====== Network Services Overview: Database Services ======
**General Information**
This page covers the Network Services objectives, specifically for MariaDB.
**Network Services Objectives**
* Install the packages needed to provide the service
* Configure SELinux to support the service
* Use SELinux port labeling to allow services to use non-standard ports
* Configure the service to start when the system is booted
* Configure the service for basic operation
* Configure host-based and user-based security for the service
----
====== Lab Setup ======
The following virtual machines will be used:
* server1.example.com (192.168.1.150) -> Perform any client testing here
* server2.example.com (192.168.1.151) -> Install the database here
----
====== Install the packages needed to provide the service ======
Install the service
yum install mariadb mariadb-server
* mariadb -> the client
* mariadb-server -> the server
\\
Documentation (what can go in the /etc/my.cnf config)
/usr/libexec/mysqld --verbose --help | less
# then search for 'Variables'
/Variables
----
====== Configure SELinux to support the service ======
* Service agnostic -> [[linux_wiki:set_enforcing_and_permissive_modes_for_selinux|Ensure SELinux is running and enabled (RHCSA objective)]].
----
====== Use SELinux port labeling to allow services to use non-standard ports ======
Configuring the mariadb service with a non standard port and allowing port access with selinux.
* Examples: "man semanage-port" has examples for allowing non-standard ports
* Tip: To see current port labelssemanage port -l | grep mysql
\\
Edit the main config file
vim /etc/my.cnf
port = 5502
* port number selected randomly
\\
Open the firewall to the new port
firewall-cmd --permanent --add-port=5502/tcp
firewall-cmd --reload
\\
SELinux: Allow mariadb to use the new port
semanage port -a -t mysqld_port_t -p tcp 5502
\\
Restart the service
systemctl restart mariadb
\\
Remote clients would need to connect like this example (specifying a port)mysql -h 192.168.1.151 --port=5502 -u root -p
* -h 192.168.1.151 -> Remote hostname to connect to (can be an IP)
* --port=5502 -> Use this remote port
* -u root -> Database username
* -p -> Prompt for password
----
====== Configure the service to start when the system is booted ======
Check Current Service Status
systemctl status mariadb
* Also displays if the service is enabled or disabled
\\
Enabling a service to start on boot
systemctl enable mariadb
----
====== Configure the service for basic operation ======
Enable and Start the service
systemctl enable mariadb
systemctl start mariadb
----
====== Configure host-based and user-based security for the service ======
===== Firewall =====
Allow access through the firewall
firewall-cmd --permanent --add-service=mysql
firewall-cmd --reload
===== Host Based =====
===== User Based =====
----