Requires root access on target server.
Download MySQL rpm-bundle at https://dev.mysql.com/downloads/file/?id=473261
After downloading the tarball, unpack with the following command.
# cd /tmp
# tar xvf MySQL-5.6.38-1.el6.x86_64.rpm-bundle.tar
Install MySQL
$ sudo yum localinstall MySQL-*
Update /etc/my.cnf
[mysqld]
datadir = /var/lib/mysql
socket = /var/lib/mysql/mysql.sock
transaction-isolation = READ-COMMITTED
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links = 0
key_buffer_size = 32M
max_allowed_packet = 32M
thread_stack = 256K
thread_cache_size = 64
query_cache_limit = 8M
query_cache_size = 64M
query_cache_type = 1
max_connections = 550
#expire_logs_days = 10
#max_binlog_size = 100M
log_bin=/var/lib/mysql/mysql_binlog
binlog_format = mixed
read_buffer_size = 2M
read_rnd_buffer_size = 16M
sort_buffer_size = 8M
join_buffer_size = 8M
# InnoDB settings
innodb_file_per_table = 1
innodb_flush_log_at_trx_commit = 2
innodb_log_buffer_size = 64M
innodb_buffer_pool_size = 1G
innodb_thread_concurrency = 8
innodb_flush_method = O_DIRECT
innodb_log_file_size = 512M
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
Start MySQL Community Server.
$ sudo systemctl start mysql
OR
$ sudo service mysql start
Ensure the MySQL Server starts at boot.
$ sudo chkconfig mysql on
Perform post install security activities. The root password is none.
$
sudo /usr/bin/mysql_secure_installation
NOTE:
RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In
order to log into MySQL to secure it, we'll need the current
password
for the root user. If you've just
installed MySQL, and
you
haven't set the root password yet, the password will be blank,
so
you should just press enter here.
Enter
current password for root (enter for none):
OK,
successfully used password, moving on...
Setting
the root password ensures that nobody can log into the MySQL
root
user without the proper authorisation.
Set
root password? [Y/n] Y
New
password:
Re-enter
new password:
Password
updated successfully!
Reloading
privilege tables..
... Success!
By
default, a MySQL installation has an anonymous user, allowing anyone
to
log into MySQL without having to have a user account created for
them. This is intended only for testing, and to
make the installation
go
a bit smoother. You should remove them
before moving into a
production
environment.
Remove
anonymous users? [Y/n] Y
... Success!
Normally,
root should only be allowed to connect from 'localhost'. This
ensures
that someone cannot guess at the root password from the network.
Disallow
root login remotely? [Y/n] Y
... Success!
By
default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and
should be removed
before
moving into a production environment.
Remove
test database and access to it? [Y/n] Y
- Dropping test database...
ERROR
1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
... Failed!
Not critical, keep moving...
- Removing privileges on test database...
... Success!
Reloading
the privilege tables will ensure that all changes made so far
will
take effect immediately.
Reload
privilege tables now? [Y/n] Y
... Success!
All
done! If you've completed all of the
above steps, your MySQL
installation
should now be secure.
Thanks
for using MySQL!
Cleaning
up...
Purge Bingary Logs
To delete binary logs before midnight 7 days ago.
mysql> PURGE BINARY LOGS BEFORE DATE(NOW() - INTERVAL 7 DAY) +
INTERVAL 0 SECOND;
To keep 7 days worth of binary logs
mysql> SET GLOBAL expire_logs_days = 7;
and add to /etc/my.cnf
[mysqld]
expire_logs_days=7
When replication is configured, verify slave status and delete binary
logs to the relay master log file.
mysql> PURGE BINARY LOGS TO ‘Relay_Master_Log_File_On_Slave’;
No comments:
Post a Comment