Results 1 to 3 of 3

Thread: MySQL Package Defaults

  1. #1

    Default MySQL Package Defaults

    Hi,

    I've noticed two unfortunate defaults of the SLES and OpenSUSE MySQL packages. By default, they are not configured to start on boot. You must `sudo chkconfig mysql off` then `sudo chkconfig mysql on`. You normally only find this out once someone calls you complaining that their website or application is unavailable (yeah, makes you look like an idiot). The other issue is that remote access seems to be enabled by default also. In other words, MySQL isn't bound to 127.0.0.1, but rather all interfaces. Again, something which you'd likely find out AFTER you're MySQL has been compromised.

    On every other distro I've used, MySQL has been configured to auto-start, and remote connections never allowed. Who is responsible for the SUSE MySQL package, and how do I try and get these dangerous defaults changed?

    Cheers,
    Tom

  2. #2
    Join Date
    Oct 2011
    Location
    Germany (Ore Mountains)
    Posts
    427

    Default Re: MySQL Package Defaults

    Quote Originally Posted by tomwardrop View Post
    Hi,

    I've noticed two unfortunate defaults of the SLES and OpenSUSE MySQL packages. By default, they are not configured to start on boot. You must `sudo chkconfig mysql off` then `sudo chkconfig mysql on`. You normally only find this out once someone calls you complaining that their website or application is unavailable (yeah, makes you look like an idiot). The other issue is that remote access seems to be enabled by default also. In other words, MySQL isn't bound to 127.0.0.1, but rather all interfaces. Again, something which you'd likely find out AFTER you're MySQL has been compromised.

    On every other distro I've used, MySQL has been configured to auto-start, and remote connections never allowed. Who is responsible for the SUSE MySQL package, and how do I try and get these dangerous defaults changed?

    Cheers,
    Tom
    Please create a bug report at https://bugzilla.novell.com/
    The package maintainer will then decide, if this is a bug or a feature

    Hendrik

  3. #3
    Join Date
    Jun 2008
    Location
    West Yorkshire, UK
    Posts
    3,450

    Default Re: MySQL Package Defaults

    Four reasons for this situation:
    1 openSUSE doesn't hold your hand
    2 if you are restoring from a mysqldump backup, that should remove all the security holes which are deliberately left by the mysql/MariaDB developers
    3 if you are starting from scratch, simply run mysql_secure_installation, put in your root password in answer to question 1 and answer y to all the other questions; the mysql/MariaDB developers supply this program to deal with the security holes they have deliberately left - it's just that the openSUSE packagers allow you to run it yourself
    4 if you are running more than a single server, running mysql_secure_installation may hinder what you want to do.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •