Differences
This shows you the differences between two versions of the page.
linux_wiki:network_services_overview_database_services [2016/10/01 15:42] billdozor [Configure the service for basic operation] |
linux_wiki:network_services_overview_database_services [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Network Services Overview Database Services ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | This page covers the Network Services objectives, specifically for < | ||
- | |||
- | **Network Services Objectives** | ||
- | * Install the packages needed to provide the service | ||
- | * Configure SELinux to support the service | ||
- | * Use SELinux port labeling to allow services to use non-standard ports | ||
- | * Configure the service to start when the system is booted | ||
- | * Configure the service for basic operation | ||
- | * Configure host-based and user-based security for the service | ||
- | |||
- | ---- | ||
- | |||
- | ====== Install the packages needed to provide the service ====== | ||
- | |||
- | Install the service | ||
- | <code bash> | ||
- | yum install mariadb mariadb-server | ||
- | </ | ||
- | * mariadb -> the client | ||
- | * mariadb-server -> the server | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configure SELinux to support the service ====== | ||
- | |||
- | * Service agnostic -> [[linux_wiki: | ||
- | |||
- | ---- | ||
- | |||
- | ====== Use SELinux port labeling to allow services to use non-standard ports ====== | ||
- | |||
- | Configuring the mariadb service with a non standard port and allowing port access with selinux. | ||
- | |||
- | * Examples: "man semanage-port" | ||
- | * Tip: To see current port labels< | ||
- | |||
- | \\ | ||
- | Edit the main config file | ||
- | <code bash> | ||
- | vim /etc/my.cnf | ||
- | |||
- | port = 5502 | ||
- | </ | ||
- | * port number selected randomly | ||
- | |||
- | \\ | ||
- | Open the firewall to the new port | ||
- | <code bash> | ||
- | firewall-cmd --permanent --add-port=5502/ | ||
- | firewall-cmd --reload | ||
- | </ | ||
- | |||
- | \\ | ||
- | SELinux: Allow mariadb to use the new port | ||
- | <code bash> | ||
- | semanage port -a -t mysqld_port_t 5502 -p tcp | ||
- | </ | ||
- | |||
- | \\ | ||
- | Restart the service | ||
- | <code bash> | ||
- | systemctl restart mariadb | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configure the service to start when the system is booted ====== | ||
- | |||
- | Check Current Service Status | ||
- | <code bash> | ||
- | systemctl status mariadb | ||
- | </ | ||
- | * Also displays if the service is enabled or disabled | ||
- | |||
- | \\ | ||
- | Enabling a service to start on boot | ||
- | <code bash> | ||
- | systemctl enable mariadb | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configure the service for basic operation ====== | ||
- | |||
- | Enable and Start the service | ||
- | <code bash> | ||
- | systemctl enable mariadb | ||
- | systemctl start mariadb | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configure host-based and user-based security for the service ====== | ||
- | |||
- | ===== Firewall ===== | ||
- | |||
- | Allow access through the firewall | ||
- | <code bash> | ||
- | firewall-cmd --permanent --add-service=< | ||
- | firewall-cmd --reload | ||
- | </ | ||
- | |||
- | ===== Host Based ===== | ||
- | |||
- | |||
- | ===== User Based ===== | ||
- | |||
- | ---- | ||