Tips for Improve Mysql,MariaDB Security

        1.Remove Users Without Password

There are already created users, some of  some of which can connect to the database without a password or, even worse, anonymous users.This has changed in MySQL 5.7 which, by default, comes only with a root account that uses the password you choose at installation time. Still, there are MySQL installations which were upgraded from previous versions and these installations keep the legacy users. Also, MariaDB 10.2 on Centos-7 comes with anonymous users. Please note that users with very simple passwords are almost as insecure as users without any password. Passwords like “password” or “qwerty” are not really helpful.


2.  Change default port mappings
MySQL by default runs on port 3306. This should be changed after installation to obfuscate what critical services are running on which ports, as attackers will initially attempt to exploit default values.


3.Do not run MySQL with root level privileges
MySQL should be run under a specific, newly-created user account with the necessary permissions to run the service, as opposed to directly as the root user. This adds some auditing and logging benefits while preventing attackers from gaining access by hijacking the root user account.



4. Limit or disable SHOW DATABASES
Again, stripping remote attackers of their information gathering capabilities is critical to a secure security posture. For this reason, the SHOW DATABASES command should be limited or removed entirely by adding skip-show-database to the [mysqld] section of the MySQL configuration file at /etc/my.cnf.

 
 
 
 
References:
[1] https://www.upguard.com/blog/top-11-ways-to-improve-mysql-security
[2] https://severalnines.com/database-blog/ten-tips-how-achieve-mysql-and-mariadb-security