mysql vulnerability factor

bigmacbb63 · #1 24th February 2009, 05:32 AM

Hi all,

I find that the new Fedora 10 has gone backwards in regard to security.
I have read the documentation on mysql and mysql-server and it is all confusing.
Furthermore, when you try to secure it it doesn't work I have tried numerous times
and I can't put in a password no matter what I do.

Why go backwards in regards to security. I went to grc.com and tested my penguin
and it was not stealthed at all what is up with that. Even with layered security it still
wasn't secure or even partly with mysql. This is ridiculous!

If someone can help me I would sure appreciate it. I see no reason to use mysql.
It only creates more vulnerabilities for crackers.

bigmac

marcrblevins · #2 24th February 2009, 09:53 AM

Talking about port 3306?

I use a router up front with less ports open. My linux box has more ports open internally.

bigmacbb63 · #3 24th February 2009, 10:48 PM

I just want to know how to close port 3306

Thanks for your help,

bigmac

bigmacbb63 · #4 1st May 2009, 01:08 AM

Hi all,
I just want to know how to close ports 443, 22 and 23

Thanks for all of your help,

bigmac

Jake · #5 1st May 2009, 01:48 AM

System > Administration > Firewall

Untick appropriate box's.

bigmacbb63 · #6 1st May 2009, 02:45 AM

I went to the firewall but nothing is ticked off except port 80
So, how can sectool-gui display the fact that these ports are open,
something is not making alot of sense here? Appreciate your help.

bigmac

itachi · #7 2nd May 2009, 03:17 AM

As long as you don't change the iptables rules in Fedora 10 (manually .. especially the input policy), there is no way that you have open ports, you can't see in system-config-firewall. The Iptables has a deny all except <xy> policy activated in Fedora. So you have to explicitly open a port (everything else is closed by default).

mtxRooster · #8 2nd May 2009, 03:42 AM

I'm not by any means the most tech-savvy guy, but I have a simple question for you.

You rant on and on, rightfully I suppose about the lack of security on mysql.

Ever consider posting that at mysql's website and not an OS-specific site like Fedora? Just curious, racked my head whilst reading your post wondering why it is here...

CraigWatson · #9 2nd May 2009, 07:58 PM

As previously stated, if system-config-firewall doesn't have the ports checked as open, they are not open. You can confirm this by posting the output of iptables -L to list all of your firewall rules. If the default is to DROP unknown ports and MySQL isn't specifically mentioned, it's not open.

What I will also ask is what is the ShieldsUP test actually testing? If your box is connected directly to the Internet with a dedicated outside IP (which is very very dangerous) then you have reason to be concerned. If you are on a corporate network or with a home ISP, then you will be (at some point) going trough their routers, which is what the test is testing.

As to why choose MySQL - even though it does not follow the Relational model for databases, it is optimised for speed and efficiency of SELECT and INSERT statements rather than its rigidity and standards compliance.