實驗準備
軟件:VMware Workstation Pro
虛擬機:Red Hat Enterprise Linux 7 服務器,Red Hat Enterprise Linux 7 客戶端
網絡模式:NAT模式
1、配置服務器及客戶端網絡
服務器IP
客戶端IP
測試相互通信
在客戶機上設置鏡像,配置yum源
[root@localhost 桌面]# mkdir /mnt/cdrom
[root@localhost 桌面]# mount /dev/sr0 /mnt/cdrom/
mount: /dev/sr0 寫保護,將以只讀方式掛載
[root@localhost 桌面]# vim /etc/yum.repos.d/a.repo
[root@localhost 桌面]# cat /etc/yum.repos.d/a.repo
[a]
name=a
baseurl=file:///mnt/cdrom
enable=1
gpgcheck=0
在完成MariaDB數據庫軟件程序的安裝并確保其成功啟動后,我們建議先不要急于使用它。為了保障數據庫的安全性和穩定運行,首要任務是進行初始化操作。該初始化流程包含以下五個關鍵步驟:
設置root管理員在數據庫中的密碼值(該密碼并非root管理員在系統中的密碼,密碼值默認為空,直接回車即可)。
設置root管理員在數據庫中的專有密碼。
刪除匿名用戶,并使用root管理員從遠程登錄數據庫,以確保數據庫上運行的業務的安全性。
刪除默認的測試數據庫,取消測試數據庫的一系列訪問權限。
刷新授權列表,讓初始化的設定立即生效。
[root@localhost 桌面]# mysql_secure_installation
/usr/bin/mysql_secure_installation:行379: find_mysql_client: 未找到命令NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDBSERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.Enter current password for root (enter for none): (默認為空)
OK, successfully used password, moving on...Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.Set root password? [Y/n] y (設置管理員密碼)
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..... Success!By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.Remove anonymous users? [Y/n] y (刪除匿名賬戶)... Success!Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.Disallow root login remotely? [Y/n] y (禁止管理員從遠程登錄)... Success!By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.Remove test database and access to it? [Y/n] y (刪除測試數據庫及其訪問權限)- Dropping test database...... Success!- Removing privileges on test database...... Success!Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.Reload privilege tables now? [Y/n] y (刷新授權表,讓初始化后的設定立即生效)... Success!Cleaning up...All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.Thanks for using MariaDB!
在眾多生產環境的實踐中,站庫分離技術(即將網站與數據庫部署于不同的服務器)被廣泛應用以確保系統的高可用性和安全性。當需要為root管理員提供遠程訪問數據庫的權限時,我們需要在初始化過程中制定相應的策略,以允許root管理員從遠程地址進行連接。此外,為了保障數據庫服務的安全,還需配置防火墻規則,確保其對數據庫服務程序(如MySQL,默認占用3306端口)的訪問請求進行放行。在防火墻策略中,這類服務通常被統一標識為“mysql”。
[root@localhost 桌面]# firewall-config
首次登錄MariaDB數據庫。為了管理數據庫,我們將使用mysql命令。在這個命令中,-u參數用于指定以root管理員的身份進行登錄,-p用來驗證該用戶在數據庫中的密碼值,以確保登錄的安全性。
[root@localhost 桌面]# mysql -u root -p
Enter password: (輸入剛剛設置的密碼)
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 5.5.35-MariaDB MariaDB ServerCopyright (c) 2000, 2013, Oracle, Monty Program Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> SHOW databases; //查看數據庫管理系統中當前都有哪些數據庫
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)MariaDB [(none)]> SET password = PASSWORD('hnswjj'); //使用數據庫命令將root管理員在數據庫管理系統中的密碼值修改為hnswjj
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> exit
Bye
(使用原密碼redhat嘗試登陸,登陸失敗)
[root@localhost 桌面]# mysql -u root -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)(使用新密碼hnswjj嘗試登陸,登陸成功,創建用戶student,admin,jack)
[root@localhost 桌面]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 13
Server version: 5.5.35-MariaDB MariaDB ServerCopyright (c) 2000, 2013, Oracle, Monty Program Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> CREATE USER student@localhost IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> CREATE USER admin@localhost IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> CREATE USER jack@localhost IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -ADatabase changed
MariaDB [mysql]> SELECT HOST,USER,PASSWORD FROM user WHERE USER="student";
+-----------+---------+-------------------------------------------+
| HOST | USER | PASSWORD |
+-----------+---------+-------------------------------------------+
| localhost | student | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |
+-----------+---------+-------------------------------------------+
1 row in set (0.00 sec)MariaDB [mysql]> SELECT HOST,USER,PASSWORD FROM user WHERE USER="admin";
+-----------+-------+-------------------------------------------+
| HOST | USER | PASSWORD |
+-----------+-------+-------------------------------------------+
| localhost | admin | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |
+-----------+-------+-------------------------------------------+
1 row in set (0.00 sec)MariaDB [mysql]> SELECT HOST,USER,PASSWORD FROM user WHERE USER="jack";
+-----------+------+-------------------------------------------+
| HOST | USER | PASSWORD |
+-----------+------+-------------------------------------------+
| localhost | jack | *84BB5DF4823DA319BBF86C99624479A198E6EEE9 |
+-----------+------+-------------------------------------------+
1 row in set (0.00 sec)MariaDB [mysql]> SHOW GRANTS FOR student@localhost;
+----------------------------------------------------------------------------------------------------------------+
| Grants for student@localhost |
+----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'student'@'localhost' IDENTIFIED BY PASSWORD '*84BB5DF4823DA319BBF86C99624479A198E6EEE9' |
+----------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
查看student用戶權限,并針對mysql數據庫中的user表單向用戶luke授予查詢、更新、刪除以及插入等權限;
MariaDB [mysql]> GRANT SELECT,UPDATE,DELETE,INSERT ON mysql.user TO student@localhost;
Query OK, 0 rows affected (0.00 sec)MariaDB [mysql]> SHOW GRANTS FOR student@localhost;
+----------------------------------------------------------------------------------------------------------------+
| Grants for student@localhost |
+----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'student'@'localhost' IDENTIFIED BY PASSWORD '*84BB5DF4823DA319BBF86C99624479A198E6EEE9' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `mysql`.`user` TO 'student'@'localhost' |
+----------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)MariaDB [mysql]> exit;
Byemysqldump命令用于備份數據庫數據,格式為“mysqldump [參數] [數據庫名稱]”。其中參數與mysql命令大致相同,-u參數用于定義登錄數據庫的用戶名稱,-p參數表示密碼提示符。下面將hnswjjxy數據庫中的內容導出為一個文件,并保存到root管理員的家目錄中:
[root@localhost ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 15
Server version: 5.5.35-MariaDB MariaDB ServerCopyright (c) 2000, 2013, Oracle, Monty Program Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> CREATE DATABASE hnswjjxy;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> exit;
Bye
[root@localhost ~]# mysqldump -u root -p hnswjjxy > /root/hnswjjxy.dump
Enter password:
[root@localhost ~]# cd /root
[root@localhost ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg 模板 圖片 下載 桌面
hnswjjxy.dump 公共 視頻 文檔 音樂然后進入MariaDB數據庫管理系統,徹底刪除hnswjjxy數據庫,這樣mybook數據表單也將被徹底刪除。
[root@localhost ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 17
Server version: 5.5.35-MariaDB MariaDB ServerCopyright (c) 2000, 2013, Oracle, Monty Program Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> DROP DATABASE hnswjjxy;
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> SHOW databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
遠程控制服務ssh配置
服務器
客戶端
[root@localhost ~]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.159.134 netmask 255.255.255.0 broadcast 192.168.159.255inet6 fe80::20c:29ff:fe48:38d prefixlen 64 scopeid 0x20<link>ether 00:0c:29:48:03:8d txqueuelen 1000 (Ethernet)RX packets 939 bytes 66043 (64.4 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 275 bytes 26173 (25.5 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 0 (Local Loopback)RX packets 17 bytes 1808 (1.7 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 17 bytes 1808 (1.7 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@localhost ~]# ssh 192.168.159.133
The authenticity of host '192.168.159.133 (192.168.159.133)' can't be established.
ECDSA key fingerprint is 01:e1:e1:a1:fe:89:18:b6:3d:ba:d4:a3:19:f3:1a:f9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.159.133' (ECDSA) to the list of known hosts.
root@192.168.159.133's password:
Last failed login: Thu May 23 15:16:42 CST 2024 from 192.168.159.134 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Thu May 23 14:07:18 2024
[root@localhost ~]# ifconfig //注:此時已遠程登陸至服務器,故ifconfig命令看到的是服務器ip.
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.159.133 netmask 255.255.255.0 broadcast 192.168.159.255inet6 fe80::20c:29ff:feb5:e726 prefixlen 64 scopeid 0x20<link>ether 00:0c:29:b5:e7:26 txqueuelen 1000 (Ethernet)RX packets 1026 bytes 77681 (75.8 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 297 bytes 30414 (29.7 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 0 (Local Loopback)RX packets 13 bytes 1360 (1.3 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 13 bytes 1360 (1.3 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]# exit
登出
Connection to 192.168.159.133 closed.打開服務器sshd服務配置文件,將第48行的參數設置為禁止root管理員遠程登錄;
[root@localhost 桌面]# vim /etc/ssh/sshd_config 
[root@localhost ~]# systemctl restart sshd.service使用客戶端遠程登陸,提示登陸成功;
使用客戶端遠程傳輸文件至服務器的/home目錄
[root@localhost /]# cd /opt
[root@localhost opt]# vim /opt/hnsw.txt
[root@localhost opt]# scp /opt/hnsw.txt 192.168.159.133:/home
root@192.168.159.133's password:
hnsw.txt 100% 17 0.0KB/s 00:00在服務器中查看傳輸文件內容:
使用客戶端遠程登錄服務器,刪除文件hnsw.txt,創建文件abc.txt
的CAN報文)
——深度循環神經網絡)
)
】)
