Skip to content

Securing the MySQL / NFS Server

Purpose

The DCA cluster needs to have access to a MySQL and an NFS Shared Volume to support the storage of policies, events, avatars and data files.

A Firewall is Required

The MySQL / NFS Server should employ a firewall to prevent unauthorized access to services on the server but that allow the DCA cluster to access the server.

Required Services

Services to open for the MySQL / NFS support server

The Required Services are:

  • ssh (Port 22)
  • http (Port 80)
  • https (Port 443)
  • mysql (Port 3306)
  • nfs (Ports 111,2049,32803)

The Uncomplicate Firewall (UFW) provides a simple solution for easily securing the Linix firewall on either fedora or debian based linux systems.

Using UFW

Using UFW to open the required ports for White Cloud Security

    sudo ufw default allow outgoing
    sudo ufw allow ssh
    sudo ufw allow http
    sudo ufw allow https
    sudo ufw allow from 172.31.20.1/24 to any port 3306
    sudo ufw default deny incoming
    sudo ufw status