服务器运行环境:

操作系统:CentOS release 6.8 (Final)

Web服务器软件:Apache/2.2.15 (Unix)

数据库系统:MySQL 5.1.73

  对默认的CactiEZi中文版进行数据库安全方面的优化。

 mysql> select host,user,password from user;

+-----------------------+-----------+-------------------------------------------+

| host                  | user      | password                                  |

+-----------------------+-----------+-------------------------------------------+

| localhost             | root      |                                           |

| localhost.localdomain | root      |                                           |

| 127.0.0.1             | root      |                                           |

| localhost             |           |                                           |

| localhost.localdomain |           |                                           |

| localhost             | cactiuser | *43DD7940383044FBDE5B177730FAD3405BC6DAD7 |

| %                     | cactiuser | *43DD7940383044FBDE5B177730FAD3405BC6DAD7 |

| %                     | cacti     | *9CDE1A09ED38FCFD4696D1AA82E4E1EE2F26270D |

+-----------------------+-----------+-------------------------------------------+

8 rows in set (0.00 sec)


mysql> select host,db,user from db;

+-----------+---------+-----------+

| host      | db      | user      |

+-----------+---------+-----------+

| %         | cacti   | cacti     |

| %         | cacti   | cactiuser |

| %         | test    |           |

| %         | test\_% |           |

| localhost | cacti   | cactiuser |

+-----------+---------+-----------+

  通过以上图,我要解决两个问题:

  1.默认登录数据库,不需要密码,看到上述表得知,原因是root用户没有设置密码;

  2.Cacti程序连接数据库对用的是cactiuser用户账号,在这里做出修改,提升数据库安全性。


mysql> update user set password=password("****") where user="root"; #更改root用户密码

Query OK, 3 rows affected (0.00 sec)

Rows matched: 3  Changed: 3  Warnings: 0

mysql>select host,user,password from user;

+

| host                  | user      | password                                  |

+-----------------------+-----------+-------------------------------------------+

| localhost             | root      | *1F20AD266C1753F805F6A4A6CDF34C72153C86FB |

| localhost.localdomain | root      | *1F20AD266C1753F805F6A4A6CDF34C72153C86FB |

| 127.0.0.1             | root      | *1F20AD266C1753F805F6A4A6CDF34C72153C86FB |

mysql> flush privileges;

mysql> exit

[root@Cacti /]# mysql -uroot -p        #必须输入密码才能登录数据库

Enter password: 


mysql> use mysql;

mysql> update user set password=password("***") where host="%" and user="cactiuser";Query OK, 1 row affected (0.00 sec)Rows matched: 1  Changed: 1  Warnings: 0

#请注意该host="%" 修改密码后,并不影响程序连接数据库;


mysql> update user set password=password("***") where host="localhost" and user="cactiuser";

Query OK, 1 row affected (0.00 sec)

Rows matched: 1  Changed: 1  Warnings: 0

mysql> flush privileges;

Query OK, 0 rows affected (0.00 sec)

#请注意,cacti程序的host主机是localhost,对用此项修改密码才有效果;


mysql> select host,user,password from user;

+-----------------------+-----------+-------------------------------------------+

| host                  | user      | password                                  |

+-----------------------+-----------+-------------------------------------------+

| localhost             | root      | *1F20AD266C1753F805F6A4A6CDF34C72153C86FB |

| localhost.localdomain | root      | *1F20AD266C1753F805F6A4A6CDF34C72153C86FB |

| 127.0.0.1             | root      | *1F20AD266C1753F805F6A4A6CDF34C72153C86FB |

| localhost             |           |                                           |

| localhost.localdomain |           |                                           |

| localhost             | cactiuser | *1F20AD266C1753F805F6A4A6CDF34C72153C86FB |

| %                     | cactiuser | *43DD7940383044FBDE5B177730FAD3405BC6DAD7 |

| %                     | cacti     | *9CDE1A09ED38FCFD4696D1AA82E4E1EE2F26270D |


数据库中修改了用户的密码,所以程序配置文件也要修改对应的账号。

# vi /var/www/html/include/config.php

$database_type = "mysql";

$database_default = "数据库名";

$database_hostname = "localhost";

$database_username = "用户名";

$database_password ="密码";

$database_port = "3306";

到此步为止,所有配置成功。

一个建议,root用户用于整个数据库系统管理,业务系统另建账户。