By default, poort 27017 is used and the daemon is non-authenticted. Everyone can access your databases when access to port 27017 is public, internally or externally.
So, how can you secure the MongoDB server?
Change the bindIp
vi /etc/mongodb.conf
# network interfaces
net:
port: 27017
bindIp: 192.168.2.250 ( your local ipaddress and not 127.0.0.1 )
Save the configuration
Restart mongod: service mongod restart ( or systemctl restart mongod )
Check the open ports
netstat -tulpn
tcp 0 0 192.168.2.250:27017 0.0.0.0:* LISTEN 13750/mongod
Create the user administrator
open the mongo shell in linux:
mongo –port 27017
use admin
db.createUser({user:”MongoUserAdmin”,pwd:”fillinyourpassword”, roles:[{role:”userAdminAnyDatabase”,db:”admin”}]})
When you see “Successfully added user”, the user is added.
exit
Enable security
vi /etc/mongodb.conf
security:
authorization: enabled
Save the configuration
Restart mongod: service mongod restart ( or systemctl restart mongod )
Login into the database
mongo -u MongoUserAdmin -p fillinyourpassword –authenticationDatabase admin
use yourdatabase
Create the databaseuser
db.createUser(
{
user: “databaseuser”,
pwd: “yourpassword”,
roles: [ { role: “readWrite”, db: “yourdatabase” } ]
}
)
Views: 394