, new storage engines with better performance, enhanced server status variables, and replication.
To Start With: What Do You Need?
To complete this process, you will require a working installation of the CentOS 7 operating system with root privileges, a console-based text editor of your choice, and a connection to the Internet in order to download additional packages. It is expected that your server will be using a static IP address.
The Process
As the MariaDB Database Management System (DBMS) is not installed by default on CentOS 7, we will start this process by installing the required packages.
- To begin, log in as root and type the following command to install the required packages:
yum install mariadb-server mariadb
- When complete, ensure the service starts at boot before starting the service:
systemctl enable mariadb.service && systemctl start mariadb.service
- Finally, begin the secure installation process with the following command:
mysql_secure_installation
- When you first run the previous command, you will be asked to provide a password but as this value has not been set, press the Enter key to represent the value (blank) none.
- Now you will be asked a number of simple questions which will help you in the process of hardening your MariaDB DBMS system. It is good advice to choose Yes (Y) to every question for maximum security unless you are already a MariaDB expert and really require a certain feature.
- Finally, test if you can connect and login to the MariaDB service locally using the MariaDB command-line client called mysql. The test passes if the following command outputs all the MariaDB user names together with their associated hosts known to the MariaDB server (enter the administrator root password you set in the last step when prompted):
echo "select User,Host from user" | mysql -u root -p mysql
How Does It Work?
MariaDB is a fast, efficient, multithreaded, and robust SQL database server. It supports multiple users and provides access to a number of storage engines, and by following a few short steps, you now know how to install, secure, and login to your MariaDB server.
So what did we learn from this experience?
We started the process by installing the necessary package for the MariaDB server (mariadb-server) and also the client shell interface (mariadb) for controlling and querying the server. Having done this, we then proceeded to ensure that the MariaDB daemon (mariadb.service) would start during the boot process before we actually started it. At this point we had a working installation, but in order to ensure that our installation was safe we then invoked the secure installation script in order to guide us through a few simple steps to harden our basic installation. As the basic installation process does not enable us to set a default password for the root user, we did it here as a first step in the script, so we could be certain that no one could access the MariaDB root user account without the required authorization. We then discovered that a typical MariaDB installation maintains an anonymous user. The purpose of this is to allow anyone to login to our database server without having to have a valid user account. It is typically used for testing purposes only, and unless you are in unique circumstances that require this facility, it is always advisable to remove this feature. Following this, and to ensure that the root user could not access our MariaDB server installation, we then opted to disallow remote root access before removing the test database and performing a reload of the privilege tables. Finally, we ran a small test to see if we could connect to the database with the root user and query some data from the user table (which is part of the standard mysql database).
Having completed the steps of the process, we have learned that the process of installing and securing the MariaDB server is very simple. Of course, there are always more things that can be done in order to make the installation useful but the purpose of this process was to show you that the most important part of installing your new database system was to make it secure. Remember, the act of running mysql_secure_installation is recommended for all MariaDB servers and it is advisable regardless of whether you are building a development server or one that is used in a production environment. As a server administrator, security should always remain your top priority.