Is my setup secure?

Discussion in 'Systems Administration' started by RGamer_, Jun 24, 2020.

  1. I have a home-hosted Spigot and MySQL server behind a Bungee hosted from BisectHosting, connected to TCPShield. On the Spigot server, I have BungeeGuard installed. On the MySQL server, I have the root user restricted to localhost with this command I found online:
    GRANT ALL PRIVILEGES ON *.* TO db_user @'localhost' IDENTIFIED BY 'db_passwd';
    GRANT ALL PRIVILEGES ON *.* TO db_user @'127.0.0.1' IDENTIFIED BY 'db_passwd';
    (I'm a complete MySQL noob, is there any advice on what I can do to secure my MySQL server?)
    My Bungee is on a different machine than my Spigot/MySQL server.
    I have Bitdefender firewall that only allows ports and IP addresses that plugins require (The server runs Windows, so no iptables. However, the Bungee server runs Linux). I have plugins on my Bungee that is also connected to my MySQL server, using port 3306, but the firewall only allows connections from port 3306 coming from my Bungee server.

    Is there anything wrong or unsecure about my setup? What can I do to further improve this setup?
     
  2. Strahan

    Benefactor

    You shouldn't grant all privileges and I hope you didn't use that command verbatim because it would create a user named "db_user" with that totally insecure password. Choose a proper username and password, and never use root. Also grant it only CREATE, SELECT, DELETE, INSERT and UPDATE. 99% of plugins will be fine with those.
     
    • Agree Agree x 1