Page 1 of 1
Ubuntu install DB Firewall ports open
Posted: Mon Mar 06, 2017 9:46 pm
by jimmyeao
On a new Ubuntu install I notice the firewall ports for the DB are open (3306,5432). I don't need to remotely connect to mysql, am I safe to disable this rule?
Re: Ubuntu install DB Firewall ports open
Posted: Tue Mar 07, 2017 9:33 am
by LouisUK
Yes.
Re: Ubuntu install DB Firewall ports open
Posted: Mon Mar 13, 2017 6:52 am
by plutocrat
I think this should be disabled by default. If you're techy enough to know what you're doing, then you can turn it on. But most people are not techy, so they install VestaCP without knowing their database is open to the internet. And also techy people are likely to choose bad database passwords, which means they are at increased risk of getting hacked.
Golden rule of security: if you're not using it, turn it off.
I notice too that database users are created with two accounts. One allows them to connect from localhost, which is expected. The other allows them to connect from ANY HOST. Once again, these accounts shouldn't be enabled by default, just the localhost ones. And once again, if you're techy enough to know that you need to connect to a database from a remote host, you're going to be able to enable this yourself, and you'd likely restrict it to a known IP or IP range rather than allow ALL. But anyway, if you've already disabled the firewall rule, then this is less of an issue.