Install  and  Secure phpMyAdmin 4.4.14  on CentOS, Red Hat, Fedora and Ubuntu  

phpMyAdmin is tool to manage administration of MySQL or MariaDB , This tool is written in php language and it free and open source tool.We can create, modify and delete and run the mysql query in  database.

Here this article will help in  installation of  latest phpMyAdmin tool version on different linux box like CentOS, Red Hat, Fedora and  some points to secure phpMyAdmin from unnecessary activity.  Latest phpMyAdmin version 4.4.14.1 is released on 2015-09-08  .

Find below steps to secure phpMyAdmin and Installation / Configuration of phpMyAdmin.

  • Install Remi Repository :

Currently phpMyAdmin latest version is updated on Remi Repository.So we are configuring through Remi repository.

We have already create steps to install Remi repository on our other post . Click on below link post  to get installation of Remi repository on different version of Linux based OS.

[box] Configure Additional YUM Repositories for CentOs , Red Hat and Fedora[/box]

  • Installing phpMyAdmin through remi :

After installing remi repository , run the below command to install phpMyAdmin .

# yum install phpMyAdmin –enablerepo=remi

  • Set up and Configure phpMyAdmin :

To configure phpMyAdmin , open the phpmyadmin configuration file thorugh below command.

vim /etc/httpd/conf.d/phpMyAdmin.conf

My phpMyAdmin configuration file look like below.

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
 AddDefaultCharset UTF-8

 <IfModule mod_authz_core.c>
 # Apache 2.4
 Require local
 </IfModule>
 <IfModule !mod_authz_core.c>
 # Apache 2.2
 Order Deny,Allow
 Deny from All
 Allow from 127.0.0.1
 Allow from ::1
 </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
 <IfModule mod_authz_core.c>
 # Apache 2.4
 Require local
 </IfModule>
 <IfModule !mod_authz_core.c>
 # Apache 2.2
 Order Deny,Allow
 Deny from All
 Allow from 127.0.0.1
 Allow from ::1
 </IfModule>
</Directory>

You need to first know that which system should be allow to access that url , default phpMyAdmin is alllowed only from localhost or local server. We need to give our IP or network, which should allow to access phpmyadmin web url. Here I have check my public ip and allowed in configuratiion like below. We need to change on first part of section in /usr/share/phpMyAdmin .There will be Allow from 127.0.0.1 , replace your public ip or network with 127.0.0.1.

If you want to see your public IP , you can check through below online url.

What is My IP ?

What is My IP Address ?

Now edit the configuration file.

<Directory /usr/share/phpMyAdmin/>
 AddDefaultCharset UTF-8

 <IfModule mod_authz_core.c>
 # Apache 2.4
 Require local
 </IfModule>
 <IfModule !mod_authz_core.c>
 # Apache 2.2
 Order Deny,Allow
 Deny from All
# Replace here with your IP or Network.I have replace with 172.24.254.0/24
 Allow from 172.24.254.0/24 
 Allow from ::1 
 </IfModule> 
 </Directory>

After updating your phpMyAdmin configuration file you need to restart apache service on your server through below command.

# /etc/init.d/httpd restart

 

Access URL for phpMyAdmin :

You can access your phpMyAdmin url like below url , you need to replace with domain name with your domain name . Replace www.techtransit.org  to your domain name.

 

https://www.techtransit.org/phpmyadmin
phpmyadmin_14_techtransit

How to Secure  phpMyAdmin ?

As we have seen sometimes in server there were some unusual request to access phpMyAdmin like /phpmyadmin or /pma . To avoid uncecessary activity , we are sharing some points to secure phpMyAdmin.

  • Change Alias name :

Edit your phpmyadmin configuration file  and change alias access name like below.

vim /etc/httpd/conf.d/phpMyAdmin.conf

 

From
Alias /phpMyAdmin /usr/share/phpMyAdmin

Alias /phpmyadmin /usr/share/phpMyAdmin

To

Alias /techdbadmin /usr/share/phpMyAdmin

Alias /techdbadmin /usr/share/phpMyAdmin
  • Not allow remote logins , important thing is if you need like root permissions, create a mysql user which have permission to add , create and drop privileges and don’t give grant or file_priv permission.
  • Try to configure url with SSL or Self signed SSL .
  • Try to allow through IP Address like we have set in installation configuration , that is allow  from IP. Which should be trusted network.
  • Firewall port 3306 is only allow for trusted network.
  • Not allow to access phpMyAdmin through shared ip or predictable file location like http://Your-server-ip/phpmyadmin.

 

Thanks ,

By Sachin G

I am a professional freelance contributor and founder of tech transit. Love to write and lover of education, culture, and community. I have been using it, setting, supporting, and maintaining it since 2009.Linux rocks! Sachin G Follow me on LinkedIn and x formerly twitter