I'm running a web server with Apache Tomcat and mySQL for the first time and I've been following various recommendations to make the server more secure (it's Linux Debian). One of these recommendations is to keep the number of open ports to a minimum.
I'm looking at netstat (see the output below) and it makes me wonder if the mysql port needs to be open at all, since the tomcat and mysql database are running on the same machine.
Can I block off these ports? Would I have to use a firewall to do that? (like ip_tables)
Maybe you can communicate through the socket. It will allow you to use the "skip-networking" option, so mysql will not listen on the NIC
Thanks Adam
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 localhost:8005 *:* LISTEN 30723/java tcp 0 0 *:mysql *:* LISTEN 1890/mysqld tcp 0 0 *:www *:* LISTEN 30723/java tcp 0 0 *:ssh *:* LISTEN 248/sshd tcp 0 0 *:12121 *:* LISTEN 267/perl tcp 0 0 *:smtp *:* LISTEN 239/master tcp 0 0 *:https *:* LISTEN 30723/java tcp 0 0 localhost:mysql localhost:1311 ESTABLISHED 1890/mysqld tcp 1 0 localhost:1312 localhost:mysql CLOSE_WAIT 30723/java tcp 0 0 localhost:1311 localhost:mysql ESTABLISHED 30723/java
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
