[debian-mysql] MySQL "hardening?"
Ralf G. R. Bergs
Ralf at Bergs.biz
Wed Apr 15 20:48:00 UTC 2015
Hi Norvald.
Thanks for your reply.
On 13.04.2015 15:26, Norvald H. Ryeng wrote:
>> Thanks. But I was hoping that you guys documented somewhere which
>> improvements (if any) you might have performed compared to the original
>> "factory" default config. So that I can sell this as an "extra" to our
>> security guys who are asking for what kind of hardening Debian do...
>
> It depends on what you mean by factory default.
With factory default I mean everything that defines the behavior of the
product "as per the factory," i. e. both hard-coded defaults in the code
and config.
Example: Oracle have certain defaults hard-coded in the code, and you
change them to make MySQL safer. That would be /one/ facet of what I'm
after.
Another example: Oracle deliver a factory my.cnf, and you enhance it by
making permissions tighter. That would be another thing that would be
interesting for me.
> AFAIK, the config is
> pretty much the same in upstream deb packages and in Debian. That is not
> the same as the compiled in defaults, though. E.g., both upstream debs
> and Debian sets bind-address to 127.0.0.1 in my.cnf, but the compiled in
> default (both upstream and in Debian) is 0.0.0.0 (i.e., listen on all
> IPv4 addresses).
Understood.
Kind regards,
Ralf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4207 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20150415/81733117/attachment.bin>
More information about the pkg-mysql-maint
mailing list