MariaDB is an open source and community-developed fork of MySQL. It is a widely used relational database management system (RDMS) used to store data both in production and for personal and experimental projects. It was designed by the original developers of the MySQL database server, with the objective of remaining open source under the GNU GPL license.
Some of the advantages of using MariaDB over MySQL include:
- Strong security thanks to additional security features such as user roles, PAM and LDAP authentication, data encryption, and role-based access control (RBAC).
- High performance thanks to more and better storage engines such as Aria and XtraDB. The former replaces MyISAM in MySQL and offers better caching. XtraDB replaces InnoDB and improves performance.
- Galera clustering which ensures scalability, high availability, and zero loss of data through replication.
- Integrated monitoring using microsecond precision and extended user statistics.
In this guide, we will demonstrate how to install and secure MariaDB on RHEL 9.
Step 1: Upgrade Software Packages
To get started, log into your server as a sudo user via SSH. Next, upgrade all the packages and refresh the repositories as follows:
$ sudo dnf update
The MariaDB Server package is provided by the official AppStream repositories. You can confirm this by searching for the package on the repositories as shown:
$ sudo dnf search mariadb-server
The following output confirms that MariaDB is hosted on the default repositories.
Step 2: Install MariaDB Server on RHEL 9
The next step is to install the MariaDB Server. To do so, run the following command:
$ sudo dnf install mariadb-server -y
The command installs the MariaDB server alongside other dependencies and additional packages required by the database server.
Once the installation is complete, confirm that MariaDB is installed using the following command:
$ rpm -qi mariadb-server
Running this command displays comprehensive details about the MariaDB Server package including the name, version, architecture, installation date, and installed size to name a few.
Step 3: Start and Enable MariaDB Server
Up to this point, we have successfully installed the MariaDB Server. By default, the MariaDB service does not start automatically. As such you need to start it by running the following command:
$ sudo systemctl start mariadb
In addition, set it to start automatically on system startup.
$ sudo systemctl enable mariadb
To verify that MariaDB is up and running, run the command:
$ sudo systemctl status mariadb
MariaDB listens on TCP port 3306. You can confirm this using the command:
$ sudo ss -pnltu | grep mariadb
Step 4: Secure MariaDB Server
The default settings for the MariaDB database server are considered weak and not robust in the face of a breach or intrusion. As such, you need to go an extra step and secure the database server. To do this, run the
mysql_secure_installation script as shown:
$ sudo mysql_secure_installation
Running the script will present you with a series of prompts.
First, you will be required to provide the root password. Next, switch to unix_socket authentication which allows the user to use operating system credentials when connecting to the MariaDB database server.
You can then decide to change the root user or let it remain exactly the way it is.
For the remaining prompts, press “Y” in order to secure MariaDB to the recommended standards. This does the following:
- Removes anonymous users from the database server. This prevents the risk of having anyone log into MariaDB without having a user account.
- Disallows remote root login. This ensures that only the root user is allowed to connect from ‘localhost’ or the server on which MariaDB is installed. This prevents brute-force attacks using the root user password.
- Removes a test database called test which can be accessed by anyone and is only used for testing. Its removal is recommended before transitioning to a producing environment.
- Reloads the privilege tables. Hence, saves all the changes made.
MariaDB is now secured using the recommended security standards after installation.
Step 5: Log Into MariaDB Server
To log in to the MariaDB database server, run the command:
$ sudo mysql -u root -p
Provide the root password for MariaDB and press ENTER. This ushers you to the MariaDB shell.
To check the version of MariaDB installed, run the command:
From the output, you can see that we are running MariaDB 10.5.16.
To list all the databases, run the command:
Step 6: Create Database and Database User (Optional)
This step illustrates how to create a database and a database user.
To create a database in the MariaDB Server, run the following command where
test_db is the database name:
CREATE DATABASE test_db;
Next, create a database user on the system with a password. Here,
test_user is the name of the database user and
P@ssword321@ is the user’s password. Be sure to provide a stronger password for your user.
CREATE USER ‘test_user’@’localhost’ IDENTIFIED BY ‘Password321@’;
Next, grant privileges to the database user on the database. This determines the rights that the user has on the database, e.g., ALTER, CREATE, DELETE, DROP, SELECT, UPDATE, etc. This command will grant user rights to the database.
GRANT ALL ON test_db.* TO ‘test_user’@’localhost’ WITH GRANT OPTION;
Lastly, reload the grant tables in order to save the changes made as follows:
To confirm the creation of the database, again, run the following SQL query:
This time around, an additional database named
test_db appears on the list.
To view a list of all the users in the database server, run the following query:
SELECT User, Host FROM mysql.user;
In this guide, you learned how to install and secure the MariaDB database server on RHEL 9. For more information about MariaDB, check out the official documentation.
Looking for more ways to secure your Linux servers and devices? Learn how to improve Linux security posture with JumpCloud’s MDM policies.