I’ve noticed two unfortunate defaults of the SLES and OpenSUSE MySQL packages. By default, they are not configured to start on boot. You must sudo chkconfig mysql off then sudo chkconfig mysql on. You normally only find this out once someone calls you complaining that their website or application is unavailable (yeah, makes you look like an idiot). The other issue is that remote access seems to be enabled by default also. In other words, MySQL isn’t bound to 127.0.0.1, but rather all interfaces. Again, something which you’d likely find out AFTER you’re MySQL has been compromised.
On every other distro I’ve used, MySQL has been configured to auto-start, and remote connections never allowed. Who is responsible for the SUSE MySQL package, and how do I try and get these dangerous defaults changed?
Four reasons for this situation:
1 openSUSE doesn’t hold your hand
2 if you are restoring from a mysqldump backup, that should remove all the security holes which are deliberately left by the mysql/MariaDB developers
3 if you are starting from scratch, simply run mysql_secure_installation, put in your root password in answer to question 1 and answer y to all the other questions; the mysql/MariaDB developers supply this program to deal with the security holes they have deliberately left - it’s just that the openSUSE packagers allow you to run it yourself
4 if you are running more than a single server, running mysql_secure_installation may hinder what you want to do.
