我正在想办法解决这个问题。基本上,我不希望我们服务器之外的任何人都能够尝试连接到我们的数据库。因此,我在 my.conf 中添加了以下内容:
skip-networking
skip-networking以下是未启用时得到的结果:
tcp6 0 0 :::3306 :::* LISTEN 6957/mysqld
unix 2 [ ACC ] STREAM LISTENING 3911682 6957/mysqld /var/run/mysqld/mysqld.sock
..但是当我添加它时,它会带走端口 3306 上的“监听”:
sudo netstat -lnp | grep mysql
unix 2 [ ACC ] STREAM LISTENING 3909565 7356/mysqld /var/run/mysqld/mysqld.sock
我的监控脚本非常简单:
check process mysqld with pidfile /var/run/mysqld/mysqld.pid
group database
group mysql
start program = "/etc/init.d/mysql start"
stop program = "/etc/init.d/mysql stop"
if failed host localhost port 3306 protocol mysql with timeout 15 seconds for 3 times within 4 cycles then restart
if failed unixsocket /var/run/mysqld/mysqld.sock protocol mysql for 3 times within 4 cycles then restart
if 5 restarts with 5 cycles then timeout
depend mysql_bin
depend mysql_rc
check file mysql_bin with path /usr/sbin/mysqld
group mysql
include /etc/monit/templates/rootbin
check file mysql_rc with path /etc/init.d/mysql
group mysql
include /etc/monit/templates/rootbin
有什么建议吗?我真的想保持skip-networking开启状态,但如果这会停止 Monit 工作,我们可能别无选择(除非有解决方法)
更新:如果我按照建议删除以下行:
if failed host localhost port 3306 protocol mysql with timeout 15 seconds for 3 times within 4 cycles then restart
然后,当我重新启动 Monit 时,出现此错误:
[UTC Oct 9 13:00:45] error : 'mysqld' process is not running
[UTC Oct 9 13:00:45] info : 'mysqld' trying to restart
[UTC Oct 9 13:00:45] info : 'mysqld' start: /etc/init.d/mysql
[UTC Oct 9 13:01:15] error : 'mysqld' failed to start (exit status 127) -- /etc/init.d/mysql: Cannot execute --sync_binlog=0
更新2:好吧,这不是我想到的解决方案 - 但效果是一样的。我所做的就是关闭 3306 端口除了127.0.0.1 ,这意味着它只允许来自服务器的传入流量,而不允许外部流量。然后我skip-networking 从 my.cnf 中删除了该部分,因为我现在不想关闭网络
谢谢
安迪
答案1
您可以绑定到 127.0.0.1,但请记住只有接口才能访问 mysql。