mongodb安全認證
阿新 • • 發佈:2020-09-14
mongodb完成安裝部署後
1、登入mongodb資料庫
[root@mvpemen-gm-server-gcp-lowa local]# mongo --host 10.128.0.11 MongoDB shell version v4.0.20 connecting to: mongodb://10.128.0.11:27017/?gssapiServiceName=mongodb Implicit session: session { "id" : UUID("571c4e20-6bf9-4873-b567-e4d639240132") } MongoDB server version: 4.0.20 Welcome to the MongoDB shell. For interactive help, type"help". For more comprehensive documentation, see http://docs.mongodb.org/ Questions? Try the support group http://groups.google.com/group/mongodb-user Server has startup warnings: 2020-09-14T20:41:23.679+0800 I STORAGE [initandlisten] 2020-09-14T20:41:23.680+0800 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem isstrongly recommended with the WiredTiger storage engine 2020-09-14T20:41:23.680+0800 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled forthe database. 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted. 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] --- Enable MongoDB's free cloud-based monitoring service, which will then receive and display metrics about your deployment (disk utilization, CPU, operation statistics, etc). The monitoring data will be available on a MongoDB website with a unique URL accessible to you and anyone you share the URL with. MongoDB may use this information to make product improvements and to suggest MongoDB products and deployment options to you. To enable free monitoring, run the following command: db.enableFreeMonitoring() To permanently disable this reminder, run the following command: db.disableFreeMonitoring() --- >
2、建立使用者名稱並設定許可權
> use admin switched to db admin > db.createUser({user:"sxgamepro",pwd:"lBk%73j6@P",roles:["root"]}) Successfully added user: { "user" : "sxgamepro", "roles" : [ "root" ] } > db.auth("sxgamepro","lBk%73j6@P") 1
3、修改配置檔案
# mongod.conf # for documentation of all options, see: # http://docs.mongodb.org/manual/reference/configuration-options/ # where to write logging data. systemLog: destination: file logAppend: true path: /var/log/mongodb/mongod.log # Where and how to store data. storage: dbPath: /data/mongo journal: enabled: true # engine: # mmapv1: # wiredTiger: # how the process runs processManagement: fork: true # fork and run in background pidFilePath: /var/run/mongodb/mongod.pid # location of pidfile timeZoneInfo: /usr/share/zoneinfo # network interfaces net: port: 27017 bindIp: 10.128.0.11 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting. security: authorization: enabled #安全認證新增 #operationProfiling: #replication: #sharding: ## Enterprise-Only Options #auditLog: #snmp:
4、重啟伺服器
5、登入mongodb資料庫
mongo --host 10.128.0.11 --port 27017 -u "sxgamepro" --authenticationDatabase "admin" -p'lBk%73j6@P'