Advice on installing and securing MySQL server and client binaries on FreeBSD UNIX and RHEL systems.
- Install the desired MySQL port:
% cd /usr/ports/databases/mysql[NN]-server
% sudo make install clean
- Install the scripts port that goes along with your selected MySQL server port:
% cd /usr/ports/databases/mysql[NN]-scripts
% sudo make install clean
- Add these configuration lines to
/etc/rc.conf
:
mysql_enable="YES"
mysql_dbdir="/data/mysql"
mysql_args="--log=/var/log/mysql/connections.log --max_connections=153"
- Install MySQL system databases:
% sudo mysql_install_db
- Secure MySQL system databases:
% sudo mysql_secure_installation
Be sure to:
- Set the root password
- Remove anonymous users
- Disallow root login remotely
- Remove test database and access to it
- Reload the privilege tables
- Add a 'Local Additions' entry to /etc/newsyslog.conf to rotate the logfile:
#
# Local Additions
#
/var/log/mysql/connections.log mysql:mysql 644 7 100 * JC /data/mysql/postel.cse.buffalo.edu.pid
- Use yum to install the mysql-server package
- Make sure selinux is disabled
- start the mysql service. The first time it is started it will created the needed tables and data structures.
- run /usr/bin/mysql_secure_installation to harden
- Use /sbin/chkconfig mysqld on to turn the service on so that it restarts automatically after a reboot
- Enjoy using mysql
As of May 10, 1012, FreeBSD's mysql-server port doesn't acknowledge the WITH_FEDERATED=yes option in /etc/make.conf. Fortunately, you can work around it.
- Update this FreeBSD system's ports to the latest versions.
- Modify the Makefile's config args to include the Federated Storage Engine.
% ~% cd /usr/ports/databases/mysql51-server/
mysql51-server% sudo vi Makefile
[Add the federated-storage-engine option to CONFIGURE_ARGS]
CONFIGURE_ARGS= --localstatedir=/var/db/mysql \
--without-debug \
--without-readline \
--without-libedit \
--with-libwrap \
--with-low-memory \
--with-comment='FreeBSD port: ${PKGNAME}' \
--with-federated-storage-engine \
--enable-thread-safe-client
- Build or upgrade mysql-server.
- Add 'federated' to the MySQL server startup script arguments:
% sudo vi /etc/rc.conf
[Add 'federated' to the existing set of args]
mysql_args="--log=/var/log/mysql/connections.log --max_connections=200 --federated"
- Download the latest MySQL Community Server tarfile.
- Unzip, untar, and build it:
% ./configure --prefix=/util/mysql-5.1.57 --without-server
% make
% sudo make install clean
- Repoint the mysql symlink to make this installation the default.
- FreeBSD does not honor the typical MySQL variable configuration strategy of placing config variables in a my.cnf file. Instead, set them in /etc/rc.conf's mysql_args variable.
- Build MySQL servers with these config options: --enable-local-infile
- With pre-4.1 clients the OLD_PASSWORD() function is needed so use the older hashing algorithms of pre-4.1 clients.
- Build Perl module DBD::mysql with these Makefile modifications:
/util/bin/perl Makefile.PL --libs="-L/util/lib/mysql -lmysqlclient -lz -lposix4 -lgen -lsocket -lnsl -lm -L/util/gnu/lib -lgcc_s" --cflags=-I/util/include/mysql --testhost=tethys.cse.buffalo.edu --testdb=test --testuser=root --testpassword=[redacted]
- Obsolete advice? I can't remember why I documented this. When setting up MySQL on RHEL, install with yum. Be sure you do not have /util mounted. The client installed in /util which gets picked up in the path causes odd things to happen with the install.
- http://www.mysql.com
- http://mysql.com/downloads/mysql/5.1.html#downloads