Skip to content

How to Install and Secure MariaDB in RHEL 9

Jump to Tutorial

MariaDB is an open source and community-developed fork of MySQL. It is a widely used relational database management system (RDMS) used to store data both in production and for personal and experimental projects. It was designed by the original developers of the MySQL database server, with the objective of remaining open source under the GNU GPL license.

Some of the advantages of using MariaDB over MySQL include:

  1. Strong security thanks to additional security features such as user roles, PAM and LDAP authentication, data encryption, and role-based access control (RBAC).
  2. High performance thanks to more and better storage engines such as Aria and XtraDB. The former replaces MyISAM in MySQL and offers better caching. XtraDB replaces InnoDB and improves performance.
  3. Galera clustering which ensures scalability, high availability, and zero loss of data through replication.
  4. Integrated monitoring using microsecond precision and extended user statistics.

In this guide, we will demonstrate how to install and secure MariaDB on RHEL 9.

Step 1: Upgrade Software Packages

To get started, log into your server as a sudo user via SSH. Next, upgrade all the packages and refresh the repositories as follows:

$ sudo dnf update

screenshot of code

The MariaDB Server package is provided by the official AppStream repositories. You can confirm this by searching for the package on the repositories as shown:

$ sudo dnf search mariadb-server

The following output confirms that MariaDB is hosted on the default repositories.

screenshot of code

Step 2: Install MariaDB Server on RHEL 9

The next step is to install the MariaDB Server. To do so, run the following command:

$ sudo dnf install mariadb-server -y

The command installs the MariaDB server alongside other dependencies and additional packages required by the database server.

screenshot of code
screenshot of code

Once the installation is complete, confirm that MariaDB is installed using the following command:

$ rpm -qi mariadb-server

Running this command displays comprehensive details about the MariaDB Server package including the name, version, architecture, installation date, and installed size to name a few.

screenshot of code

Step 3: Start and Enable MariaDB Server

Up to this point, we have successfully installed the MariaDB Server. By default, the MariaDB service does not start automatically. As such you need to start it by running the following command:

$ sudo systemctl start mariadb

In addition, set it to start automatically on system startup.

$ sudo systemctl enable mariadb

screenshot of code

To verify that MariaDB is up and running, run the command:

$ sudo systemctl status mariadb

screenshot of code

MariaDB listens on TCP port 3306. You can confirm this using the command:

$ sudo ss -pnltu | grep mariadb

screenshot of code

Step 4: Secure MariaDB Server

The default settings for the MariaDB database server are considered weak and not robust in the face of a breach or intrusion. As such, you need to go an extra step and secure the database server. To do this, run the mysql_secure_installation script as shown:

$ sudo mysql_secure_installation

Running the script will present you with a series of prompts.

First, you will be required to provide the root password. Next, switch to unix_socket authentication which allows the user to use operating system credentials when connecting to the MariaDB database server.

You can then decide to change the root user or let it remain exactly the way it is.

screenshot of code

For the remaining prompts, press “Y” in order to secure MariaDB to the recommended standards. This does the following:

  1. Removes anonymous users from the database server. This prevents the risk of having anyone log into MariaDB without having a user account.
  2. Disallows remote root login. This ensures that only the root user is allowed to connect from ‘localhost’ or the server on which MariaDB is installed. This prevents brute-force attacks using the root user password.
  3. Removes a test database called test which can be accessed by anyone and is only used for testing. Its removal is recommended before transitioning to a producing environment.
  4. Reloads the privilege tables. Hence, saves all the changes made.
screenshot of code

MariaDB is now secured using the recommended security standards after installation.

Step 5: Log Into MariaDB Server

To log in to the MariaDB database server, run the command:

$ sudo mysql -u root -p

Provide the root password for MariaDB and press ENTER. This ushers you to the MariaDB shell.

To check the version of MariaDB installed, run the command:

SELECT VERSION();

From the output, you can see that we are running MariaDB 10.5.16.

screenshot of code

To list all the databases, run the command:

SHOW DATABASES;

screenshot of code

Step 6: Create Database and Database User (Optional)

This step illustrates how to create a database and a database user.

To create a database in the MariaDB Server, run the following command where test_db is the database name:

CREATE DATABASE test_db;

Next, create a database user on the system with a password. Here, test_user is the name of the database user and P@ssword321@ is the user’s password. Be sure to provide a stronger password for your user.

CREATE USER 'test_user'@'localhost' IDENTIFIED BY 'Password321@';

Next, grant privileges to the database user on the database. This determines the rights that the user has on the database, e.g., ALTER, CREATE, DELETE, DROP, SELECT, UPDATE, etc. This command will grant user rights to the database.

GRANT ALL ON test_db.* TO 'test_user'@'localhost' WITH GRANT OPTION;

Lastly, reload the grant tables in order to save the changes made as follows:

FLUSH PRIVILEGES

screenshot of code

To confirm the creation of the database, again, run the following SQL query:

SHOW DATABASES;

This time around, an additional database named test_db appears on the list.

screenshot of code

To view a list of all the users in the database server, run the following query:

SELECT User, Host FROM mysql.user;

screenshot of code

Conclusion

In this guide, you learned how to install and secure the MariaDB database server on RHEL 9. For more information about MariaDB, check out the official documentation.

Looking for more ways to secure your Linux servers and devices? Learn how to improve Linux security posture with JumpCloud’s MDM policies. 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About JumpCloud
At JumpCloud, our mission is to build a world-class cloud directory. Not just the evolution of Active Directory to the cloud, but a reinvention of how modern IT teams get work done. The JumpCloud Directory Platform is a directory for your users, their IT resources, your fleet of devices, and the secure connections between them with full control, security, and visibility.