[debian-mysql] MySQL "hardening?"
Otto Kekäläinen
otto at seravo.fi
Sun Apr 5 20:03:01 UTC 2015
2015-04-04 14:54 GMT+03:00 Ralf G. R. Bergs <Ralf+Debian at bergs.biz>:
> What I was thinking about -- and sorry for not being more specific -- is
> "config hardening" in a way that "dangerous" features might be disabled by
> default (e. g. might only listen on Unix domain socket and not TCP socket by
> default, or if TCP socket is active by default the daemon might only bind to
> the loopback interface), rate limiting and other usage restrictions
> (ulimit?) might be enabled for the pre-defined MySQL database users or the
> MySQL system user to prevent DoS attacks, etc.
The my.cnf distributed in Debian (and used at the moment by both
mysql-5.5 and mariadb-10.0) can be seen here:
https://anonscm.debian.org/cgit/pkg-mysql/mysql-5.5.git/tree/debian/additions/my.cnf
Pull requests for improvements are welcomed.
In the future the configs per MySQL variant will be split. The future
MariaDB-only config file can be seen here:
https://anonscm.debian.org/cgit/pkg-mysql/mariadb-10.0.git/tree/debian/additions/mariadb.conf.d/mysqld.cnf
That one is also Debian-specific and not directly inherited from
upstream.
- Otto
More information about the pkg-mysql-maint
mailing list