LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/Postfix-Cyrus-Web-cyradm-HOWTO/mysql-config.html

257 lines
4.1 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Configuring MySQL</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Postfix-Cyrus-Web-cyradm-HOWTO"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="Getting and installing the software"
HREF="install.html"><LINK
REL="NEXT"
TITLE="Configuring PAM"
HREF="pam-config.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Postfix-Cyrus-Web-cyradm-HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="install.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="pam-config.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="MYSQL-CONFIG"
></A
>4. Configuring MySQL</H1
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="MYSQL-CONFIG-SECURING"
></A
>4.1. Securing MySQL</H2
><P
>Because you are using MySQL to authenticate users, you need to restrict network access
to port 3306.</P
><P
>The easiest way is to only bind MySQL to the loopback interface 127.0.0.1.
This makes sure nobody can connect to your MySQL daemon via the network.</P
><P
> Edit <TT
CLASS="FILENAME"
>/etc/init.d/mysql.server</TT
> and change line 107 as following:</P
><P
>Original line:</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file&#38;</PRE
></FONT
></TD
></TR
></TABLE
><P
>Changed line:</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>$bindir/safe_mysqld --datadir=$datadir --pid-file=$pid_file \
--bind-address=127.0.0.1&#38;</PRE
></FONT
></TD
></TR
></TABLE
><P
>Restart your MySQL daemon by issuing the command<B
CLASS="COMMAND"
>/etc/init.d/mysql.server start</B
></P
><P
>To ensure the configuration change was successful, <B
CLASS="COMMAND"
>netstat -an|grep LISTEN</B
>. The
Output should be looking similar to this:</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>bond:~ # netstat -an|grep LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN</PRE
></FONT
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="MYSQL-RINETD"
></A
>4.2. Setting up rinetd</H2
><P
>This step is only necessary if you run the MySQL sever on host other than the mail server. This allows
you to securely connect from another host since access is allowed only from pre-defined IP addresses.</P
><P
>The example used is from the view of the host serving the MySQL database. Lets assume your
mail server has the IP 192.168.0.100 and the MySQL host has 192.168.0.200</P
><P
> Edit <TT
CLASS="FILENAME"
>/etc/rinetd.conf</TT
> and add:</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
>192.168.0.200 3306 127.0.0.1 3306
allow 192.168.0.100</PRE
></FONT
></TD
></TR
></TABLE
><P
>This means: The MySQL host is listening on 192.168.0.200 port 3306. If 192.168.0.100
attempts a connection, it is forwarded to 127.0.0.1:3306. All other hosts are rejected. </P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="install.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="pam-config.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Getting and installing the software</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Configuring PAM</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink