日韩无码专区无码一级三级片|91人人爱网站中日韩无码电影|厨房大战丰满熟妇|AV高清无码在线免费观看|另类AV日韩少妇熟女|中文日本大黄一级黄色片|色情在线视频免费|亚洲成人特黄a片|黄片wwwav色图欧美|欧亚乱色一区二区三区

RELATEED CONSULTING
相關(guān)咨詢
選擇下列產(chǎn)品馬上在線溝通
服務(wù)時(shí)間:8:30-17:00
你可能遇到了下面的問題
關(guān)閉右側(cè)工具欄

新聞中心

這里有您想知道的互聯(lián)網(wǎng)營銷解決方案
CentOS6.5安裝MySQL5.6.10及安全配置

注:以下所有操作均在centos 6.5 x86_64位系統(tǒng)下完成。

成都創(chuàng)新互聯(lián)公司自2013年創(chuàng)立以來,先為康馬等服務(wù)建站,康馬等地企業(yè),進(jìn)行企業(yè)商務(wù)咨詢服務(wù)。為康馬企業(yè)網(wǎng)站制作PC+手機(jī)+微官網(wǎng)三網(wǎng)同步一站式服務(wù)解決您的所有建站問題。

#準(zhǔn)備工作#

在安裝mysql之前,請確保已經(jīng)使用yum安裝了各類基礎(chǔ)組件,具體見下面的《CentOS安裝LNMP環(huán)境的基礎(chǔ)組件》。

然后創(chuàng)建mysql的用戶組和用戶,并且不允許登錄權(quán)限:

# id mysql
id: mysql:無此用戶
# groupadd mysql
# useradd -g mysql -s /sbin/nologin mysql
# id mysql
uid=500(mysql) gid=500(mysql) 組=500(mysql) 

#MySQL的安裝#

給MySQL的安裝準(zhǔn)備目錄:

# mkdir -p /data/mysql/data
# chown -R mysql:mysql /data/mysql

開始源碼安裝MySQL:

# cd /usr/local/src
# wget http://dev.mysql.com/get/Downloads/MySQL-5.6/mysql-5.6.10.tar.gz
# tar zxf mysql-5.6.10.tar.gz
# cd mysql-5.6.10

# cmake -DCMAKE_INSTALL_PREFIX=/usr/local/mysql-5.6.10 -DSYSCONFDIR=/usr/local/mysql-5.6.10/etc -DMYSQL_UNIX_ADDR=/usr/local/mysql-5.6.10/tmp/mysql.sock -DMYSQL_TCP_PORT=3306 -DMYSQL_USER=mysql -DMYSQL_DATADIR=/data/mysql/data -DDEFAULT_CHARSET=utf8 -DDEFAULT_COLLATION=utf8_general_ci -DWITH_MYISAM_STORAGE_ENGINE=1 -DWITH_INNOBASE_STORAGE_ENGINE=1 -DWITH_ARCHIVE_STORAGE_ENGINE=1 -DWITH_BLACKHOLE_STORAGE_ENGINE=1 -DENABLED_LOCAL_INFILE=1

...
CMake Warning:
  Manually-specified variables were not used by the project:

    MYSQL_USER

-- Build files have been written to: /usr/local/src/mysql-5.6.10

# make && make install
# mkdir -p /usr/local/mysql-5.6.10/etc
# mkdir -p /usr/local/mysql-5.6.10/tmp
# ln -s /usr/local/mysql-5.6.10/ /usr/local/mysql
# chown -R mysql:mysql /usr/local/mysql-5.6.10
# chown -R mysql:mysql /usr/local/mysql

給當(dāng)前環(huán)境添加MySQL的bin目錄:

# vim /etc/profile

export MYSQL_HOME=/usr/local/mysql
export PATH=$PATH:$MYSQL_HOME/bin

$ source /etc/profile

執(zhí)行初初始化配置腳本并創(chuàng)建系統(tǒng)自帶的數(shù)據(jù)庫和表:

# cd /usr/local/mysql
# scripts/mysql_install_db --user=mysql --datadir=/data/mysql/data
...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

  ./bin/mysqladmin -u root password 'new-password'
  ./bin/mysqladmin -u root -h iZ94mobdenkZ password 'new-password'

Alternatively you can run:

  ./bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:

  cd . ; ./bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl

  cd mysql-test ; perl mysql-test-run.pl

Please report any problems with the ./bin/mysqlbug script!

The latest information about MySQL is available on the web at

  http://www.mysql.com

Support MySQL by buying support/licenses at http://shop.mysql.com

WARNING: Found existing config file ./my.cnf on the system.
Because this file might be in use, it was not replaced,
but was used in bootstrap (unless you used --defaults-file)
and when you later start the server.
The new default config file was created as ./my-new.cnf,
please compare it with your file and take the changes you need.

WARNING: Default config file /etc/my.cnf exists on the system
This file will be read by default by the MySQL server
If you do not want to use this, either remove it, or use the
--defaults-file argument to mysqld_safe when starting the server

注:由于MySQL在啟動(dòng)的時(shí)候,會(huì)先去/etc/my.cnf找配置文件,如果沒有找到則搜索$basedir/my.cnf,也即/usr/local/mysql-5.6.10/my.cnf,所以必須確保/etc/my.cnf沒有存在,否則可能導(dǎo)致無法啟動(dòng)。

實(shí)際操作上發(fā)現(xiàn)系統(tǒng)上存在該文件,所以這里可能需要將該文件先備份改名,然后再根據(jù)上面的配置寫配置文件:

# mv /etc/my.cnf /etc/my.cnf.bak

# vim /usr/local/mysql-5.6.10/my.cnf
[mysqld]

basedir=/usr/local/mysql-5.6.10
datadir=/data/mysql/data
socket=/usr/local/mysql-5.6.10/tmp/mysql.sock
user=mysql

sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES

修改MySQL用戶root的密碼,這里使用mysqld_safe安全模式啟動(dòng):

# mysqld_safe --user=mysql --skip-grant-tables --skip-networking &

[1] 3970
[root@iZ94mobdenkZ ~]# 141230 19:02:31 mysqld_safe Logging to '/data/mysql/data/centos.err'.
141230 19:02:32 mysqld_safe Starting mysqld daemon with databases from /data/mysql/data

這個(gè)時(shí)候已經(jīng)啟動(dòng)了mysqd_safe安全模式,另開一個(gè)窗口作為客戶端連入MySQL服務(wù)器:

# mysql

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.10 Source distribution

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use mysql;
mysql> update user set password=password('yourpassword') where user='root';
mysql> flush privileges;
mysql> exit;

修改完畢之后使用kill把mysqld_safe進(jìn)程殺死:

# ps aux | grep mysql
root      3970  0.0  0.2 106308  1492 pts/1    S    19:02   0:00 /bin/sh /usr/local/mysql/bin/mysqld_safe --user=mysql --skip-grant-tables --skip-networking
mysql     4143  0.1 18.0 558280 90316 pts/1    Sl   19:02   0:00 /usr/local/mysql-5.6.10/bin/mysqld --basedir=/usr/local/mysql-5.6.10 --datadir=/data/mysql/data --plugin-dir=/usr/local/mysql-5.6.10/lib/plugin --user=mysql --skip-grant-tables --skip-networking --log-error=/data/mysql/data/centos.err --pid-file=/data/mysql/data/centos.pid --socket=/usr/local/mysql-5.6.10/tmp/mysql.sock
root      4313  0.0  0.1 103252   836 pts/0    S+   19:05   0:00 grep mysql

# kill -9 3970
# kill -9 4143

或者回到剛才啟動(dòng)mysqld_safe的窗口ctrl+c將進(jìn)程殺死也行。

復(fù)制服務(wù)啟動(dòng)腳本:

# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
# chmod +x /etc/init.d/mysqld

設(shè)置開機(jī)啟動(dòng)MySQL服務(wù)并正常開啟MySQL服務(wù)(非必要項(xiàng)):

# chkconfig mysqld on

# service mysqld
Usage: mysqld  {start|stop|restart|reload|force-reload|status}  [ MySQL server options ]

# service mysqld start
Starting MySQL.

以后就可以直接通過service mysqld命令來開啟/關(guān)閉MySQL數(shù)據(jù)庫了。

最后,建議生產(chǎn)環(huán)境下運(yùn)行安全設(shè)置腳本,禁止root用戶遠(yuǎn)程連接,移除test數(shù)據(jù)庫和匿名用戶等:

# /usr/local/mysql-5.6.10/bin/mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):

注:上面輸入的root密碼指的是前面設(shè)置的MySQL的root賬戶的密碼。

至此,MySQL數(shù)據(jù)庫已經(jīng)安裝完畢。

#MySQL的安全配置#

1、確保啟動(dòng)MySQL不能使用系統(tǒng)的root賬號,必須是新建的mysql賬號,比如:

# mysqld_safe --user=mysql

2、MySQL安裝好運(yùn)行初始化數(shù)據(jù)庫后,默認(rèn)的root賬戶密碼為空,必須給其設(shè)置一個(gè)密碼,同時(shí)保證該密碼具有較高的安全性。比如:

mysql> user mysql;
mysql> update user set password=password('yourpassword') where user='root';
mysql> flush privileges;

3、刪除默認(rèn)數(shù)據(jù)庫及用戶:

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| test               |
+--------------------+
mysql> drop daabase test;
mysql> use mysql;
mysql> select host,user from user;
+--------------+------+
| host         | user |
+--------------+------+
| 127.0.0.1    | root |
| ::1          | root |
| centos       |      |
| centos       | root |
| localhost    |      |
| localhost    | root |
+--------------+------+
mysql> delete from user where not(host='localhost' and user='root');
mysql> flush privileges;

注:上面的user表中的數(shù)據(jù)可能會(huì)有所不同。

4、當(dāng)開發(fā)網(wǎng)站連接數(shù)據(jù)庫的時(shí)候,建議建立一個(gè)用戶只針對某個(gè)庫有update/select/delete/insert/drop table/create table等權(quán)限,減小某個(gè)項(xiàng)目的數(shù)據(jù)庫的用戶名和密碼被竊取后造成其他項(xiàng)目受影響,比如:

mysql>create database yourdbname default charset utf8 collate utf8_general_ci;
mysql>create user 'yourusername'@'localhost' identified by 'yourpassword';
mysql> grant select,insert,update,delete,create,drop privileges on yourdbname.* To 'yourusername'@localhost identified by 'yourpassword';

5、數(shù)據(jù)庫文件所在的目錄不允許未經(jīng)授權(quán)的用戶訪問,需要控制對該目錄的訪問,比如:

# chown -R mysql:mysql /data/mysql/data
# chmod -R go-rwx /data/mysql/data

CentOS安裝LNMP環(huán)境的基礎(chǔ)組件

在安裝LNMP環(huán)境之前,請確保已經(jīng)使用yum安裝了以下各類基礎(chǔ)組件(如果系統(tǒng)已自帶,還可以考慮yum update下基礎(chǔ)組件):

  • gcc
  • cmake
  • openssl+openssl-devel
  • pcre+pcre-devel
  • bzip2+bzip2-devel
  • libcurl+curl+curl-devel
  • libjpeg+libjpeg-devel
  • libpng+libpng-devel
  • freetype+freetype-devel
  • php-mcrypt+libmcrypt+libmcrypt-devel
  • libxslt+libxslt-devel
  • gmp+gmp-devel
  • libxml2+libxml2-devel
  • mhash
  • ncurses+ncurses-devel
  • xml2

分享名稱:CentOS6.5安裝MySQL5.6.10及安全配置
文章網(wǎng)址:http://www.5511xx.com/article/dhhpded.html