Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

(Home > User Guides (my.armor.com) > Vormetric Encryption: User Guides and Training Videos > Configure startup scripts to access encrypted MySQL databases)

Error rendering macro 'excerpt-include' : No link could be created for 'my.armor.com users only (snippet)'.

Introduction

This topic explains how to configure a Vormetric resource set to securely allow MySQL startup scripts to access encrypted GuardPoints.

Why do startup scripts need access to GuardPoints?

When Linux starts a service, Linux also runs a startup script. The startup script runs when the machine powers on or when a service manually starts. The startup script typically runs tasks that relate to the starting, stopping, and restarting of a service.

For database services, the startup script typically runs tasks that occur in folders that hold database files. With encrypted database files, you must allow the startup script to access the database folders. If not, the database will not start properly, and in some cases, interfere with the power on process for the machine. 

As part of the startup process, the operating system needs permission to view and change file / folder ownership and permissions. As a result, you must create a rule that allows the following accessibility:

Common GuardPoints

The system needs to access the commonly guarded (encrypted) folders inside of /var/lib/mysql.

Access to GuardPoints

The resource is relative to the GuardPoint. In other words, if the GuardPoint is /var/lib/mysql, and you want to allow access to a particular file in that directory, you would only need to specify that specific file in your resource parameter.

For instance if the GuardPoint is /var/lib/mysql/, then your resource would only be mysql.sock.

Allow startup scripts to access encrypted MySQL databases

  1. Log into your DSM as Security Administrator. 

  2. In the menu bar, click Polices, and then click Manage Policies. 

  3. Mark the policy that guards your databases, such as /var/ib/sql/data, and then click Add

  4. Under Security Rules, click Add.  

  5. Next to Resource, click Select

  6. In the window that appears, click Add

  7. In Name, enter a descriptive name for your Resource Set. 

  8. Click Add to specify a resource that will need to be accessed in the GuardPoint upon startup. 

  9. In Directory, enter a slash:  \

  10. In File, enter the specified file that needs to be accessed upon startup, and then click Ok. These resource must be added one at a time.

  11. (Optional) To add resources, repeat steps 8 - 10.

  12. Mark the newly created Resource Set, and then click Select Resource Set. In the window that appears, Resource is populated with the newly created Resource Set. 

  13. Next to Effect, click Select

  14. Mark Permit

  15. Click Select Effect

  16. Click Ok

  17. Mark the rule, and then click Up to move the new rule above the catch-all rule. 

  18. Click Ok, and then click Apply to save the changes. 

  19. (Optional) You should test to make sure your system is running properly. 

  • No labels