Setup Guide

ManualsBrandsDell ManualsConverged InfrastructureWyse Management Suite

December 2020

Hardening Document for MariaDB/MySQL

Security Configuration

Introduction

This guide contains security hardening rules to secure your MariaDB and MySQL Community servers 5.x that are deployed with

Wyse Management Suite.

In database management, server hardening is the process of maximizing the security of database servers and eliminating

database vulnerabilities. This document provides guidelines to restrict non-administrator users from accessing the MariaDB and

MySQL database resources.

The audience for this guide is enterprise customers with administrator privileges.

Restrict access to MariaDB or MySQL

resources

You must access the MariaDB or MySQL service using an administrator account. If all users have access to the MariaDB or

MySQL service, they can access the configuration files and the data directories. Dell Technologies recommends restricting

access to a user account that is used for Wyse Management Suite installation and configuration. The following steps ensure that

the MariaDB or MySQL resources are not accessible to other users.

Steps

1. Log in to the server where Wyse Management Suite is installed.

2. Go to the Wyse Management Suite installation directory.

Introduction

Summary of content (13 pages)

PAGE 1
December 2020 Hardening Document for MariaDB/MySQL Security Configuration Introduction This guide contains security hardening rules to secure your MariaDB and MySQL Community servers 5.x that are deployed with Wyse Management Suite. In database management, server hardening is the process of maximizing the security of database servers and eliminating database vulnerabilities. This document provides guidelines to restrict non-administrator users from accessing the MariaDB and MySQL database resources.
PAGE 2
Figure 1. Wyse Management Suite installation directory 3. Right-click MariaDB and click Properties. MariaDB Properties window is displayed.
PAGE 3
Figure 2. Security tab 4. Go to the Security tab and click Advanced. Advanced Security Settings for MariaDB window is displayed. 5. Click Disable inheritance. The Block Inheritance window is displayed.
PAGE 4
Figure 3. Block inheritance NOTE: By default, inheritance is enabled which restricts the altering of permissions to the folder. 6. Click the Convert inherited permissions into explicit permissions on this object option. 7. Select the users that you want to remove access to the MariaDB service and click Remove. Figure 4.
PAGE 5
Figure 5. Removed user 8. Verify the changes by logging out from the server and logging in again using the removed user credentials. You must be denied access to the MariaDB folder—This step is optional. 9. Click Enable inheritance. Restrict access to MariaDB or MySQL data directory The data directory (datadir) contains the MySQL databases. If the access is restricted, other users cannot read data from the mysql.user table that contains passwords.
PAGE 6
Figure 6. MySQL shell 2. Switch to stratus schema using the following command: --use stratus; Figure 7. Switch schema 3. Run the following command to identify the data directory path: --show variables where variable_name = 'datadir'; Figure 8. MySQL data directory 4. Go to the data directory.
PAGE 7
5. Right-click SQL and click Properties. Figure 9. SQL data directory MariaDB Properties window is displayed. 6. Go to the Security tab and click Advanced.
PAGE 8
Figure 10. Security tab Advanced Security Settings for MariaDB window is displayed. 7. Click Disable inheritance. The Block Inheritance window is displayed.
PAGE 9
Figure 11. Block inheritance NOTE: By default, inheritance is enabled which restricts altering permissions to the folder. 8. Click the Convert inherited permissions into explicit permissions on this object option. 9. Select the users that you want to remove access to the MariaDB service and click Remove. Disable local_infile parameter The local_infile parameter defines whether the files that are located in the MySQL client system can be loaded or selected using the LOAD DATA INFILE or SELECT local_file.
PAGE 10
2. Switch to stratus schema using the following command: --use stratus; Figure 13. Stratus schema 3. Run the following command to identify the loca_infile value from Wyse Management Suite schema: SHOW VARIABLES WHERE Variable_name = 'local_infile'; Figure 14. Local infile value 4. Verify the local_infile value. If the value is ON, go to step 5. 5. Go to Start > Services and right-click Dell WMS: MariaDB. 6. Go to the path mentioned in the Path to executable field. 7. Open the my.
PAGE 11
Figure 15. My.ini file 8. Go to Start > Services and right-click Dell WMS: MariaDB. Figure 16. Restart MariaDB 9. Click Restart. When you restart the MariaDB services, you are prompted to restart Tomcat services.
PAGE 12
Figure 17. Restart Tomcat services 10. Click Yes in the Restart Other Services window. Next steps 1. Log in to the MySQL shell. 2. Switch to stratus schema using the following command: --use stratus; 3. Run the following command to identify the loca_infile value from Wyse Management Suite schema: SHOW VARIABLES WHERE Variable_name = 'local_infile'; The local_infile value must be 0.
PAGE 13
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.