Date: Tue, 8 May 2012 06:49:01 -0700 From: Paul Beard <paulbeard@gmail.com> To: FreeBSD-questions <questions@Freebsd.org> Subject: securing MySQL: easiest/best ways? Message-ID: <898E0B3D-63DD-470C-8F1D-49F478D05C7E@gmail.com>
next in thread | raw e-mail | index | archive | help
--Apple-Mail=_F10AC60C-41A5-4928-B591-84027A817B7D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Monkeying with IPv6, I discovered that globally routable addresses are = what it says on the tin, so hiding behind a network appliance is not = longer viable for me. An nmap scan showed the port 3306 was hanging out = for all to see but I couldn't figure out how to close it off. The = "--skip-networking" argument seems not to work, either in my.cnf or as = an rc argument. The server just fails to start. (For some reason the = socket is hard-coded to live in /tmp, regardless of what's in my.cnf but = I gave up bothering about that.) What I ended up doing was adding=20 mysql_args=3D"--bind-address=3D127.0.0.1" to /etc/rc.conf. This seems to work as netstat and sockstat no longer = show port 3306 listening and database connections are happening.=20 Is this the preferred/best way?=20 -- Paul Beard Are you trying to win an argument or solve a problem?=20 --Apple-Mail=_F10AC60C-41A5-4928-B591-84027A817B7D--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?898E0B3D-63DD-470C-8F1D-49F478D05C7E>