CentOS下安装MySQL5.6.10和安全配置教程详解

2024-03-08 02:28:02 110

注：以下所有操作都在CentOS6.5x86_64位系统下完成。

#准备工作#

在安装MySQL之前，请确保已经使用yum安装了以下各类基础组件（如果系统已自带，还可以考虑yumupdate下基础组件）：

gcc
cmake
openssl+openssl-devel
pcre+pcre-devel
bzip2+bzip2-devel
libcurl+curl+curl-devel
libjpeg+libjpeg-devel
libpng+libpng-devel
freetype+freetype-devel
php-mcrypt+libmcrypt+libmcrypt-devel
libxslt+libxslt-devel
gmp+gmp-devel
libxml2+libxml2-devel
mhash
ncurses+ncurses-devel
xml2

然后创建mysql的用户组和用户，并且不允许登录权限：

#idmysql
id:mysql：无此用户
#groupaddmysql
#useradd-gmysql-s/sbin/nologinmysql
#idmysql
uid=500(mysql)gid=500(mysql)组=500(mysql)

#MySQL的安装#

给MySQL的安装准备目录：

#mkdir-p/data/mysql/data
#chown-Rmysql:mysql/data/mysql

开始源码安装MySQL：

#cd/usr/local/src
#wgethttp://dev.mysql.com/get/Downloads/MySQL-5.6/mysql-5.6.10.tar.gz
#tarzxfmysql-5.6.10.tar.gz
#cdmysql-5.6.10
#cmake-DCMAKE_INSTALL_PREFIX=/usr/local/mysql-5.6.10-DSYSCONFDIR=/usr/local/mysql-5.6.10/etc-DMYSQL_UNIX_ADDR=/usr/local/mysql-5.6.10/tmp/mysql.sock-DMYSQL_TCP_PORT=3306-DMYSQL_USER=mysql-DMYSQL_DATADIR=/data/mysql/data-DDEFAULT_CHARSET=utf8-DDEFAULT_COLLATION=utf8_general_ci-DWITH_MYISAM_STORAGE_ENGINE=1-DWITH_INNOBASE_STORAGE_ENGINE=1-DWITH_ARCHIVE_STORAGE_ENGINE=1-DWITH_BLACKHOLE_STORAGE_ENGINE=1-DENABLED_LOCAL_INFILE=1
...
CMakeWarning:
Manually-specifiedvariableswerenotusedbytheproject:
MYSQL_USER
--Buildfileshavebeenwrittento:/usr/local/src/mysql-5.6.10
#make&&makeinstall
#mkdir-p/usr/local/mysql-5.6.10/etc
#mkdir-p/usr/local/mysql-5.6.10/tmp
#ln-s/usr/local/mysql-5.6.10//usr/local/mysql
#chown-Rmysql:mysql/usr/local/mysql-5.6.10
#chown-Rmysql:mysql/usr/local/mysql

给当前环境添加MySQL的bin目录：

#vim/etc/profile
exportMYSQL_HOME=/usr/local/mysql
exportPATH=$PATH:$MYSQL_HOME/bin
$source/etc/profile

执行初初始化配置脚本并创建系统自带的数据库和表：

#cd/usr/local/mysql
#scripts/mysql_install_db--user=mysql--datadir=/data/mysql/data
...
OK
Tostartmysqldatboottimeyouhavetocopy
support-files/mysql.servertotherightplaceforyoursystem
PLEASEREMEMBERTOSETAPASSWORDFORTHEMySQLrootUSER!
Todoso,starttheserver,thenissuethefollowingcommands:
./bin/mysqladmin-urootpassword'new-password'
./bin/mysqladmin-uroot-hiZ94mobdenkZpassword'new-password'
Alternativelyyoucanrun:
./bin/mysql_secure_installation
whichwillalsogiveyoutheoptionofremovingthetest
databasesandanonymoususercreatedbydefault.Thisis
stronglyrecommendedforproductionservers.
Seethemanualformoreinstructions.
YoucanstarttheMySQLdaemonwith:
cd.;./bin/mysqld_safe&
YoucantesttheMySQLdaemonwithmysql-test-run.pl
cdmysql-test;perlmysql-test-run.pl
Pleasereportanyproblemswiththe./bin/mysqlbugscript!
ThelatestinformationaboutMySQLisavailableonthewebat
http://www.mysql.com
SupportMySQLbybuyingsupport/licensesathttp://shop.mysql.com
WARNING:Foundexistingconfigfile./my.cnfonthesystem.
Becausethisfilemightbeinuse,itwasnotreplaced,
butwasusedinbootstrap(unlessyouused--defaults-file)
andwhenyoulaterstarttheserver.
Thenewdefaultconfigfilewascreatedas./my-new.cnf,
pleasecompareitwithyourfileandtakethechangesyouneed.
WARNING:Defaultconfigfile/etc/my.cnfexistsonthesystem
ThisfilewillbereadbydefaultbytheMySQLserver
Ifyoudonotwanttousethis,eitherremoveit,orusethe
--defaults-fileargumenttomysqld_safewhenstartingtheserver

注：由于MySQL在启动的时候，会先去/etc/my.cnf找配置文件，如果没有找到则搜索$basedir/my.cnf，也即/usr/local/mysql-5.6.10/my.cnf，所以必须确保/etc/my.cnf没有存在，否则可能导致无法启动。

实际操作上发现系统上存在该文件，所以这里可能需要将该文件先备份改名，然后再根据上面的配置写配置文件：

#mv/etc/my.cnf/etc/my.cnf.bak
#vim/usr/local/mysql-5.6.10/my.cnf
[mysqld]
basedir=/usr/local/mysql-5.6.10
datadir=/data/mysql/data
socket=/usr/local/mysql-5.6.10/tmp/mysql.sock
user=mysql
sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES

修改MySQL用户root的密码，这里使用mysqld_safe安全模式启动：

#mysqld_safe--user=mysql--skip-grant-tables--skip-networking&
[1]3970
[root@iZ94mobdenkZ~]#14123019:02:31mysqld_safeLoggingto'/data/mysql/data/centos.err'.
14123019:02:32mysqld_safeStartingmysqlddaemonwithdatabasesfrom/data/mysql/data

这个时候已经启动了mysqd_safe安全模式，另开一个窗口作为客户端连入MySQL服务器：

#mysql
WelcometotheMySQLmonitor.Commandsendwith;or\g.
YourMySQLconnectionidis1
Serverversion:5.6.10Sourcedistribution
Copyright(c)2000,2013,Oracleand/oritsaffiliates.Allrightsreserved.
OracleisaregisteredtrademarkofOracleCorporationand/orits
affiliates.Othernamesmaybetrademarksoftheirrespective
owners.
Type'help;'or'\h'forhelp.Type'\c'toclearthecurrentinputstatement.
mysql>usemysql;
mysql>updateusersetpassword=password('yourpassword')whereuser='root';
mysql>flushprivileges;
mysql>exit;

修改完毕之后使用kill把mysqld_safe进程杀死：

#psaux|grepmysql
root39700.00.21063081492pts/1S19:020:00/bin/sh/usr/local/mysql/bin/mysqld_safe--user=mysql--skip-grant-tables--skip-networking
mysql41430.118.055828090316pts/1Sl19:020:00/usr/local/mysql-5.6.10/bin/mysqld--basedir=/usr/local/mysql-5.6.10--datadir=/data/mysql/data--plugin-dir=/usr/local/mysql-5.6.10/lib/plugin--user=mysql--skip-grant-tables--skip-networking--log-error=/data/mysql/data/centos.err--pid-file=/data/mysql/data/centos.pid--socket=/usr/local/mysql-5.6.10/tmp/mysql.sock
root43130.00.1103252836pts/0S+19:050:00grepmysql
#kill-93970
#kill-94143

或者回到刚才启动mysqld_safe的窗口ctrl+c将进程杀死也行。

复制服务启动脚本：

#cp/usr/local/mysql/support-files/mysql.server/etc/init.d/mysqld
#chmod+x/etc/init.d/mysqld

设置开机启动MySQL服务并正常开启MySQL服务（非必要项）：

#chkconfigmysqldon
#servicemysqld
Usage:mysqld{start|stop|restart|reload|force-reload|status}[MySQLserveroptions]
#servicemysqldstart
StartingMySQL.

以后就可以直接通过servicemysqld命令来开启/关闭MySQL数据库了。

最后，建议生产环境下运行安全设置脚本，禁止root用户远程连接，移除test数据库和匿名用户等：

#/usr/local/mysql-5.6.10/bin/mysql_secure_installation
NOTE:RUNNINGALLPARTSOFTHISSCRIPTISRECOMMENDEDFORALLMySQL
SERVERSINPRODUCTIONUSE!PLEASEREADEACHSTEPCAREFULLY!
InordertologintoMySQLtosecureit,we'llneedthecurrent
passwordfortherootuser.Ifyou'vejustinstalledMySQL,and
youhaven'tsettherootpasswordyet,thepasswordwillbeblank,
soyoushouldjustpressenterhere.
Entercurrentpasswordforroot(enterfornone):

注：上面输入的root密码指的是前面设置的MySQL的root账户的密码。

至此，MySQL数据库已经安装完毕。

#MySQL的安全配置#

1、确保启动MySQL不能使用系统的root账号，必须是新建的mysql账号，比如：

#mysqld_safe--user=mysql

2、MySQL安装好运行初始化数据库后，默认的root账户密码为空，必须给其设置一个密码，同时保证该密码具有较高的安全性。比如：

mysql>usermysql;
mysql>updateusersetpassword=password('yourpassword')whereuser='root';
mysql>flushprivileges;

3、删除默认数据库及用户：

mysql>showdatabases;
+--------------------+
|Database|
+--------------------+
|information_schema|
|mysql|
|performance_schema|
|test|
+--------------------+
mysql>dropdaabasetest;
mysql>usemysql;
mysql>selecthost,userfromuser;
+--------------+------+
|host|user|
+--------------+------+
|127.0.0.1|root|
|::1|root|
|centos||
|centos|root|
|localhost||
|localhost|root|
+--------------+------+
mysql>deletefromuserwherenot(host='localhost'anduser='root');
mysql>flushprivileges;

注：上面的user表中的数据可能会有所不同。

4、当开发网站连接数据库的时候，建议建立一个用户只针对某个库有update/select/delete/insert/droptable/createtable等权限，减小某个项目的数据库的用户名和密码被窃取后造成其他项目受影响，比如：

mysql>createdatabaseyourdbnamedefaultcharsetutf8collateutf8_general_ci;
mysql>createuser'yourusername'@'localhost'identifiedby'yourpassword';
mysql>grantselect,insert,update,delete,create,dropprivilegesonyourdbname.*To'yourusername'@localhostidentifiedby'yourpassword';

5、数据库文件所在的目录不允许未经授权的用户访问，需要控制对该目录的访问，比如：

#chown-Rmysql:mysql/data/mysql/data
#chmod-Rgo-rwx/data/mysql/data

以上所述是小编给大家介绍的CentOS下安装MySQL5.6.10和安全配置教程详解，希望对大家有所帮助，如果大家有任何疑问请给我留言，小编会及时回复大家的。在此也非常感谢大家对毛票票网站的支持！

CentOS下安装MySQL5.6.10和安全配置教程详解

热门推荐

随机推荐