Tag Archives: Security

Installing MySQL 8.0.22 CE and phpMyAdmin 5.0.4 on Debian 10

Quite recently I had decided to set up a VM with a database server in my home lab. My preferred server OS is Debian Linux (esp. since Red Hat announced the end of CentOS) and I wanted a recent version of MySQL, together with phpMyAdmin of course.

The MySQL installation was done following the instructions from here. Please make sure to check the MySQL page for the current version of mysql-apt-config_x.x.x-x_all.deb. The version mentioned in the article as an example is outdated.

For phpMyAdmin I followed the instructions from Digital Ocean, since I have had good experiences with other such documents from them. That document is meant for MariaDB, so things should work. Of course, you need to adjust the database command from mariadb to mysql, but that wasn’t too hard :-).

What did  not work, though, was the command to create the pma user for phpMyAdmin, which created the following output:

mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON phpmyadmin.* TO 'pma'@'localhost' IDENTIFIED BY 'PASSWORD';

ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED BY 'PASSWORD'' at line 1

The underlying reason is that MySQL 8 does not allow the implicit creation of users anymore. So you have to split the command into the creation and the grant of rights like this:

mysql> create user 'pma'@'localhost' IDENTIFIED BY 'PASSWORD';
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON phpmyadmin.* TO 'pma'@'localhost';
Query OK, 0 rows affected (0.00 sec)

The rest of the preparation went smoothly and soon I was presented with the login screen. However, I could not log in, but got the following error:

mysqli_real_connect(): The server requested authentication method unknown to the client [caching_sha2_password]

This is caused by a change of the default authentication in MySQL. To go back to the old way for a particular user, you can issue the following command in MySQL:

mysql> alter user 'pma'@'localhost' identified with mysql_native_password by 'PASSWORD';

With that change I was able to log on the phpMyAdmin. It should be noted, though, that this change has security implications. So please check this article if that approach is ok for you.

pfSense Upgrade to 2.4.4 p1

Just a few short lines to let you know that for me the upgrade from plain 2.4.4 to p1 went really smooth.

I have the following plugins installed:

  • bandwidthd (0.7.4_1)
  • iftop (0.17_2)
  • net-snmp (0.1.5_2)
  • ntopng (0.8.13_3)
  • Open-VM-Tools (10.1.0,1)
  • suricata (4.0.13_11)

All plugins had been updated some time ago and thus prior to the pfSense core, which is not recommended. In my case, though, it did not cause any issues. This was a pleasant difference to the upgrade from 2.4.3 to 2.4.4 (also see this video on YouTube), where the fact that plugins had been installed was cause for a completely broken system after the upgrade.

Installing Pi-hole on top of dnsmasq

Pi-hole is a great and easy addition to security. The automated installation is a nice thing, but did not work on my system. The core of the problem was that I wanted to install it on a Rasperry Pi that already had dnsmasq running  on it. And of course that dnsmasq was configured to provide DNS services to the Pi. What then happened was that, as an early step of the installation, the dnsmasq daemon was stopped. Logically, the Pi-hole download that was supposed to to take place, did not work.

After a few tests the following approach showed to work

  • Disable dnsmasq via sudo systemctl stop dnsmasq.service
  • Update /etc/resolv.conf to point to the DNS server in my router or something like 1.1.1.1 (dnsmasq sets it to 127.0.0.1 on every start or stop)
  • Start the Pi-hole installation normally

Enjoy!