I'm looking at securing the RDBMS now and I started with looking at the users table to see who and what has access.
I have 5 accounts:
Code: Select all
localhost root
web1.mycompany.com root
localhost debian-sys-maint
% mycompany
123.456.789.101 mycompanyThe '%' I believe was my first attempt and is likely a security hole, so it's gonna get dropped ASAP - although it has no privs at all :S
The second IP based (user: mycompany) has a password and full privileges, I remember creating this account.
I've Googled for debian-sys-maint and it appears it's created by Debian to basically start the daemon inside init.d, etc. It has password and full privs. web1.mycompany.com is the name of my server and I believe is the same damn thing as localhost - so why in the heck would it exist?
Ideally I wanted only two.
1) root@localhost
2) root@123.456.789.101
And I'm guessing now I need debian-sys-maint
I'm working on a shell script to disable/enable remote access on an 'as needed' basis (remote connections are always bad).
Anyone have any insight into how and why the debian-sys-maint account exists? Can I not just use the default root for localhost, seeing as they both seem to share the same privs and are password protected afterall. What is the benefit to having one used for starting the daemon and the other for carrying out activities?
I will also have custom accounts for each web site I host but with restricted privs (basically CRUD and thats it).
Anyways, if someone would care to elaborate on these questions for me and share some security insight, that owuld be awesome.