服务器运行环境:
操作系统:CentOS release 6.8 (Final)
Web服务器软件:Apache/2.2.15 (Unix)
数据库系统:MySQL 5.1.73
对默认的CactiEZi中文版进行数据库安全方面的优化。
mysql> select host,user,password from user;
+-----------------------+-----------+-------------------------------------------+
| host | user | password |
+-----------------------+-----------+-------------------------------------------+
| localhost | root | |
| localhost.localdomain | root | |
| 127.0.0.1 | root | |
| localhost | | |
| localhost.localdomain | | |
| localhost | cactiuser | *43DD7940383044FBDE5B177730FAD3405BC6DAD7 |
| % | cactiuser | *43DD7940383044FBDE5B177730FAD3405BC6DAD7 |
| % | cacti | *9CDE1A09ED38FCFD4696D1AA82E4E1EE2F26270D |
+-----------------------+-----------+-------------------------------------------+
8 rows in set (0.00 sec)
mysql> select host,db,user from db;
+-----------+---------+-----------+
| host | db | user |
+-----------+---------+-----------+
| % | cacti | cacti |
| % | cacti | cactiuser |
| % | test | |
| % | test\_% | |
| localhost | cacti | cactiuser |
+-----------+---------+-----------+
通过以上图,我要解决两个问题:
1.默认登录数据库,不需要密码,看到上述表得知,原因是root用户没有设置密码;
2.Cacti程序连接数据库对用的是cactiuser用户账号,在这里做出修改,提升数据库安全性。
mysql> update user set password=password("****") where user="root"; #更改root用户密码
Query OK, 3 rows affected (0.00 sec)
Rows matched: 3 Changed: 3 Warnings: 0
mysql>select host,user,password from user;
+
| host | user | password |
+-----------------------+-----------+-------------------------------------------+
| localhost | root | *1F20AD266C1753F805F6A4A6CDF34C72153C86FB |
| localhost.localdomain | root | *1F20AD266C1753F805F6A4A6CDF34C72153C86FB |
| 127.0.0.1 | root | *1F20AD266C1753F805F6A4A6CDF34C72153C86FB |
mysql> flush privileges;
mysql> exit
[root@Cacti /]# mysql -uroot -p #必须输入密码才能登录数据库
Enter password:
mysql> use mysql;
mysql> update user set password=password("***") where host="%" and user="cactiuser";Query OK, 1 row affected (0.00 sec)Rows matched: 1 Changed: 1 Warnings: 0
#请注意该host="%" 修改密码后,并不影响程序连接数据库;
mysql> update user set password=password("***") where host="localhost" and user="cactiuser";
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
#请注意,cacti程序的host主机是localhost,对用此项修改密码才有效果;
mysql> select host,user,password from user;
+-----------------------+-----------+-------------------------------------------+
| host | user | password |
+-----------------------+-----------+-------------------------------------------+
| localhost | root | *1F20AD266C1753F805F6A4A6CDF34C72153C86FB |
| localhost.localdomain | root | *1F20AD266C1753F805F6A4A6CDF34C72153C86FB |
| 127.0.0.1 | root | *1F20AD266C1753F805F6A4A6CDF34C72153C86FB |
| localhost | | |
| localhost.localdomain | | |
| localhost | cactiuser | *1F20AD266C1753F805F6A4A6CDF34C72153C86FB |
| % | cactiuser | *43DD7940383044FBDE5B177730FAD3405BC6DAD7 |
| % | cacti | *9CDE1A09ED38FCFD4696D1AA82E4E1EE2F26270D |
数据库中修改了用户的密码,所以程序配置文件也要修改对应的账号。
# vi /var/www/html/include/config.php
$database_type = "mysql";
$database_default = "数据库名";
$database_hostname = "localhost";
$database_username = "用户名";
$database_password ="密码";
$database_port = "3306";
到此步为止,所有配置成功。
一个建议,root用户用于整个数据库系统管理,业务系统另建账户。