Differences
This shows you the differences between two versions of the page.
linux_wiki:network_services_overview_database_services [2018/05/12 16:34] billdozor [Use SELinux port labeling to allow services to use non-standard ports] |
linux_wiki:network_services_overview_database_services [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Network Services Overview: Database Services ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | This page covers the Network Services objectives, specifically for MariaDB. | ||
- | |||
- | **Network Services Objectives** | ||
- | * Install the packages needed to provide the service | ||
- | * Configure SELinux to support the service | ||
- | * Use SELinux port labeling to allow services to use non-standard ports | ||
- | * Configure the service to start when the system is booted | ||
- | * Configure the service for basic operation | ||
- | * Configure host-based and user-based security for the service | ||
- | |||
- | ---- | ||
- | |||
- | ====== Lab Setup ====== | ||
- | |||
- | The following virtual machines will be used: | ||
- | * server1.example.com (192.168.1.150) -> Perform any client testing here | ||
- | * server2.example.com (192.168.1.151) -> Install the database here | ||
- | |||
- | ---- | ||
- | |||
- | ====== Install the packages needed to provide the service ====== | ||
- | |||
- | Install the service | ||
- | <code bash> | ||
- | yum install mariadb mariadb-server | ||
- | </ | ||
- | * mariadb -> the client | ||
- | * mariadb-server -> the server | ||
- | |||
- | \\ | ||
- | Documentation (what can go in the /etc/my.cnf config) | ||
- | <code bash> | ||
- | / | ||
- | |||
- | # then search for ' | ||
- | / | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configure SELinux to support the service ====== | ||
- | |||
- | * Service agnostic -> [[linux_wiki: | ||
- | |||
- | ---- | ||
- | |||
- | ====== Use SELinux port labeling to allow services to use non-standard ports ====== | ||
- | |||
- | Configuring the mariadb service with a non standard port and allowing port access with selinux. | ||
- | |||
- | * Examples: "man semanage-port" | ||
- | * Tip: To see current port labels< | ||
- | |||
- | \\ | ||
- | Edit the main config file | ||
- | <code bash> | ||
- | vim /etc/my.cnf | ||
- | |||
- | port = 5502 | ||
- | </ | ||
- | * port number selected randomly | ||
- | |||
- | \\ | ||
- | Open the firewall to the new port | ||
- | <code bash> | ||
- | firewall-cmd --permanent --add-port=5502/ | ||
- | firewall-cmd --reload | ||
- | </ | ||
- | |||
- | \\ | ||
- | SELinux: Allow mariadb to use the new port | ||
- | <code bash> | ||
- | semanage port -a -t mysqld_port_t -p tcp 5502 | ||
- | </ | ||
- | |||
- | \\ | ||
- | Restart the service | ||
- | <code bash> | ||
- | systemctl restart mariadb | ||
- | </ | ||
- | |||
- | \\ | ||
- | Remote clients would need to connect like this example (specifying a port)< | ||
- | * -h 192.168.1.151 | ||
- | * --port=5502 | ||
- | * -u root -> Database username | ||
- | * -p -> Prompt for password | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configure the service to start when the system is booted ====== | ||
- | |||
- | Check Current Service Status | ||
- | <code bash> | ||
- | systemctl status mariadb | ||
- | </ | ||
- | * Also displays if the service is enabled or disabled | ||
- | |||
- | \\ | ||
- | Enabling a service to start on boot | ||
- | <code bash> | ||
- | systemctl enable mariadb | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configure the service for basic operation ====== | ||
- | |||
- | Enable and Start the service | ||
- | <code bash> | ||
- | systemctl enable mariadb | ||
- | systemctl start mariadb | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configure host-based and user-based security for the service ====== | ||
- | |||
- | ===== Firewall ===== | ||
- | |||
- | Allow access through the firewall | ||
- | <code bash> | ||
- | firewall-cmd --permanent --add-service=mysql | ||
- | firewall-cmd --reload | ||
- | </ | ||
- | |||
- | ===== Host Based ===== | ||
- | |||
- | |||
- | ===== User Based ===== | ||
- | |||
- | ---- | ||