A netwok administration question

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Installation - Getting started with Red Hat Linux

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

A netwok administration question

A netwok administration question

2003-12-17 - By Keith Mastin

Back

Reply: 1 2

> Hi To All,
>
> I would like to ask how will I know if there are individuals accessing
> mysql database on my server? Is anyone knows this?
>
> I used netstat -anp | grep mysql but I cannot see the ip address of those
> connected which the result is below:
>
> tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
> 937/mysqld
> unix 2 [ ACC ] STREAM LISTENING 3809 937/mysqld
> /var/lib/mysql/mysql.sock
> unix 3 [ ] STREAM CONNECTED 34239516 937/mysqld
> /var/lib/mysql/mysql.sock
>
> I am confuse with my server security. I am using RH 7.3 and RH 7.2. Any
> help is appreciated.

Looks like it has one connection live to another server process, maybe a
php or perl process? My netstat output is similar (with a lot more
connections) except instead of port 937 it's set to 30919 and firewalled
to keep the database access only through the localhost.

I would recommend though that you set mysqld to listen on a unrestricted
port (1024+) to limit access and to set your packet filter to a DROP
policy and then only allow connections to the server on necessary
restricted ports. It'll help your peace of mind.

HTH

--
Keith