ºìÁªLinuxÃÅ»§
Linux°ïÖú
µ±Ç°Î»ÖÃ: ºìÁªLinuxÃÅ»§ > LinuxÊý¾Ý¿âÓ¦ÓÃ

¼Ó¹ÌÄãµÄMySQL

·¢²¼Ê±¼ä:2005-11-06 21:47:29À´Ô´:ºìÁª×÷Õß:CMK
×÷Õß:Íõ¹â»Ô
Ç°ÑÔ

¡¡¡¡MySQLÒѾ­³ÉΪµ±Ç°ÍøÂçÖÐʹÓÃ×î¶àµÄÊý¾Ý¿âÖ®Ò»£¬ÌرðÊÇÔÚWebÓ¦ÓÃÉÏ£¬ËüÕ¼¾ÝÁËÖÐСÐÍÓ¦Óõľø¶ÔÓÅÊÆ¡£ÕâÒ»Çж¼Ô´ÓÚËüµÄСÇÉÒ×Óá¢ËüµÄ°²È«ÓÐЧ¡¢ËüµÄ¿ª·ÅʽÐí¿É¡¢ËüµÄ¶àƽ̨£¬¸üÖ÷ÒªµÄÊÇËüÓëÈý´óWebÓïÑÔÖ®----PHPµÄÍêÃÀ½áºÏ¡£

¡¡¡¡µ«²»ÐÒµÄÊÇ£¬Ò»¸öȱʡ°²È«µÄMySQL£¬»áÒòΪrootÃÜÂëΪ¿Õ¼°³ÌÐò©¶´µ¼Ö±»Òç³ö£¬Ê¹µÃ°²×°MySQLµÄ·þÎñÆ÷³ÉΪ±»¾­³£¹¥»÷µÄ¶ÔÏ󡣸üÑÏÖصÄÊÇ£¬±»¹¥»÷Ö®ºóÊý¾Ý¿âÍùÍùÔâÆÆ»µ£¬Ôì³ÉÔÖÄÑÐԵĺó¹û¡£ÏÂÃ潫½øÈëΪÁ˱£»¤Êý¾Ý¶ø½øÐеı£ÎÀÕ½ÖС£

»·¾³ÒªÇó

1£®ÏµÍ³»·¾³

¡¡¡¡Ò»Ì¨Red Hat 9.0×Ô¶¨Òå°²×°µÄ·þÎñÆ÷£¬ÏµÍ³°²×°ÁËGCC¼°Ò»Ð©ÆäËüÒªÇóµÄÈí¼þ°ü£¬±ÈÈçApache¡¢PHPµÈ¡£°²×°ÍêϵͳºóµÄµÚÒ»¼þʾÍÊÇÉý¼¶ÏµÍ³µÄÈí¼þ°ü¡£×÷ΪWeb·þÎñÆ÷£¬ÏµÍ³½ÓÊÜPHP½Å±¾µÄÇëÇó£¬PHPÔòʹÓÃÏÂÃ潫Ҫ°²×°µÄMySQLÊý¾Ý¿â×÷Ϊ¶¯Ì¬·¢²¼µÄ½Ó´¥¡£

¡¡¡¡·ÖÇøÇé¿öµÄÒªÇóºÍÒ»°ãϵͳ²î²»¶à£¬Î©Ò»²»Í¬Ö®´¦ÔÚÓÚºóÃ潨Á¢µÄ/chrootÓë/tmpÒªÇóÔÚͬһ¸ö·ÖÇøÉÏ¡£

2£®°²È«ÒªÇó


£¨1£©MySQLÔËÐÐÔÚÒ»¸ö¶ÀÁ¢µÄ£¨Chroot£©»·¾³Ï£»
£¨2£©mysqld½ø³ÌÔËÐÐÓÚÒ»¸ö¶ÀÁ¢µÄÓû§/Óû§×éÏ£¬
¡¡¡¡ ´ËÓû§ºÍÓû§×éûÓиùĿ¼£¬Ã»ÓÐshell£¬Ò²²»ÄÜÓÃÓÚÆäËü³ÌÐò£»
£¨3£©ÐÞ¸ÄMySQLµÄrootÕʺţ¬²¢Ê¹ÓÃÒ»¸ö¸´ÔÓµÄÃÜÂ룻
£¨4£©Ö»ÔÊÐí±¾µØÁ¬½ÓMySQL£¬Æô¶¯MySQLʱÍøÂçÁ¬½Ó±»½ûÖ¹µô£»
£¨5£©±£Ö¤Á¬½ÓMySQLµÄnobodyÕʺŵǽ±»½ûÖ¹£»
£¨6£©É¾³ýtestÊý¾Ý¿â¡£



°²×°MySQL

1£®°²×°×¼±¸

¡¡¡¡°²×°MySQL֮ǰ£¬°´ÕÕÉÏÊö°²È«ÒªÇóÐèÒª´´½¨Ò»¸öÓÃÓÚÆô¶¯MySQLµÄÓû§ºÍ×é¡£


#groupadd mysql
#useradd mysql -c "start mysqld's account" -d /dev/null -g mysql -s /sbin/nologin



2£®±àÒëºÍ°²×°

¡¡¡¡ÏÂÔØMySQLÔ´´úÂë°ü:


#wget http://mysql.he.net/Downloads/MySQL-4.0/mysql-4.0.16.tar.gz



½âѹËõ:


#tar -zxvf mysql-4.0.16.tar.gz



¡¡¡¡Ò»°ã°ÑMySQL°²×°ÔÚ/usr/local/mysqlÏ£¬Èç¹ûÓÐÌØÊâÒªÇó£¬Ò²¿É×ÔÐе÷Õû¡£²»¹ýÕâÑù×öÒâÒå²»´ó£¬ÒòΪºóÃ潫Chrooting£¬µ½Ê±Ö»ÊÇʹÓÃÕâÀïµÄ¿Í»§¹¤¾ß¶øÒÑ£¬±ÈÈçmysql£¬mysqladmin£¬mysqldumpµÈ¡£ÏÂÃæ¾Í¿ªÊ¼±àÒë°²×°°É¡£


#./configure --prefix=/usr/local/mysql \
--with-mysqld-user=mysql \
--with-unix-socket-path=/tmp/mysql.sock \
--with-mysqld-ldflags=-all-static
#make && make install
#strip /usr/local/mysql/libexec/mysqld
#scripts/mysql_install_db
#chown -R root /usr/local/mysql
#chown -R mysql /usr/local/mysql/var
#chgrp -R mysql /usr/local/mysql



¡¡¡¡ÉÏÃæ¸÷²½ÖèµÄ¾ßÌå×÷ÓÃÔÚMySQLÊÖ²áÀïÒÑÓнéÉÜ£¬Î©Ò»ÐèÒª½âÊÍ¡¢ºÍÒ»°ã²½Ö費ͬµÄµØ·½ÔÚÓÚ--with-mysqld-ldflags=-all-static¡£ÒòΪÐèÒªÓõ½Chroot»·¾³£¬¶øMySQL±¾ÉíÁ¬½Ó³É¾²Ì¬ºó¾ÍÎÞÐèÔÙ´´½¨Ò»Ð©¿â»·¾³ÁË¡£

3£®ÅäÖÃÓëÆô¶¯

¡¡¡¡MySQLµÄÅäÖÃÎļþÐèÒªÊÖ¹¤Ñ¡Ôñ¡¢¿½±´¼¸¸öÄ£°åÎļþÖеÄÒ»¸öµ½/etcÏ£¬Õ⼸¸öÄ£°åÎļþλÓÚÔ´ÎļþµÄsupport-filesĿ¼£¬Ò»¹²4¸ö£ºsmall¡¢medium¡¢large¡¢huge¡£


#cp support-files/my-medium.cnf /etc/my.cnf
#chown root:sys /etc/my.cnf
#chmod 644 /etc/my.cnf


Æô¶¯MySQL£¬×¢ÒâʹÓÃÓû§Îªmysql£º
#/usr/local/mysq/bin/mysqld_safe --user=mysql &



4£®²âÊÔ

¡¡¡¡ÎªÁ˲âÊÔ°²×°µÄ³ÌÐòÊÇ·ñÕýÈ·¼°MySQLÊÇ·ñÒѾ­Æô¶¯Õý³££¬×îºÃµÄ°ì·¨¾ÍÊÇÓÃMySQL¿Í»§¶ËÀ´Á¬½ÓÊý¾Ý¿â¡£


#/usr/local/mysql/bin/mysql
[root@ftp bin]# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 687 to server version: 3.23.58
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql>
mysql> show databases;
+--------------+
| Database |
+--------------+
| mysql |
| test |
+--------------+
2 rows in set (0.00 sec)
mysql>quit



¡¡¡¡Á¬½Ó³É¹¦£¬¿ÉÒԹرÕÊý¾Ý¿â£º


#/usr/local/mysql/bin/mysqladmin -uroot shutdown



¡¡¡¡Èç¹ûÁ¬½Óʧ°ÜÔòÐèÒª×Ðϸ·ÖÎö³ö´íÔ­Òò£º


#more /usr/local/mysql/var/`hostname`.err



Chrooting

1£®Chrooting»·¾³

¡¡¡¡ChrootÊÇUnix/ÀàUnixµÄÒ»ÖÖÊֶΣ¬ËüµÄ½¨Á¢»á½«ÆäÓëÖ÷ϵͳ¼¸ºõÍêÈ«¸ôÀ룬Ҳ¾ÍÊÇ˵£¬Ò»µ©Ô⵽ʲôÎÊÌ⣬Ҳ²»»áΣ¼°µ½ÕýÔÚÔËÐеÄÖ÷ϵͳ¡£ÕâÊÇÒ»¸ö·Ç³£ÓÐЧµÄ°ì·¨£¬ÌرðÊÇÔÚÅäÖÃÍøÂç·þÎñ³ÌÐòµÄʱºò¡£

2£®ChrootµÄ׼ȷ¹¤×÷

¡¡¡¡Ê×ÏÈ£¬Ó¦µ±½¨Á¢Èçͼ1ʾĿ¼½á¹¹£º

ͼ1 Ŀ¼½á¹¹
#mkdir -p /chroot/mysql/dev
#mkdir -p /chroot/mysql/etc
#mkdir -p /chroot/mysql/tmp
#mkdir -p /chroot/mysql/var/tmp
#mkdir -p /chroot/mysql/usr/local/mysql/libexec
#mkdir -p /chroot/mysql/usr/local/mysql/share/mysql/english



¡¡¡¡È»ºóÉ趨Ŀ¼ȨÏÞ£º


#chown -R root:sys /chroot/mysql
#chmod -R 755 /chroot/mysql
#chmod 1777 /chroot/mysql/tmp



3£®¿½±´mysqlϵijÌÐòºÍÎļþµ½chrootÏÂ


#cp -p /usr/local/mysql/libexec/mysqld /chroot/mysql/usr/local/mysql/libexec/
#cp -p /usr/local/mysql/share/mysql/english/errmsg.sys
/chroot/mysql/usr/local/mysql/share/mysql/english/
#cp -p /etc/hosts /chroot/mysql/etc/
#cp -p /etc/host.conf /chroot/mysql/etc/
#cp -p /etc/resolv.conf /chroot/mysql/etc/
#cp -p /etc/group /chroot/mysql/etc/
#cp -p /etc/passwd /chroot/mysql/etc/passwd
#cp -p /etc/my.cnf /chroot/mysql/etc/



4£®±à¼­chrootϵÄpasswdÎļþºÍgroupÎļþ


#vi /chroot/etc/passwd



¡¡¡¡É¾³ý³ýÁËmysql¡¢root¡¢sysµÄËùÓÐÐÐ


#vi /chroot/etc/group



¡¡¡¡É¾³ý³ýÁËmysql¡¢rootµÄËùÓÐÐÐ

5£®´´½¨ÌØÊâµÄÉ豸Îļþ/dev/null

¡¡¡¡²ÎÕÕϵͳµÄÑù×Ó×ö¼´¿É£º


#ls -al /dev/null
crw-rw-rw- 1 root root 1, 3 Jan 30 2003 /dev/null
#mknod /chroot/mysql/dev/null c 1 3
#chown root:root /chroot/mysql/dev/null
#chmod 666 /chroot/mysql/dev/null



6£®¿½±´mysqlµÄÊý¾Ý¿âÎļþµ½chrootÏÂ


#cp -R /usr/local/mysql/var/ /chroot/mysql/usr/local/mysql/var
#chown -R mysql:mysql /chroot/mysql/usr/local/mysql/var



7£®°²×°chrootuid³ÌÐò

¡¡¡¡ÏÂÔØchrootuid£¬È»ºóRPM°²×°¼´¿É¡£


http://rpm.pbone.net/index.php3/stat/4/idpl/355932/com/
chrootuid-1.3-alt2.i586.rpm.html



8£®²âÊÔChroot»·¾³ÏµÄMySQLÅäÖÃ


#chrootuid /chroot/mysql mysql /usr/local/mysql/libexec/mysqld &



¡¡¡¡Èç¹ûʧ°ÜÇë×¢ÒâchrootĿ¼ÏÂÃæµÄȨÏÞÎÊÌâ¡£

9£®²âÊÔÁ¬½ÓchrootϵÄMySQL


#/usr/local/mysql/bin/mysql --socket=/chroot/mysql/tmp/mysql.sock
..............
mysql>show databases;
mysql>create database wgh;
mysql>quit;
#ls -al /chroot/mysql/var/
...............



ÅäÖ÷þÎñÆ÷

¡¡¡¡ÎªÁ˸ü¼Ó°²È«µØʹÓÃMySQL£¬ÐèÒª¶ÔMySQLµÄÊý¾Ý¿â½øÐа²È«ÅäÖ㻲¢ÇÒÓÉÓÚChrootµÄÔ­Òò£¬ÅäÖÃÎļþÒ²»áÓÐËù²»Í¬¡£

1£®¹Ø±ÕÔ¶³ÌÁ¬½Ó

¡¡¡¡Ê×ÏÈ£¬Ó¦¸Ã¹Ø±Õ3306¶Ë¿Ú£¬ÕâÊÇMySQLµÄĬÈϼàÌý¶Ë¿Ú¡£ÓÉÓÚ´Ë´¦MySQLÖ»·þÎñÓÚ±¾µØ½Å±¾£¬ËùÒÔ²»ÐèÒªÔ¶³ÌÁ¬½Ó¡£¾¡¹ÜMySQLÄÚ½¨µÄ°²È«»úÖƺÜÑϸñ£¬µ«¼àÌýÒ»¸öTCP¶Ë¿ÚÈÔÈ»ÊÇΣÏÕµÄÐÐΪ£¬ÒòΪÈç¹ûMySQL³ÌÐò±¾ÉíÓÐÎÊÌ⣬ÄÇôδÊÚȨµÄ·ÃÎÊÍêÈ«¿ÉÒÔÈƹýMySQLµÄÄÚ½¨°²È«»úÖÆ¡£¹Ø±ÕÍøÂç¼àÌýµÄ·½·¨ºÜ¼òµ¥£¬ÔÚ/chroot/mysql/etc/my.cnfÎļþÖеÄ[mysqld]²¿·Ö£¬È¥µô#skip-networkingÇ°ÃæµÄ¡°#¡±¼´¿É¡£

¡¡¡¡¹Ø±ÕÁËÍøÂ磬±¾µØ³ÌÐòÈçºÎÁ¬½ÓMySQLÊý¾Ý¿âÄØ£¿±¾µØ³ÌÐò¿ÉÒÔͨ¹ýmysql.sockÀ´Á¬½Ó£¬ËٶȱÈÍøÂçÁ¬½Ó¸ü¿ì¡£ºóÎĽ«Ìáµ½¹ØÓÚmysql.sockµÄ¾ßÌåÇé¿ö¡£

¡¡¡¡MySQLµÄ±¸·Ýͨ³£Ê¹ÓÃSSHÀ´Ö´ÐУ¡

2£®½ûÖ¹MySQLµ¼Èë±¾µØÎļþ

¡¡¡¡ÏÂÃ棬½«½ûÖ¹MySQLÖÐÓá°LOAD DATA LOCAL INFILE¡±ÃüÁî¡£Õâ¸öÃüÁî»áÀûÓÃMySQL°Ñ±¾µØÎļþ¶Áµ½Êý¾Ý¿âÖУ¬È»ºóÓû§¾Í¿ÉÒÔ·Ç·¨»ñÈ¡Ãô¸ÐÐÅÏ¢ÁË¡£ÍøÂçÉÏÁ÷´«µÄһЩ¹¥»÷·½·¨ÖоÍÓÐÓÃËüµÄ£¬ËüÒ²ÊǺܶàз¢ÏÖµÄSQL Injection¹¥»÷ÀûÓõÄÊֶΣ¡

¡¡¡¡ÎªÁ˽ûÖ¹ÉÏÊöÃüÁÔÚ/chroot/mysql/etc/my.cnfÎļþµÄ[mysqld]²¿·Ö¼ÓÈ룺


set-variable=local-infile=0



¡¡¡¡ÎªÁ˹ÜÀí·½±ã£¬Ò»°ãÔÚϵͳÖеÄMySQL¹ÜÀíÃüÁîÈçmysql,mysqladmin,mysqldumpµÈ£¬Ê¹ÓõĶ¼ÊÇϵͳµÄ/etc/my.cnfÎļþ¡£Èç¹ûÒªÁ¬½Ó£¬Ëü»áÑ°ÕÒ/tmp/mysql.sockÎļþÀ´ÊÔͼÁ¬½ÓMySQL·þÎñÆ÷£¬µ«ÊÇÕâÀïÒªÁ¬½ÓµÄÊÇchrootϵÄMySQL·þÎñÆ÷£¬½â¾ö°ì·¨ÓÐÁ½¸ö£ºÒ»¸öÊÇÔÚ¹ÜÀíÃüÁîºóÃæ¼ÓÈë--socket=/chroot/mysql/tmp/mysql.sock¡£ÀýÈ磺


#/usr/local/mysql/bin/mysql -root -p --socket=/chroot/mysql/tmp/mysql.sock



¡¡¡¡µÚ¶þ¸ö¾ÍÊÇÔÚ/etc/my.cnfµÄ[client]²¿·Ö¼ÓÈësocket=/chroot/mysql/tmp/mysql.sock¡£ÏÔÈ»£¬µÚ¶þ¸ö·½·¨·½±ã¶àÁË¡£

3£®ÐÞ¸ÄMySQLµÄrootÓû§IDºÍÃÜÂë


#chrootuid /chroot/mysql mysql /usr/local/mysql/libexec/mysqld &
#/usr/local/mysql/bin/mysql -uroot
...............
mysql>SET PASSWORD FOR root@localhost=PASSWORD('new_password');



¡¡¡¡¾¡Á¿Ñø³ÉÔÚmysqlÏÂÊäÈëÃÜÂëµÄÏ°¹ß£¬ÒòΪShellÏÂÃæÊäÈëµÄʱºò¿ÉÄܻᱻÆäËüÈË¿´¼û¡£


mysql>use mysql;
mysql>update user set user="wghgreat" where user="root";
mysql>select Host,User,Password,Select_priv,Grant_priv from user;
mysql>delete from user where user='';
mysql>delete from user where password='';
mysql>delete from user where host='%';
mysql>drop database test;
mysql>flush privileges;
mysql>quit;



ÐÞ¸ÄΪһ¸ö²»ÈÝÒײµÄID

4£®É¾³ýÀúÊ·ÃüÁî¼Ç¼

¡¡¡¡ÕâЩÀúÊ·Îļþ°üÀ¨~/.bash_history¡¢~/.mysql_historyµÈ¡£Èç¹û´ò¿ªËüÃÇ£¬Äã»á´ó³ÔÒ»¾ª£¬Ôõô¾ÓÈ»ÓÐһЩÃ÷ÎĵÄÃÜÂëÔÚÕâÀ£¡


#cat /dev/null > ~/.bash_history
#cat /dev/null > ~/.mysql_history



PHPºÍMySQLͨÐÅ

¡¡¡¡Ä¬ÈÏÇé¿öÏ£¬PHP»áͨ¹ý/tmp/mysql.sockÀ´ºÍMySQLͨÐÅ£¬µ«ÕâÀïµÄÒ»¸ö´óÎÊÌâÊÇMySQLÉú³ÉµÄ¸ù±¾²»ÊÇËü£¬¶øÊÇ/chroot/mysql/tmp/mysql.sock¡£½â¾öµÄ°ì·¨¾ÍÊÇ×öÒ»¸öÁ¬½Ó£º


#ln /chroot/mysql/tmp/mysql.sock /tmp/mysql.sock



¡¡¡¡×¢Ò⣺ÓÉÓÚhard links²»ÄÜÔÚÎļþϵͳµÄ·ÖÇøÖ®¼ä×ö£¬ËùÒԸô¦µÄÁ¬½Ó±ØÐëλÓÚͬһ·ÖÇøÄÚ²¿¡£

×ÔÆô¶¯ÅäÖÃ

¡¡¡¡×ÔÆô¶¯ÅäÖÃÇ°ÏÈÌáʾһµã£º¼´ÓÃÓÚPHPµÄÊý¾Ý¿âÐèÒªÓÃÒ»¸öн¨µÄÕʺţ¬ÆäÉÏÓÐÊý¾Ý¿âȨÏÞÉèÖ㬱ÈÈçFILE¡¢GRANT¡¢ACTER¡¢SHOW DATABASE¡¢RELOAD¡¢SHUTDOWN¡¢PROCESS¡¢SUPERµÈ¡£

¡¡¡¡×ÔÆô¶¯½Å±¾Ê¾Àý£º


#!/bin/sh
CHROOT_MYSQL=/chroot/mysql
SOCKET=/tmp/mysql.sock
MYSQLD=/usr/local/mysql/libexec/mysqld
PIDFILE=/usr/local/mysql/var/`hostname`.pid
CHROOTUID=/usr/bin/chrootuid
echo -n " mysql"
case "$1" in
start)
rm -rf ${SOCKET}
nohup ${CHROOTUID} ${CHROOT_MYSQL} mysql ${MYSQLD} >/dev/null 2>&1 &
sleep 5 && ln ${CHROOT_MYSQL}/${SOCKET} ${SOCKET}
;;
stop)
kill `cat ${CHROOT_MYSQL}/${PIDFILE}`
rm -rf ${CHROOT_MYSQL}/${SOCKET}
;;
*)
echo ""
echo "Usage: `basename $0` {start|stop}" >&2
exit 64
;;
esac
exit 0



¡¡¡¡ÎļþλÓÚ/etc/rc.d/init.dÏ£¬ÃûΪmysqld£¬×¢ÒâÒª¿ÉÖ´ÐС£


#chmod +x /etc/rc.d/init.d/mysqld
#ln -s /etc/rc.d/init.d/mysql /etc/rc3.d/S90mysql
#ln -s /etc/rc.d/init.d/mysql /etc/rc0.d/K20mysql



¡¡¡¡½áÂÛ£º¾¡¹ÜÎÒÃDz»ÄÜ×öµ½100£¥µÄ°²È«£¬µ«ÊÇÕâЩ´ëÊ©¿ÉÒÔ±£»¤ÎÒÃǵÄϵͳ¸ü¼Ó°²È«£¡

²Î¿¼×ÊÁÏ£º


Artur Maj ¡¶Securing MySQL¡·
Xuzhikun ¡¶MySQLÊý¾Ý¿â°²È«ÅäÖá·
êÌ×Ó Òë ¡¶MySQLÖÐÎIJο¼Êֲᡷ
ÎÄÕÂÆÀÂÛ

¹²ÓÐ 2 ÌõÆÀÂÛ

  1. ·ÉÓ¥ ÓÚ 2006-06-16 08:38:00·¢±í:

    ²»´í

  2. jyo200 ÓÚ 2005-11-07 00:36:12·¢±í:

    ²»´í£¬Ñ§Ï°ÁË

ƵµÀÎÄÕÂ

×îн̳Ì

Ëæ»úÍƼö

¹ØÓÚÎÒÃÇ | ºÏ×÷ | ÁªÏµÎÒÃÇ

© linuxdiyf.com ºìÁªLinuxÃÅ»§ °æȨËùÓÐ