Table of Contents
Advertisement
McAfee® Network Security Platform 6.0
Start MySQL.
Back up the user table to
user_backup before changing it.
Validate that the backup table was
created and row count matches that
of the mysql.db table.
List all users and hosts.
Remove anonymous/blank
accounts.
Validate that rows with blank user
columns have been removed.
Secure MySQL remote access
This section provides two options for removing remote access.
Remove individual users' remote access
Do ONE of the following:
Remove ALL remote access
mysql> delete from user where host!='localhost'
ALL user access is disabled including Manager users from remote host(s).
Use another cmd window to validate; you can ONLY log in to the MySQL CLI on the
Manager server by qualifying username, password and db. For example: mysql -
uadmin -pXXX lf
Remove individual users' remote access
Remove ALL remote access (Recommended)
Remove admin (Network Security Platform user) remote access
mysql> delete from user where host!='localhost' and
user='admin';
(The admin user cannot login remotely; however Manager root can. Use second cmd
window to validate.)
mysql>flush privileges;
Remove root remote access (Recommended minimum action)
mysql> delete from user where host!='localhost' and
user='root';
This ensures that the root user cannot login remotely; however Manager user can log
in remotely. Use second cmd window to validate.
mysql>flush privileges;
Hardening the Manager Server for Windows 2003
mysql> use mysql;
mysql> create table user_backup
as select * from user;
mysql> select count(*) from
user_backup;
mysql> select user,host from
user;
mysql> delete from user where
user="";
mysql> select user,host from
user;
8
Advertisement
Table of Contents
Troubleshooting
