====== MariaDB CentOS Instalação ======
===== Instalação e configuração inicial =====

<file bash>
# yum install mariadb-server mariadb
</file>

Iniciando os serviços e colocando para iniciar com o sistema.
<file bash>
# systemctl start mariadb.service
# systemctl enable mariadb.service
ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-user.target.wants/mariadb.service'
</file>

Verificando os serviços.
<file bash>
# systemctl list-unit-files --type=service | grep mariadb.service
mariadb.service
</file>

<file bash>
# systemctl is-enabled mariadb.service
enabled
</file>

<file bash>
# systemctl status mariadb.service
mariadb.service - MariaDB database server
   Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled)
   Active: active (running) since Sáb 2015-04-25 11:55:37 BRT; 3min 25s ago
 Main PID: 22449 (mysqld_safe)
   CGroup: /system.slice/mariadb.service
           ├─22449 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
           └─22606 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-fi...

Abr 25 11:55:35 db.rascunhos.wiki.br mariadb-prepare-db-dir[22370]: The latest information about MariaDB is available at http://mariadb.org/.
Abr 25 11:55:35 db.rascunhos.wiki.br mariadb-prepare-db-dir[22370]: You can find additional information about the MySQL part at:
Abr 25 11:55:35 db.rascunhos.wiki.br mariadb-prepare-db-dir[22370]: http://dev.mysql.com
Abr 25 11:55:35 db.rascunhos.wiki.br mariadb-prepare-db-dir[22370]: Support MariaDB development by buying support/new features from MariaDB
Abr 25 11:55:35 db.rascunhos.wiki.br mariadb-prepare-db-dir[22370]: Corporation Ab. You can contact us about this at sales@mariadb.com.
Abr 25 11:55:35 db.rascunhos.wiki.br mariadb-prepare-db-dir[22370]: Alternatively consider joining our community based development effort:
Abr 25 11:55:35 db.rascunhos.wiki.br mariadb-prepare-db-dir[22370]: http://mariadb.com/kb/en/contributing-to-the-mariadb-project/
Abr 25 11:55:35 db.rascunhos.wiki.br mysqld_safe[22449]: 150425 11:55:35 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
Abr 25 11:55:35 db.rascunhos.wiki.br mysqld_safe[22449]: 150425 11:55:35 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Abr 25 11:55:37 db.rascunhos.wiki.br systemd[1]: Started MariaDB database server.
</file>

Configurações de seguramças.
<file bash>
# mysql_secure_installation 
/usr/bin/mysql_secure_installation: line 379: find_mysql_client: comando não encontrado

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
</file>

Acessando.
<file bash>
# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.41-MariaDB MariaDB Server

Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> 
</file>

===== Configurando o firewall =====
<file bash>
# firewall-cmd --add-rich-rule 'rule family="ipv4" source address="172.16.200.0/24" service name="mysql" accept' --permanent
success
</file>
<file bash>
# firewall-cmd --reload
success
</file>
<file bash>
# firewall-cmd --list-all
public (default, active)
  interfaces: enp0s3
  sources: 
  services: dhcpv6-client ssh
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules: 
	rule family="ipv4" source address="172.16.200.0/24" service name="mysql" accept
</file>

===== Listando as databases. =====

<file sql>
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)
</file>

===== Listando os usuários. =====

<file sql>
MariaDB [(none)]> SELECT Host,User FROM mysql.user;
+-----------+------+
| Host      | User |
+-----------+------+
| 127.0.0.1 | root |
| ::1       | root |
| localhost | root |
+-----------+------+
3 rows in set (0.00 sec)
</file>

===== Configuração do rotacionamento dos logs. =====
<file bash>
# touch /root/.my.cnf
# chmod 400 /root/.my.cnf
# chcon -u system_u /root/.my.cnf
</file>

<code bash>
# cat .my.cnf 
[mysqladmin]
password=senha
user=root
</code>

<code bash>
# cat /etc/logrotate.d/mariadb 
# This logname can be set in /etc/my.cnf
# by setting the variable "log-error"
# in the [mysqld_safe] section as follows:
#
# [mysqld_safe]
# log-error=/var/log/mariadb/mariadb.log
#
# If the root user has a password you have to create a
# /root/.my.cnf configuration file with the following
# content:
#
# [mysqladmin]
# password = <secret> 
# user= root
#
# where "<secret>" is the password. 
#
# ATTENTION: This /root/.my.cnf should be readable ONLY
# for root !

# Then, un-comment the following lines to enable rotation of mysql's log file:

/var/log/mariadb/mariadb.log {
        create 640 mysql mysql
        notifempty
	daily
        rotate 3
        missingok
        compress
    postrotate
	# just if mysqld is really running
	if test -x /usr/bin/mysqladmin && \
	   /usr/bin/mysqladmin ping &>/dev/null
	then
	   /usr/bin/mysqladmin flush-logs
	fi
    endscript
}
</code>

===== Criando usuário =====
Usuário com privilégios administrativos local e para uma rede expecífica
<file sql>
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'gean'@'localhost' IDENTIFIED BY 'senha' WITH GRANT OPTION;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'gean'@'172.16.200.%' IDENTIFIED BY 'senha' WITH GRANT OPTION;
</file>

<file sql>
MariaDB [(none)]> SELECT User, Host FROM mysql.user WHERE Host <> 'localhost';
+------+--------------+
| User | Host         |
+------+--------------+
| root | 127.0.0.1    |
| gean | 172.16.200.% |
| root | ::1          |
+------+--------------+
3 rows in set (0.00 sec)
</file>

<file sql>
MariaDB [(none)]> SHOW GRANTS FOR gean@localhost;
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for gean@localhost                                                                                                              |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'gean'@'localhost' IDENTIFIED BY PASSWORD '*3C26A44D501AA55F635147A721BF1121626A028D' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
</file>

<file sql>
MariaDB [(none)]> SHOW GRANTS FOR 'gean'@'172.16.200.%';
+-------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for gean@172.16.200.%                                                                                                              |
+-------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'gean'@'172.16.200.%' IDENTIFIED BY PASSWORD '*3C26A44D501AA55F635147A721BF1121626A028D' WITH GRANT OPTION |
+-------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
</file>

Teste local e remoto.
<file bash>
# mysql -u gean -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 16
Server version: 5.5.41-MariaDB MariaDB Server

Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> 
</file>
<file sql>
MariaDB [(none)]> SHOW GRANTS FOR CURRENT_USER();
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for gean@localhost                                                                                                              |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'gean'@'localhost' IDENTIFIED BY PASSWORD '*3C26A44D501AA55F635147A721BF1121626A028D' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

MariaDB [(none)]> 
</file>

<file bash>
# mysql -h 172.16.200.230 -u gean -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 18
Server version: 5.5.41-MariaDB MariaDB Server

Copyright (c) 2000, 2014, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> 
</file>

<file sql>
MariaDB [(none)]> SHOW GRANTS FOR CURRENT_USER();
+-------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for gean@172.16.200.%                                                                                                              |
+-------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'gean'@'172.16.200.%' IDENTIFIED BY PASSWORD '*3C26A44D501AA55F635147A721BF1121626A028D' WITH GRANT OPTION |
+-------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

MariaDB [(none)]> 
</file>

<file bash>
# ss -nat | grep 3306
LISTEN     0      50                        *:3306                     *:*     
ESTAB      0      0            172.16.200.230:3306        172.16.200.240:56914 
</file>