Tabela de Conteúdos
3.4.1 Servidor MySQL MariaDB
Instalar o servidor de base de dados MySQL MariaDB, com uma configuração mínima.
As versões anteriores do Debian incluiam o pacote servidor de base de dados MySQL. A versão actual disponibiliza também o MariaDB. Muito provavelmente, as futuras versões do Debian apenas oferecerão o MariaDB.
Instalação
root@server:~# apt-get install mariadb-server mariadb-client
Durante o processo de instalação é pedida a password de root do servidor MariaDB. Este utilizador root é específico do MariaDB, pelo que deve ter uma password diferente do root do sistema.
E a sua confirmação:
Configuração
Por segurança e melhor compatibilidade, a configuração predefinida do MariaDB aceitará apenas ligações locais (endereço 127.0.0.1). Caso se pretenda aceder ao servidor MariaDB a partir da rede interna, podemos substituir o bind-address pelo endereço do nosso servidor (192.168.1.100), no ficheiro e configuração /etc/mysql/my.cnf.
- /etc/mysql/my.cnf
# [...] # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. bind-address = 127.0.0.1 # [...]
Verificação
A partir deste momento será possível aceder ao monitor do MariaDB:
root@server:~# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 40 Server version: 10.0.16-MariaDB-1 (Debian) Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | +--------------------+ 3 rows in set (0.01 sec) MariaDB [(none)]> quit; Bye root@server:~#
Segurança
Após a instalação é conveniente garantir a segurança da instalação MariaDB com o comando mysql_secure_installation
. Este programa permite, entre outras coisas, alterar password da conta root do MariaDB, desligar alguns acessos externos e apagar as bases de dados de testes.
root@server:~# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we`ll need the current password for the root user. If you`ve just installed MariaDB, and you haven`t set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have a root password set, so you can safely answer 'n'. Change the root password? [Y/n] n ... skipping. By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] - Dropping test database... ERROR 1008 (HY000) at line 1: Can`t drop database 'test'; database doesn`t exist ... Failed! Not critical, keep moving... - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] ... Success! Cleaning up... All done! If you`ve completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! root@server:~#