How to Secure MySQL on BDA V4.1.0/V4.2.0
Last updated on AUGUST 09, 2017
Applies to:Big Data Appliance Integrated Software - Version 4.1.0 and later
On BDA V4.1/4.2 the steps detailed here can be performed to secure MySQL.
1. Apply "mysql_secure_installation" to improve MySQL installation security.
In BDA V4.1/4.2 MySQL does not run with the "mysql_secure_installation" by default.
With mysql_secure_installation these 4 properties are provided:
- You can set a password for root accounts.
- You can remove anonymous-user accounts.
- You can remove the test database (which by default can be accessed by all users, even anonymous users), and privileges that permit anyone to access databases with names that start with test_.
- You can remove root accounts that are accessible from outside the local host.
The BDA V4.1/4.2 Mammoth utility will function with three of the above options:
- Setting a password for root accounts.
- Removing anonymous-user accounts.
- Removing the test database (which by default can be accessed by all users, even anonymous users), and privileges that permit anyone to access databases with names that start with test_.
However option 4 will break Mammoth:
4. Removing root accounts that are accessible from outside the local host.
because Mammoth needs root access from other nodes on the cluster to the mysql node. Note that root access from nodes outside of the BDA cluster can be removed.
2. Ensure each user has a password.
3. If a cluster is configured with ODI support and the ODI repository on the BDA is not being used, then remove the ODI user if it exists
Verifying default behavior on the BDA
Run the steps as 'root' user on the node of the cluster running the MySQL server (Node 3 by default). Login to mysql as 'root' first:
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms