Need to migrate your e-mails to a new server? Free and paid versions of our online tool available.
Hero Image

Secure MySQL on OpenBSD 7.5

mysql openbsd mysql

Secure MySQL on OpenBSD 7.5

Step 1 – Run mysql_secure_installation

mysql_secure_installation

Set root password, remove anonymous users, disallow remote root login, remove test DB.

Step 2 – Bind to localhost

[mysqld]
bind-address = 127.0.0.1

Step 3 – Audit users

SELECT User, Host, plugin FROM mysql.user;
DELETE FROM mysql.user WHERE authentication_string = '' AND User != '';
FLUSH PRIVILEGES;

Step 4 – Require SSL for a user

ALTER USER 'appuser'@'%' REQUIRE SSL;
SHOW VARIABLES LIKE '%ssl%';

Step 5 – Firewall – allow MySQL only from trusted subnet

# /etc/pf.conf: pass in proto tcp from 192.168.1.0/24 to port 3306
Previous Post Next Post