MySql & Apache
Hardening
MySql :
1. Secure the server
It is advisable to have the
application server and the database server on different machines as many known
attacks are possible only once physical access to a machine has been acquired. An
attacker may be able to harm our database even without permissions. For this
reason, any service running on the same machine as the database should be
granted the lowest possible permission that will still allow the service to
operate.
Other important works to be taken
care of :
·
Install Antivirus and Antispam
software
·
Configure the operating system’s
firewall
·
Consider the safety of your server's
physical location
·
Install the services you intend the
machine to run
·
Harden the production server and
services
·
Disable unnecessary services
·
Follow services vendors’
recommendations regarding patches and updates needed for the safe and secure
operation of their services
2. Disable or restrict remote access
It is suggested to restrict MySQL
from opening a network socket. For that, following parameter should be added in
the [mysqld] section of my.cnf or my.ini:
skip-networking
The file is located in the "C:\Program Files\MySQL\MySQL Server 5.1" directory
on the Windows operating system or "/etc/my.cnf" or "/etc/mysql/my.cnf" on
Linux.
This line disables the initiation of
networking during MySQL startup.
Another possible solution is to force
MySQL to listen only to the localhost by adding the following line in the [mysqld] section
of my.cnf
bind-address=127.0.0.1
Use proper GRANT restrictive syntax
3. Disable the use of LOCAL INFILE
We can disable the use of the "LOAD DATA LOCAL INFILE" command,
which will help to prevent unauthorized reading from local files. This is
especially important when new SQL Injection vulnerabilities in PHP applications
are found.
In addition, in certain cases, the "LOCAL INFILE" command
can be used to gain access to other files on the operating system, for instance "/etc/passwd", using the following command:
mysql> LOAD DATA LOCAL INFILE '/etc/passwd' INTO
TABLE table1
Or even simpler:
mysql> SELECT load_file("/etc/passwd")
To disable the usage of the "LOCAL INFILE" command,
the following parameter should be added in the [mysqld] section
of the MySQL configuration file.
set-variable=local-infile=0
4. Change root username and password
The default administrator username on
the MySQL server is "root".
Hackers often attempt to gain access to its permissions. To make this task
harder, rename "root" to
something else and provide it with a long, complex alphanumeric password.
To rename the administrator’s
username, we can use the rename command in the MySQL console:
mysql> RENAME USER root TO new_user;
To change a user’s password, use the
following command-line command:
mysql> SET PASSWORD FOR 'username'@'%hostname' = PASSWORD('newpass');
5. Remove the "test" database
MySQL comes with a "test"
database intended as a test space. It can be accessed by the anonymous user,
and is therefore used by numerous attacks.
To remove this database, use the drop
command as follows:
mysql> drop database test;
Or use the "mysqladmin" command:
shell> mysqladmin -u username -p drop test
6. Remove Anonymous and obsolete accounts
The MySQL database comes with some
anonymous users with blank passwords. As a result, anyone can connect to the
database To check whether this is the case, do the following:
mysql> select * from mysql.user where
user="";
In a secure system, no lines should
be echoed back. Another way to do the same:
mysql> SHOW GRANTS FOR ''@'localhost';
To remove the account, execute the following command:
To remove the account, execute the following command:
mysql> DROP USER "";
7. Lower system privileges
A very common database security
recommendation is to lower the permissions given to various parties. To protect
our database, make sure that the file directory in which the MySQL database is
actually stored is owned by the user "mysql" and the group
"mysql".
8. Lower database privileges
·
Add " --skip-show-database"
to the startup script of MySQL or add it to the MySQL configuration file
·
Grant the SHOW DATABASES privilege
only to the users you want to use this command
To disable the usage of the
"SHOW DATABASES" command, the following parameter should be added in
the [mysqld] section of the /etc/my.cnf:
[mysqld]
skip-show-database
skip-show-database
9. Change the root directory
By using the chroot environment, the
write access of the MYSQL processes (and child processes) can be limited,
increasing the security of the server.
Ensure that a dedicated directory
exists for the chrooted environment.
10. Remove History
During the installation procedures,
there is a lot of sensitive information that can assist an intruder to assault
a database. This information is stored in the server’s history and can be very
helpful if something goes wrong during the installation. By analyzing the
history files, administrators can figure out what has gone wrong and probably
fix things up. However, these files are not needed after installation is complete.
Therefore, we should remove the
content of the MySQL history file (~/.mysql_history).
Creating
backup for MySql :
For backup,
mysqldump can be used to dump a database or a collection of databases for
backup or transfer to another SQL server.
There are three general ways to invoke mysqldump:
shell> mysqldump [options] database_name
[table_name ...]
This method creates a backup of the specified table
of the specified database.
shell> mysqldump [options] --database_name
database_name ...
This method creates a backup of the specified
databases .
shell> mysqldump [options] –all-databases
This method creates a backup of all the databases.
Reset MySql
Password:
Step 1:
Log on to the system as the Unix user such that the mysqld server runs.
Step 2:
Locate the .pid file that contains the server's process ID. The exact location
and name of this file depends on distribution, host name, and configuration.
Common locations are
/var/lib/mysql/, /var/run/mysqld/, and
/usr/local/mysql/data/. Generally, the file name has an extension of .pid and
begins with either mysqld or the system's host name.
Stop the MySQL server by sending a normal kill to the mysqld
process, using the path name of the .pid file in the following command:
shell> kill 'cat /mysql-data-directory/host_name.pid'
Step 3:
Create a text file containing the following statements. Set the new password
'inctfmysql' using following command.
UPDATE mysql.user SET Password=PASSWORD('inctfmysql') WHERE
User='root';
FLUSH PRIVILEGES;
The UPDATE statement resets the password for all root
accounts, and the FLUSH statement tells the server to reload the grant tables
into memory so that it notices the password change.
Step 4:
Save the file named as
/home/me/mysql-init.
Step 5:
Start the MySQL server with the special --init-file option:
shell> mysqld_safe --init-file=/home/me/mysql-init &
The server executes the contents of the file named by the
--init-file option at startup, changing each root account password. After the
server has started successfully, delete
/home/me/mysql-init. You should now be able to connect to
the MySQL server as root using the new password. Stop the server and restart it
normally.
Checking
whether Apache is running or not:
A simple script to check whether Apache is running :
#!/bin/sh
run=`ps ax | grep /usr/sbin/httpd | grep -v grep | cut -c1-5 | paste -s -`
if [ "$run" ];
then
echo "Apache is running"
else
/etc/init.d/httpd start
fi
run=`ps ax | grep /usr/sbin/httpd | grep -v grep | cut -c1-5 | paste -s -`
if [ "$run" ];
then
echo "Apache is running"
else
/etc/init.d/httpd start
fi
In addition to this,
the problems provided in http://hackthissite.org/. invoked
basic knowledge related to HTML and SQL Injection. The tricks provided in https://www.staysecureonline.com/staying-safe-online/ provided a sound knowledge towards the detection of unsecured sites
and their webpages.
http://samsclass.info/124/flashcards/index.html gave a good overview of the terminologies related to ethical
hacking.
