Securing the MySQL / NFS Server
Purpose
The DCA cluster needs to have access to a MySQL and an NFS Shared Volume to support the storage of policies, events, avatars and data files.
A Firewall is Required
The MySQL / NFS Server should employ a firewall to prevent unauthorized access to services on the server but that allow the DCA cluster to access the server.
Required Services
Services to open for the MySQL / NFS support server
The Required Services are:
- ssh (Port 22)
- http (Port 80)
- https (Port 443)
- mysql (Port 3306)
- nfs (Ports 111,2049,32803)
The Uncomplicate Firewall (UFW) provides a simple solution for easily securing the Linix firewall on either fedora or debian based linux systems.
Using UFW
Using UFW to open the required ports for White Cloud Security
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw allow from 172.31.20.1/24 to any port 3306
sudo ufw default deny incoming
sudo ufw status