Friday, February 3, 2017

mongodb security

windows 2012 server mongodb security set:

user name: hoogw
password:  aaaa1111

------------------------------------------
Node.js

http://mongodb.github.io/node-mongodb-native/2.0/tutorials/connecting/

var url = 'mongodb://hoogw:aaaa1111@localhost:27017/myproject';

-------------------------------------------------


PHP:


DatabaseFactory.php

$m = new MongoClient("mongodb://$username:$password@localhost", array("db" => $mDB_name));


=============================================================

1) windows firewall

    inbound rules, add new rule --- "mongodb_27017_block"
    which block port 27017




2)   bindip

      open config file, at
       c:\data\config\mongod.cfg

add:

net:
    bindIp: 127.0.0.1
    port: 27017

Note: the property should after 2 space.



3) Add authentication
open config file, at
       c:\data\config\mongod.cfg

add:

security:
 authorization: enabled
yaml do NOT accept tab, you must use space instead of tab

    systemLog:
        destination: file
        path: c:\data\log\mongod.log
    storage:
        dbPath: c:\data\db
    security:
         authorization: enabled
    net:
        bindIp: 127.0.0.1
        port: 27017

above is my mongod.cfg file,
for example between security: and authorization, must be space, tab is invalid will give you the error above on title.

[validate yaml][1]


  [1]: http://codebeautify.org/yaml-validator



4)  follow these steps to enable authorization



+++++++++++++++++++++++   open cmd +++++++++++++++++++++++++++

cd C:\Program Files\MongoDB\Server\3.0\bin

mongo.exe

use admin

db.createUser({ user: "hoogw", pwd: "aaaa1111", roles: [{ role: "userAdminAnyDatabase", db: "admin" }] })

****** verify the admin user has been created ***********
db.auth("hoogw", "aaaa1111")

=================================================

********* add security: authorization to mongod.cfg file *********************

*** re-install  *******
cd C:\Program Files\MongoDB\Server\3.0\bin
mongod.exe --config "C:\data\config\mongod.cfg" --install

******** start mongoDB service ***********
net start MongoDB




-------------------- after enable authrization --------------
use admin
db.auth("hoogw", "aaaa1111")

use civilgis

db.createUser({ user: "civilgis_user", pwd: "aaaa1111", roles: [{ role: "dbOwner", db: "civilgis" }] })


db.auth("civilgis_user", "aaaa1111")


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++









===========================================

How to Know if You've Been Hacked?

  • Check the MongoDB accounts to see if no one added a secret (admin) user.
  • Check the GridFS to look if someone stored any files there.
  • Check the log files to see who accessed the MongoDB.

How to Protect Yourself?

  • Enable authentication that provides you 'Defense in depth' if your network is compromised. Edit your MongoDB configuration file — auth = true.
  • Use firewalls — Disable remote access to the MongoDB, if possible. Admins are advised to use firewalls to protect the MongoDB installations by blocking access to port no. 27017.
  • Configure Bind_ip — Limit access to the server by binding local IP addresses.
  • Upgrade — Administrators are strongly recommended to upgrade their software to the latest release.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)