The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

The MySQL service is currently configured to listen on all interfaces

Discussion in 'General Discussion' started by Tom Risager, May 20, 2016.

  1. Tom Risager

    Tom Risager Well-Known Member

    Joined:
    Jul 10, 2012
    Messages:
    107
    Likes Received:
    3
    Trophy Points:
    18
    Location:
    Copenhagen, Denmark, Denmark
    cPanel Access Level:
    Root Administrator
    I am getting this red-highlighted error in the security advisor on two cPanel servers:

    "The MySQL service is currently configured to listen on all interfaces: (bind-address=*)
    Configure bind-address=127.0.0.1 in /etc/my.cnf"

    Both servers are running MariaDB 10.0

    The database setup was done using cPanel-provided scripts, not manually, so I'm wondering why it has been configured to listen to all interfaces in the first place. Is it safe to go ahead and make the suggested change?
     
    Ra1n3R likes this.
  2. Ra1n3R

    Ra1n3R Registered

    Joined:
    Aug 22, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Germany
    cPanel Access Level:
    Root Administrator
    Same here, after the last update (.56 build 20), but under mysql 5.6.30 . I didn't change anything before this last update.
     
    #2 Ra1n3R, May 20, 2016
    Last edited: May 20, 2016
  3. adon7969

    adon7969 Registered

    Joined:
    May 20, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Turkey
    cPanel Access Level:
    Root Administrator
    Hi
    have the same issue.
     
  4. hushnun

    hushnun Registered

    Joined:
    Mar 14, 2016
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Netherlands
    cPanel Access Level:
    Root Administrator
    Same here, should we put in the entry bind-address=127.0.0.1 into /etc/my.cnf?
     
  5. gmedia01

    gmedia01 Registered

    Joined:
    Aug 24, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    What did you guys find out with this message?

    Chris
     
  6. Legendary

    Legendary Member

    Joined:
    Aug 13, 2015
    Messages:
    24
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    US
    cPanel Access Level:
    Root Administrator
    Only if you want to restrict MySQL access to applications/software hosted on the same server. Remote MySQL won't work if you add that line to my.cnf.
     
  7. AM2015

    AM2015 Member

    Joined:
    Jan 1, 2015
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I don't know but I couldn't find any reason not to - so I added that line & restarted MySQL... and as far as I can tell everything on my server still works. So it seems like a good idea. I'm currently running MySQL v. 5.6.30

    I do wish that the Security Advisor would be more informative with its alerts -- a link to a help page with a simple explanation as to what the risks created are, and what circumstances might be reasons not to implement the suggested change -- would be nice.
     
  8. jettdigitals

    jettdigitals Member

    Joined:
    Nov 17, 2014
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    East Tawakoni, Texas, United States
    cPanel Access Level:
    Root Administrator
    Same here, since this was "high alert" got text message and woke me up way too early:) Simple link to a help page would have allowed me to get back to sleep...
     
  9. HowardE

    HowardE Member

    Joined:
    Aug 8, 2015
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Florida
    cPanel Access Level:
    Root Administrator
    Other than this, going to the /etc/my.cnf file and adding

    bind-address=127.0.0.1

    then restarting MySQL (home > Restart Services > SQL Server (MySQL)) you should be good.
     
  10. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    123
    Likes Received:
    36
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    I also suddenly got this warning (email and Security Advisor) after updating to cPanel from 56.0.17 to 56.0.18

    I added the line in my.cnf as instructed and restarted MySQL (5.6.30) and everything appears to be working fine, but I have not tried rebooting the server to see if the change to my.cnf is persistent.
     
  11. morrow95

    morrow95 Well-Known Member

    Joined:
    Oct 8, 2006
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    Add me to the list as well. High alerts early this morning and in my case MariaDB on remote server. Correct me if I am wrong, but when you setup remote database you are supposed to comment out 'bind-address' - at least that is what I remember - right?

    I agree with with everyone else, a link with more information and possible caveats such as this would go a long way.
     
  12. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    123
    Likes Received:
    36
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Perhaps my following comments would best be split into a new thread - but since they sort of started here, I shall leave it to the forum staff to decide:

    The Home » Security Center » Security Advisor loops through a list of built-in assessors which report to screen.
    The Home » Server Contacts » Contact Manager > Notifications has just one switch (Security Advisor State Change) that covers all the Assessors.

    I have no idea why the Assessors started to bitch about MySQL bind addresses, I could see nothing in the change logs that indicated something would provoke this new behavior.

    Nevertheless, perhaps what we need to see is either a new interpretation of the Contact Manager/Notifications that breaks out all the Assessors into the same screen and then has an extra column for the admin to include in either the alert list and/or the security advisor

    >>OR<<

    The equivalent of the Contact Manager/Notifications page but exclusively for the Security Assessors with simple toggle states beside each

    >>OR<<

    Some flat file or database that can be edited to decide which assessors are included in the Security Advisor tests.
     
    dwM and Ra1n3R like this.
  13. Ra1n3R

    Ra1n3R Registered

    Joined:
    Aug 22, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Germany
    cPanel Access Level:
    Root Administrator
    any news about it?
     
  14. dalem

    dalem Well-Known Member
    PartnerNOC

    Joined:
    Oct 24, 2003
    Messages:
    2,577
    Likes Received:
    40
    Trophy Points:
    48
    Location:
    SLC
    cPanel Access Level:
    DataCenter Provider
    Choose to ignore as you should be running a firewall with the mysql port closed with remote mysql users IP's white-listed anyway, so its really not a security issue.

    If you have no use for remote MySQL then yes enable it

    But I would bet many Operators have remote MySQL users I know we do as well as MySQL replication and it would break them all.


    So maybe the check needs to be rewritten so it checks to see if the MySQL port is even open before scarring all the novice users :(
     
    MaraBlue and AM2015 like this.
  15. alexzorba

    alexzorba Registered

    Joined:
    May 22, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    kuwait
    cPanel Access Level:
    Root Administrator
    I received the following message from cpanel

    The MySQL service is currently configured to listen on all interfaces: (bind-address=*) Configure bind-address=127.0.0.1 in /etc/my.cnf

    Can someone explain whats this error means ?

    How to bind address here in 127.0.0.1 ?

    Does it affect my remotemysql ?
     
  16. Tool Outfitters

    Joined:
    Nov 13, 2007
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    It appears that the default used to be bind-address=0.0.0.0.

    Source: MySQL :: MySQL 5.6 Reference Manual :: 5.1.3 Server Command Options
     
  17. Michael-Inet

    Michael-Inet Active Member

    Joined:
    Feb 20, 2014
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Austin, TX, USA
    cPanel Access Level:
    Root Administrator
    > the default used to be bind-address=0.0.0.0.
    > If the address is 0.0.0.0, the server accepts TCP/IP connections on all server host IPv4 interfaces. This is the default before MySQL 5.6.6.

    > If the address is *, the server accepts TCP/IP connections on all server host IPv6 and IPv4 interfaces

    Basically nothing changed to the config, but now we get high alert spammed by cPanel to break everyone's remote MySQL setups :(


    Nice Job cPanel!
     
    MaraBlue likes this.
  18. Gauravk

    Gauravk Well-Known Member

    Joined:
    Jan 23, 2012
    Messages:
    63
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    After so many replies, nobody care to answer this properly on how to get rid of this issue!
    I am not as techy as few guys here but managing a car community and scared if this might cause a security issue?

    I have below two issues and appreciate if someone can explain properly how to get rid of this bind-address?

    Thanks in advance.
    1. No symlink protection detectedYou do not appear to have any symlink protection enabled on this server. You can protect against this in multiple ways. Please review the following documentation to find a solution that is suited to your needs.

    2. The MySQL service is currently configured to listen on all interfaces: (bind-address=*)Configure bind-address=127.0.0.1 in /etc/my.cnf
     
  19. Michael-Inet

    Michael-Inet Active Member

    Joined:
    Feb 20, 2014
    Messages:
    32
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Austin, TX, USA
    cPanel Access Level:
    Root Administrator

    Hi Gauravk,

    You will need to confer with whoever setup your cPanel/WHM software AND whoever has setup the rest of your IT infrastructure to determine this, as anybody outside of your organization won't know enough to tell you what to do. It's basically a binary decision:

    - IF! your MySQL service is used by NO applications/processes/backups that are external to your server then just follow the instructions given in the cPanel message.

    - DO NOT follow the instructions given in the cPanel message if your MySQL service is used by anything external to your server.

    Hope that helps.

    Best,
    Michael
     
  20. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Internal case CPANEL-6125 is open to address the confusion generated when Security Advisor issues a warning about MySQL listening on all interfaces. There's currently no specific time frame to offer on a resolution, but I will update this thread as more information becomes available. The current workaround is to manually add the "bind-address=127.0.0.1" line to your /etc/my.cnf file and then restart the MySQL server. Note that MySQL will listen for TCP/IP connections only locally on the loopback interface and will not accept remote connections when this line is added to the /etc/my.cnf file.

    Thank you.
     
Loading...

Share This Page