Grant wrote:
mysql only needs to connect to a daemon running on the same system,
and I think it does so via a unix socket as opposed to tcp. I can see
from netstat that /var/run/mysqld/mysqld.sock is connected, there is
no mention of a tcp mysql connection, and nmap does not show a mysql
port to be open. Is there anything else I should do as far as locking
down mysql? I'm the only one with shell access to the system.
mysql should be running as a non-root user (probably mysql) and for what you
use, should be listening on localhost only. If you need to connect over the
How can I check to make sure mysql is only listening to localhost? It
doesn't show up with nmap.
- Grant
sudo netstat -ptln
It' also works without sudo, but then you don't see the process
associated with the open TCP port.
kashani