Skip to main content

Install and Secure MariaDB

This guide explains how to install and securely configure MariaDB on your VPS.

Prerequisites

  • SSH root or sudo access
  • Up-to-date Debian/Ubuntu system

Installation

  1. Install MariaDB:

    sudo apt update
    sudo apt install mariadb-server

  2. Secure the installation:

    sudo mysql_secure_installation

    Follow the security steps:

    • Press Enter for the root password (empty by default)
    • Answer security questions:
      • Change the root password? [Y/n] : Y (recommended)
      • Remove anonymous users? [Y/n] : Y
      • Disallow root login remotely? [Y/n] : Y
      • Remove test database? [Y/n] : Y
      • Reload privilege tables? [Y/n] : Y

User configuration

  1. Connect to MariaDB:

    sudo mysql

  2. Create a new administrator user (replace 'your_user' and 'your_password'):

    CREATE USER 'your_user'@'localhost' IDENTIFIED BY 'your_password';
    GRANT ALL PRIVILEGES ON *.* TO 'your_user'@'localhost' WITH GRANT OPTION;
    FLUSH PRIVILEGES;
    EXIT;

Installation verification

  1. Test the connection with the new user:

    mysql -u your_user -p

  2. Check the service status:

    sudo systemctl status mariadb

Securing MariaDB port

  1. Check the current listening port:

    sudo netstat -tlnp | grep mysql

  2. Configure the firewall (UFW):

    # Block default access to MySQL port (3306)
    sudo ufw deny 3306

    # If you need to allow remote access from a specific IP
    sudo ufw allow from AUTHORIZED_IP to any port 3306

  3. Modify the MariaDB configuration file:

    sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

    Find and modify these lines:

    # Limit listening to localhost only
    bind-address = 127.0.0.1

    # Or specify a specific IP address
    # bind-address = YOUR_SERVER_IP

  4. Restart MariaDB to apply changes:

    sudo systemctl restart mariadb

  5. Check authorized connections:

    mysql -u root -p
    SELECT user, host FROM mysql.user;

Security best practices

  • Use strong passwords
  • Limit database access
  • Perform regular backups
  • Regularly update MariaDB
  • Limit connections to trusted IPs
  • Regularly monitor connection attempts

Troubleshooting

  • Check logs: sudo tail -f /var/log/mysql/error.log
  • Verify that the service is active: sudo systemctl status mariadb
  • Make sure ports are open: sudo netstat -tulpn | grep mysql