Thursday, October 3, 2024

How to Install and Secure MariaDB on RHEL 8: Step-by-Step Guide

 How to Install and Secure MariaDB on RHEL 8: Step-by-Step


Introduction

MariaDB is a popular open-source database management system, often chosen for its speed, reliability, and open development model. If you're working with Red Hat Enterprise Linux (RHEL) 8 and want to set up a MariaDB server, . This guide will walk you through the complete installation process of MariaDB on RHEL 8, from adding the necessary repositories to securing your database server.

Preparing Your RHEL 8 System

Before installing MariaDB, ensure your system is up-to-date to avoid compatibility issues and have the latest security patches.

Step 1: Update Your System

Run the following command to update all packages:

sudo dnf update -y

Updating your system ensures that you're starting from a clean and secure environment.

2. Adding the Official MariaDB Repository

RHEL 8's default package repositories do not always contain the latest version of MariaDB. Adding the official MariaDB repository allows you to install and update MariaDB easily.

Step 2: Create a MariaDB Repository File

  1. Create a new repo file for MariaDB in /etc/yum.repos.d/.

    sudo  /etc/yum.repos.d/MariaDB.repo <<EOF
    [mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.5/rhel8-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
EOF

    Replace 10.5 with the version of MariaDB you wish to install. You can check the MariaDB download page for available versions.

  2. Import the GPG Key To verify the packages, import MariaDB’s official GPG key:


    sudo rpm --import https://yum.mariadb.org/RPM-GPG-KEY-MariaDB

3. Installing MariaDB

Now that the repository is added, you can proceed with the installation of the MariaDB server and client.

Step 3: Install MariaDB Server and Client


sudo dnf install -y MariaDB-server MariaDB-client

The -y flag automatically answers "yes" to prompts during the installation process.

4. Starting and Enabling MariaDB Service

Once MariaDB is installed, the next step is to start and enable it so it automatically starts on boot.

Step 4: Start the MariaDB Service


sudo systemctl start mariadb

This starts the MariaDB server, which will now be running in the background.

Step 5: Enable MariaDB to Start on Boot


sudo systemctl enable mariadb

Enabling MariaDB ensures that it starts automatically whenever your system boots.

Step 6: Verify the Service Status

To confirm that MariaDB is active and running, use the following command:


sudo systemctl status mariadb

5. Securing the MariaDB Installation

It’s crucial to secure your MariaDB installation by setting a root password, removing anonymous users, and restricting remote root access.

Step 7: Secure MariaDB with mysql_secure_installation


sudo mysql_secure_installation

During this process, you will be prompted to:

  • Set a strong root password.
  • Remove anonymous users.
  • Disallow root login remotely.
  • Remove test databases and access to them.
  • Reload privilege tables to apply changes.

Answer the prompts as recommended to harden your MariaDB installation.

6. Verifying the Installation

After securing your installation, confirm that MariaDB is properly installed and configured.

Step 8: Access the MariaDB Shell


sudo mysql -u root -p

You’ll be prompted for the root password you set during the mysql_secure_installation process.

Step 9: Check the MariaDB Version

Once inside the MariaDB shell, run the following command to verify the version:

SELECT VERSION();

Step 10: Exit the MariaDB Shell

exit;

7. Configuring Firewall for MariaDB Access

If your RHEL system uses firewalld, you'll need to open port 3306 for MariaDB to allow external connections.

Step 11: Allow MariaDB Through the Firewall

sudo firewall-cmd --permanent --zone=public --add-service=mysql
sudo firewall-cmd --reload

These commands allow traffic on port 3306, which is MariaDB's default port.

Step 12: Verify Firewall Rules

sudo firewall-cmd --list-all

This confirms that the mysql service is allowed through the firewall.

8. Configuring MariaDB for Optimal Performance

MariaDB's configuration file is typically located at /etc/my.cnf.d/mariadb-server.cnf. For optimal performance, you may need to make adjustments based on your server's specifications and the workload.

Step 13: Edit the Configuration File

sudo nano /etc/my.cnf.d/mariadb-server.cnf

Step 14: Recommended Settings for Better Performance

Add or modify the following parameters in the [mysqld] section:


[mysqld]
bind-address = 0.0.0.0                # Allow remote connections
max_connections = 200                 # Adjust as per your application needs
innodb_buffer_pool_size = 1G          # Set to 60-80% of server memory for InnoDB
innodb_log_file_size = 256M           # Optimize based on write load
character-set-server = utf8mb4        # Use UTF-8 encoding for broad compatibility
collation-server = utf8mb4_general_ci

Step 15: Restart MariaDB to Apply Changes


sudo systemctl restart mariadb

9. Creating a Test Database and User

It’s a good idea to create a test database and user to confirm everything is working as expected.

Step 16: Create a Test Database and User

  1. Login to MariaDB

    sudo mysql -u root -p

  2. Create a Database

    CREATE DATABASE test_db;

  3. Create a User and Grant Privileges

    CREATE USER 'test_user'@'localhost' IDENTIFIED BY 'secure_password';
    GRANT ALL PRIVILEGES ON test_db.* TO 'test_user'@'localhost';
FLUSH PRIVILEGES;

  4. Exit the MariaDB Shell

    exit;

10. Test the New User Access

You can test access to the new database using the newly created user:

mysql -u test_user -p -D test_db

Enter the password set for test_user to confirm that you can access the test_db database.


Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)