Need to migrate your e-mails to a new server? Free and paid versions of our online tool available.
Hero Image

Secure MySQL on AlmaLinux 9

mysql almalinux mysql

Secure MySQL on AlmaLinux 9

Step 1 – Run mysql_secure_installation

mysql_secure_installation

Set root password, remove anonymous users, disallow remote root login, remove test DB.

Step 2 – Bind to localhost

[mysqld]
bind-address = 127.0.0.1

Step 3 – Audit users

SELECT User, Host, plugin FROM mysql.user;
DELETE FROM mysql.user WHERE authentication_string = '' AND User != '';
FLUSH PRIVILEGES;

Step 4 – Require SSL for a user

ALTER USER 'appuser'@'%' REQUIRE SSL;
SHOW VARIABLES LIKE '%ssl%';

Step 5 – Firewall – allow MySQL only from trusted subnet

firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=192.168.1.0/24 port port=3306 protocol=tcp accept'
firewall-cmd --reload
Previous Post Next Post