Details
-
Bug
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
Lost a CentOS MariaDB instance to a ransomware attack and had to restore from backup. Noticed the attack was contained to MariaDB, which was listening on 0.0.0.0:3306 for anyone who might be interested in compromising my system.
Restored from backup and did a new install on a Debian system and found the mysql_secure_installation. This is not a good user journey for discovering your setup script.
The default MariaDB instance should be airgapped, not listening for anything.
Current mysql_secure_installation are terrifying but seem to be correct:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
|
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1354/mysqld
|
I would rather not even see Maria listed there.