linux_wiki:network_services_overview_database_services

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:network_services_overview_database_services [2018/05/12 16:34]
billdozor [Use SELinux port labeling to allow services to use non-standard ports] 		linux_wiki:network_services_overview_database_services [2019/05/25 23:50]
Line 1: Line 1:
-====== Network Services Overview: Database Services ====== 
- 
-**General Information** 
- 
-This page covers the Network Services objectives, specifically for MariaDB.  
- 
-**Network Services Objectives** 
-  * Install the packages needed to provide the service 
-  * Configure SELinux to support the service 
-  * Use SELinux port labeling to allow services to use non-standard ports 
-  * Configure the service to start when the system is booted 
-  * Configure the service for basic operation 
-  * Configure host-based and user-based security for the service 
- 
----- 
- 
-====== Lab Setup ====== 
- 
-The following virtual machines will be used: 
-  * server1.example.com (192.168.1.150) -> Perform any client testing here 
-  * server2.example.com (192.168.1.151) -> Install the database here 
- 
----- 
- 
-====== Install the packages needed to provide the service ====== 
- 
-Install the service 
-<code bash> 
-yum install mariadb mariadb-server 
-</code> 
-  * mariadb -> the client 
-  * mariadb-server -> the server 
- 
-\\ 
-Documentation (what can go in the /etc/my.cnf config) 
-<code bash> 
-/usr/libexec/mysqld --verbose --help | less 
- 
-# then search for 'Variables' 
-/Variables    <enter> 
-</code> 
- 
----- 
- 
-====== Configure SELinux to support the service ====== 
- 
-  * Service agnostic -> [[linux_wiki:set_enforcing_and_permissive_modes_for_selinux|Ensure SELinux is running and enabled (RHCSA objective)]]. 
- 
----- 
- 
-====== Use SELinux port labeling to allow services to use non-standard ports ====== 
- 
-Configuring the mariadb service with a non standard port and allowing port access with selinux. 
- 
-  * Examples: "man semanage-port" has examples for allowing non-standard ports 
-  * Tip: To see current port labels<code bash>semanage port -l | grep mysql</code> 
- 
-\\ 
-Edit the main config file 
-<code bash> 
-vim /etc/my.cnf 
- 
-port = 5502 
-</code> 
-  * port number selected randomly 
- 
-\\ 
-Open the firewall to the new port 
-<code bash> 
-firewall-cmd --permanent --add-port=5502/tcp 
-firewall-cmd --reload 
-</code> 
- 
-\\ 
-SELinux: Allow mariadb to use the new port 
-<code bash> 
-semanage port -a -t mysqld_port_t -p tcp 5502 
-</code> 
- 
-\\ 
-Restart the service 
-<code bash> 
-systemctl restart mariadb 
-</code> 
- 
-\\ 
-Remote clients would need to connect like this example (specifying a port)<code bash>mysql -h 192.168.1.151 --port=5502 -u root -p</code> 
-  * -h 192.168.1.151  -> remote hostname to connect to (can be an IP) 
-  * --port=5502  -> Use this remote port 
-  * -u root  -> Database username 
-  * -p  -> Prompt for password 
- 
----- 
- 
-====== Configure the service to start when the system is booted ====== 
- 
-Check Current Service Status 
-<code bash> 
-systemctl status mariadb 
-</code> 
-  * Also displays if the service is enabled or disabled 
- 
-\\ 
-Enabling a service to start on boot 
-<code bash> 
-systemctl enable mariadb 
-</code> 
- 
----- 
- 
-====== Configure the service for basic operation ====== 
- 
-Enable and Start the service 
-<code bash> 
-systemctl enable mariadb 
-systemctl start mariadb 
-</code> 
- 
----- 
- 
-====== Configure host-based and user-based security for the service ====== 
- 
-===== Firewall ===== 
- 
-Allow access through the firewall 
-<code bash> 
-firewall-cmd --permanent --add-service=mysql 
-firewall-cmd --reload 
-</code> 
- 
-===== Host Based ===== 
- 
- 
-===== User Based ===== 
- 
----- 
  
  • linux_wiki/network_services_overview_database_services.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)