mysql安全配置向导

#在生产环境里安装完后,建议一定要运行一次mysql_secure_installation安全配置向导
[root@localhost /]# mysql_secure_installation


NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

#由于一开始安装MariaDB数据库后, root用户默认密码为空, 所以只需要按Enter键
Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

#是否设置root用户的新密码
Set root password? [Y/n] y
 
#录入新密码
New password:
 
#确认新密码
Re-enter new password:
 
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

#是否删除匿名用户,生产环境建议删除
Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

#是否禁止root远程登录,根据自己的需求选择
Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

#是否删除test数据库
Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

#是否重新加载权限表
Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

配置MariaDB的字符集

查看/etc/my.cnf文件内容，其中包含一句!includedir /etc/my.cnf.d 说明在该配置文件中引入/etc/my.cnf.d 目录下的配置文件。

1）使用vi server.cnf命令编辑server.cnf文件，在[mysqld]标签下添加

init_connect='SET collation_connection = utf8_unicode_ci'
init_connect='SET NAMES utf8'
character-set-server=utf8
collation-server=utf8_unicode_ci
skip-character-set-client-handshake

如果/etc/my.cnf.d 目录下无server.cnf文件，则直接在/etc/my.cnf文件的[mysqld]标签下添加以上内容。

2）用vi client.cnf命令编辑/etc/my.cnf.d/client.cnf文件，在[client]标签下添加

default-character-set=utf8
3）用vi mysql-clients.cnf命令编辑/etc/my.cnf.d/mysql-clients.cnf文件，在[mysql]标签下添加

default-character-set=utf8

配置完成后 systemctl restart mariadb 重启服务。

进入到数据库查看字符设置。

show variables like "%character%";
show variables like "%collation%";

在远程连接mysql的时候应该都碰到过，root用户无法远程连接mysql，只可以本地连，对外拒绝连接。
需要建立一个允许远程登录的数据库帐户，这样才可以进行在远程操作数据库。
方法如下：
默认情况下MYSQL数据库的系统数据库mysql系统表user内用户权限只提供localhost本机登陆；
需要更改权限才能实现远程连接MYSQL数据库。
可以通过以下方式来确认：
root#mysql -h localhost -uroot -p
Enter password: ******
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4 to server version: 4.0.20a-debug
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.
mysql> use mysql; (此DB存放MySQL的各种配置信息)
Database changed
mysql> select host,user from user; (查看用户的权限情况)
mysql> select host, user, password from user;
+-----------+------+-------------------------------------------+
| host | user | password |
+-----------+------+-------------------------------------------+
| localhost | root | *4ACFE3202A5FF5CF467898FC58AAB1D615029441 |
| 127.0.0.1 | root | *4ACFE3202A5FF5CF467898FC58AAB1D615029441 |
| localhost | | |
+-----------+------+-------------------------------------------+
4 rows in set (0.01 sec)
由此可以看出，只能以localhost的主机方式访问。
解决方法：
mysql> Grant all privileges on . to 'root'@'%' identified by 'kdm001' with grant option;
(%表示是所有的外部机器，如果指定某一台机，就将%改为相应的机器名；‘root’则是指要使用的用户名，)
mysql> flush privileges; (运行此句才生效，或者重启MySQL)
Query OK, 0 rows affected (0.03 sec)
再次查看。。
mysql> select host, user, password from user;
+-----------+------+-------------------------------------------+
| host | user | password |
+-----------+------+-------------------------------------------+
| localhost | root | *4ACFE3202A5FF5CF467898FC58AAB1D615029441 |
| 127.0.0.1 | root | *4ACFE3202A5FF5CF467898FC58AAB1D615029441 |
| localhost | | |
| % | root | *4ACFE3202A5FF5CF467898FC58AAB1D615029441 |
+-----------+------+-------------------------------------------+
4 rows in set (0.01 sec)
可以看出已经添加了一个新的用户
退出，试试效果....
现在可以成功登录了..