A Step-by-Step Guide to Installing and Securing MySQL 8 on FreeBSD 12
Setting up a robust database server is a foundational task for web applications, data analytics, and general-purpose data storage. MySQL remains one of the world’s most popular open-source relational database management systems, and pairing it with the stability and security of FreeBSD creates a powerful combination.
This guide provides a comprehensive walkthrough for installing, configuring, and securing MySQL 8 on a FreeBSD 12 system. Following these steps will ensure you have a clean, secure, and production-ready database instance.
Prerequisites: Preparing Your FreeBSD System
Before installing any new software, it’s a critical best practice to ensure your system’s package repository and installed packages are fully up to date. This prevents potential conflicts and ensures you are installing the latest secure versions available.
Open your terminal and run the following command as a user with root privileges:
pkg update && pkg upgrade
Wait for the process to complete. If any packages are upgraded, your system is now ready for the MySQL installation.
Step 1: Installing the MySQL 8 Server Package
FreeBSD’s pkg package management system makes installing software incredibly simple. The official repositories contain a pre-compiled package for MySQL 8, which is the recommended method for most users.
To install the MySQL 8 server, execute this command:
pkg install mysql80-server
The package manager will resolve all necessary dependencies and install the server, client tools, and associated files onto your system.
Step 2: Enabling and Starting the MySQL Service
After the installation is complete, you need to enable the MySQL service so that it starts automatically whenever the server boots. This is done by adding an entry to the /etc/rc.conf file.
You can enable the service with a single command:
sysrc mysql_enable="YES"
This command safely appends mysql_enable="YES" to your /etc/rc.conf file.
With the service enabled, you can now start the MySQL server for the first time. This initial startup is important because it will initialize the database directory (/var/db/mysql) and generate a temporary root password.
Start the service using the following command:
service mysql-server start
Important: During this first startup, MySQL generates a temporary, random password for the root user. This password is saved in the MySQL error log. You will need this password for the next step.
To find the temporary password, check the error log located at /var/db/mysql/. You can use grep to quickly find it:
grep 'temporary password' /var/db/mysql/*.err
Copy this password to a secure location, as you will need it to secure your installation.
Step 3: Securing Your MySQL 8 Installation
MySQL ships with a crucial security script called mysql_secure_installation. Running this script is not optional and is essential for hardening your database server against common threats. It walks you through several vital security tasks.
To begin, run the script from your terminal:
mysql_secure_installation
The script will prompt you for the current root password. Enter the temporary password you retrieved from the error log in the previous step.
You will then be guided through the following security configurations:
Validate Password Component: The script will first ask if you want to enable the
VALIDATE PASSWORDcomponent. It is highly recommended to enable this feature (selectYfor yes). This enforces strong password policies for all database users, significantly improving security. You can choose the level of password complexity (low, medium, or strong).Set a New Root Password: You will be prompted to create a new, strong password for the
rootuser. Choose a long, complex, and unique password and store it securely.Remove Anonymous Users: The script will ask if you want to remove anonymous user accounts. You should always remove them (select
Y) as they pose a security risk.Disallow Remote Root Login: You will be asked whether to disallow the
rootuser from connecting from anywhere other than the local machine (localhost). For security, you should always disallow remote root login (selectY). You can create separate administrative users for remote access if needed.Remove the Test Database: MySQL includes a test database by default. This database is accessible to all users and should be removed from a production environment (select
Y).Reload Privilege Tables: Finally, the script will ask to reload the privilege tables to ensure all the changes you made take effect immediately. Select
Y.
Once the script is complete, your MySQL installation is significantly more secure.
Step 4: Verifying the MySQL Installation
The final step is to verify that you can log in with your new root password and that the server is running correctly.
Attempt to log in to the MySQL server using the command-line client:
mysql -u root -p
You will be prompted to enter the new password you set during the mysql_secure_installation process.
If you are successfully logged in, you will see the MySQL monitor prompt (mysql>). You can run a simple command to confirm the server version and current status:
SELECT version();
This should return the version of your MySQL 8 server. To exit the client, simply type exit and press Enter.
Congratulations! You have successfully installed, configured, and secured a MySQL 8 database server on your FreeBSD 12 system. Your server is now ready for creating databases, adding users, and powering your applications.
Source: https://kifarunix.com/install-mysql-8-on-freebsd-12/
