From cf24e4288445591be2595c542fcc9d7e5e0330e0 Mon Sep 17 00:00:00 2001 From: "jake%bugzilla.org" <> Date: Sun, 16 Feb 2003 23:43:17 +0000 Subject: Recompiling the docs for the 2.17.4 development release. --- docs/html/stepbystep.html | 308 +++------------------------------------------- 1 file changed, 15 insertions(+), 293 deletions(-) (limited to 'docs/html/stepbystep.html') diff --git a/docs/html/stepbystep.html b/docs/html/stepbystep.html index 5e5a09522..8de6806b1 100644 --- a/docs/html/stepbystep.html +++ b/docs/html/stepbystep.html @@ -7,7 +7,7 @@ NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+ ">The Bugzilla GuideThe Bugzilla Guide - 2.17.4 Development Release

4.1.5.1. DBI

4.1.5.2. Data::Dumper

4.1.5.3. MySQL-related modules

4.1.5.4. TimeDate modules

4.1.5.5. GD (optional)

4.1.5.6. Chart::Base (optional)

4.1.5.7. Template Toolkit

4.1.7. Bugzilla


perl -pi -e 's@#\!/usr/bonsaitools/bin/perl@#\!/usr/bin/perl@' *cgi *pl Bug.pm processmail syncshadowdb
+>
perl -pi -e 's@#\!/usr/bonsaitools/bin/perl@#\!/usr/bin/perl@' *cgi *pl Bug.pm syncshadowdb

4.1.8. Setting Up the MySQL Database

4.1.9.

4.1.10. Securing MySQL

If you followed the installation instructions for setting up your - "bugs" and "root" user in MySQL, much of this should not apply to you. - If you are upgrading an existing installation of Bugzilla, you should - pay close attention to this section.

Most MySQL installs have "interesting" default security - parameters: -

mysqld defaults to running as root
it defaults to allowing external network connections
it has a known port number, and is easy to detect
it defaults to no passwords whatsoever
it defaults to allowing "File_Priv"

-

This means anyone from anywhere on the Internet can not only drop - the database with one SQL command, and they can write as root to the - system.

To see your permissions do: -

bash# - - mysql -u root -p - -
mysql> - - use mysql; - -
mysql> - - show tables; - -
mysql> - - select * from user; - -
mysql> - - select * from db; - -

-

To fix the gaping holes: -

DELETE FROM user WHERE User='';
UPDATE user SET Password=PASSWORD('new_password') WHERE - user='root';
FLUSH PRIVILEGES;

-

If you're not running "mit-pthreads" you can use: -

GRANT USAGE ON *.* TO bugs@localhost;
GRANT ALL ON bugs.* TO bugs@localhost;
REVOKE DROP ON bugs.* FROM bugs@localhost;
FLUSH PRIVILEGES;

-

With "mit-pthreads" you'll need to modify the "globals.pl" - Mysql->Connect line to specify a specific host name instead of - "localhost", and accept external connections: -

GRANT USAGE ON *.* TO bugs@bounce.hop.com;
GRANT ALL ON bugs.* TO bugs@bounce.hop.com;
REVOKE DROP ON bugs.* FROM bugs@bounce.hop.com;
FLUSH PRIVILEGES;

-

Consider also: -

  1. Turning off external networking with "--skip-networking", - unless you have "mit-pthreads", in which case you can't. Without - networking, MySQL connects with a Unix domain socket.

  2. using the --user= option to mysqld to run it as an - unprivileged user.

  3. running MySQL in a chroot jail

  4. running the httpd in a chroot jail

  5. making sure the MySQL passwords are different from the OS - passwords (MySQL "root" has nothing to do with system - "root").

  6. running MySQL on a separate untrusted machine

  7. making backups ;-)

-

4.1.11. Configuring Bugzilla

4.1.10. Configuring Bugzilla

You should run through the parameters on the Edit Parameters page (link in the footer) and set them all to appropriate values. -- cgit v1.2.3-24-g4f1b