mongodb安全认证

mongodb完成安装部署后

1、登录mongodb数据库

[root@test local]# mongo --host 10.112.15.0

MongoDB shell version v4.0.20 connecting to: mongodb://10.112.15.0:27017/?gssapiServiceName=mongodb Implicit session: session { "id" : UUID("571c4e20-6bf9-4873-b567-e4d639240132") } MongoDB server version: 4.0.20 Welcome to the MongoDB shell. For interactive help, type "help". For more comprehensive documentation, see http://docs.mongodb.org/ Questions? Try the support group http://groups.google.com/group/mongodb-user Server has startup warnings: 2020-09-14T20:41:23.679+0800 I STORAGE [initandlisten] 2020-09-14T20:41:23.680+0800 I STORAGE [initandlisten] ** WARNING: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine 2020-09-14T20:41:23.680+0800 I STORAGE [initandlisten] ** See http://dochub.mongodb.org/core/prodnotes-filesystem 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database. 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted. 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] ** We suggest setting it to 'never' 2020-09-14T20:41:24.328+0800 I CONTROL [initandlisten] --- Enable MongoDB's free cloud-based monitoring service, which will then receive and display metrics about your deployment (disk utilization, CPU, operation statistics, etc). The monitoring data will be available on a MongoDB website with a unique URL accessible to you and anyone you share the URL with. MongoDB may use this information to make product improvements and to suggest MongoDB products and deployment options to you. To enable free monitoring, run the following command: db.enableFreeMonitoring() To permanently disable this reminder, run the following command: db.disableFreeMonitoring() --- >

2、创建用户名并设置权限

> use admin
switched to db admin
> db.createUser({user:"aa",pwd:"lBk%73j6@P",roles:["root"]})
Successfully added user: { "user" : "aa", "roles" : [ "root" ] }
> db.auth("aa","lBk%73j6@P")
1

3、修改配置文件

# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

# Where and how to store data.
storage:
  dbPath: /data/mongo
  journal:
    enabled: true
#  engine:
#  mmapv1:
#  wiredTiger:

# how the process runs
processManagement:
  fork: true  # fork and run in background
  pidFilePath: /var/run/mongodb/mongod.pid  # location of pidfile
  timeZoneInfo: /usr/share/zoneinfo

# network interfaces
net:
  port: 27017
  bindIp: 10.112.15.0

 # Enter 0.0.0.0,:: to bind to all IPv4 and IPv6 addresses or, alternatively, use the net.bindIpAll setting.  security: authorization: enabled #安全认证添加 #operationProfiling: #replication: #sharding: ## Enterprise-Only Options #auditLog: #snmp:

4、重启服务器

5、登录mongodb数据库

mongo --host 10.112.15.0 --port 27017 -u "aa" --authenticationDatabase "admin" -p'lBk%73j6@P'