一、先下载mariadb ,新建mysql ,解压安装,按如下方式操作:
useradd mysql
tar -zxvf mariadb-10.3.4-linux-x86_64.tar.gz -C /usr/local/
mv mariadb-10.3.4-linux-x86_64/ mysql/
chown -R mysql:mysql mysql/
./scripts/mysql_install_db --user=mysql
cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
/etc/init.d/mysqld start
二、安全配置
查询插件安装目录
show variables like 'plugin_dir';
1.安装simple_password_check,登录mysql
#默认是8位,需大小字母,数字,特殊字符
INSTALL SONAME 'simple_password_check';
2.安装审计插件
INSTALL PLUGIN server_audit SONAME 'server_audit';
状态查看
show global variables like '%audit%';
show global status like '%audit%';
去掉审计日志下前面#,配置参考my.cnf
3.设置会话超时时间,最大尝试登陆失败次数,密码自动失效时间,参考my.cnf文件
三、配置文件my.cnf
# 2021-03-27
# Example MariaDB config file for large systems.
#
# This is for a large system with memory = 512M where the system runs mainly
# MariaDB.
#
# MariaDB programs look for option files in a set of
# locations which depend on the deployment platform.
# You can copy this option file to one of those
# locations. For information about these locations, do:
# 'my_print_defaults --help' and see what is printed under
# Default options are read from the following files in the given order:
# More information at: http://dev.mysql.com/doc/mysql/en/option-files.html
#
# In this file, you can use all long options that a program supports.
# If you want to know which options a program supports, run the program
# with the "--help" option.
# The following options will be passed to all MariaDB clients
[client]
#password = your_password
port = 3306
default-character-set=UTF8
socket = /tmp/mysql.sock
# Here follows entries for some specific programs
# The MariaDB server
[mysqld]
port = 3306
socket = /tmp/mysql.sock
datadir = /home/mysql/data
#mysql 5.1
#default-character-set=UTF8
#mysql 5.5,10.x
character-set-server=utf8
default-storage-engine=innodb
max_connections=1001
skip-external-locking
key_buffer_size = 512M
max_allowed_packet = 1024M
table_open_cache = 2048
sort_buffer_size = 256M
read_buffer_size = 256M
read_rnd_buffer_size = 256M
myisam_sort_buffer_size = 128M
thread_cache_size = 256
query_cache_size= 128M
tmp_table_size = 1024M
# Try number of CPU's*2 for thread_concurrency
thread_concurrency = 32
#log
#log-error=/home/mysql/error.log
#general_log = on
#general_log_file=/home/mysql/mysql.log
#slow_query_log = on
#long_query_time=60
#slow-query-log-file=/home/mysql/slowquery.log
# 会话超时时间
wait_timeout=36000
interactive_timeout=3600
# 审计日志
#server_audit_logging=on
#server_audit=FORCE_PLUS_PERMANENT
#server_audit_file_rotate_size=100000000
#server_audit_file_rotations=10
#server_audit_file_rotate_now=on
#server_audit_file_path=/home/mysql/server_audit.log
# Point the following paths to different dedicated disks
#tmpdir = /tmp/
# Don't listen on a TCP/IP port at all. This can be a security enhancement,
# if all processes that need to connect to mysqld run on the same host.
# All interaction with mysqld must be made via Unix sockets or named pipes.
# Note that using this option without enabling named pipes on Windows
# (via the "enable-named-pipe" option) will render mysqld useless!
#
#skip-networking
# Replication Master Server (default)
# binary logging is required for replication
#log-bin=mysql-bin
# binary logging format - mixed recommended
#binlog_format=mixed
# required unique id between 1 and 2^32 - 1
# defaults to 1 if master-host is not set
# but will not function as a master if omitted
server-id = 1
# Replication Slave (comment out master section to use this)
#
# To configure this host as a replication slave, you can choose between
# two methods :
#
# 1) Use the CHANGE MASTER TO command (fully described in our manual) -
# the syntax is:
#
# CHANGE MASTER TO MASTER_HOST=<host>, MASTER_PORT=<port>,
# MASTER_USER=<user>, MASTER_PASSWORD=<password> ;
#
# where you replace <host>, <user>, <password> by quoted strings and
# <port> by the master's port number (3306 by default).
#
# Example:
#
# CHANGE MASTER TO MASTER_HOST='125.564.12.1', MASTER_PORT=3306,
# MASTER_USER='joe', MASTER_PASSWORD='secret';
#
# OR
#
# 2) Set the variables below. However, in case you choose this method, then
# start replication for the first time (even unsuccessfully, for example
# if you mistyped the password in master-password and the slave fails to
# connect), the slave will create a master.info file, and any later
# change in this file to the variables' values below will be ignored and
# overridden by the content of the master.info file, unless you shutdown
# the slave server, delete master.info and restart the slaver server.
# For that reason, you may want to leave the lines below untouched
# (commented) and instead use CHANGE MASTER TO (see above)
#
# required unique id between 2 and 2^32 - 1
# (and different from the master)
# defaults to 2 if master-host is set
# but will not function as a slave if omitted
#server-id = 2
#
# The replication master for this slave - required
#master-host = <hostname>
#
# The username the slave will use for authentication when connecting
# to the master - required
#master-user = <username>
#
# The password the slave will authenticate with when connecting to
# the master - required
#master-password = <password>
#
# The port the master is listening on.
# optional - defaults to 3306
#master-port = <port>
#
# binary logging - not required for slaves, but recommended
#log-bin=mysql-bin
# Uncomment the following if you are using InnoDB tables
#innodb_data_home_dir = /usr/local/mysql/data
#innodb_data_file_path = ibdata1:10M:autoextend
#innodb_log_group_home_dir = /usr/local/mysql/data
# You can set .._buffer_pool_size up to 50 - 80 %
# of RAM but beware of setting memory usage too high
#innodb_buffer_pool_size = 256M
#innodb_additional_mem_pool_size = 20M
# Set .._log_file_size to 25 % of buffer pool size
#innodb_log_file_size = 64M
#innodb_log_buffer_size = 8M
#innodb_flush_log_at_trx_commit = 1
#innodb_lock_wait_timeout = 50
[mysqldump]
quick
max_allowed_packet = 512M
[mysql]
no-auto-rehash
# Remove the next comment character if you are not familiar with SQL
#safe-updates
[myisamchk]
key_buffer_size = 256M
sort_buffer_size = 256M
read_buffer = 16M
write_buffer = 16M
[mysqlhotcopy]
interactive-timeout