Configuring MongoDB Security in Ubuntu 20.04

To configure MongoDB security on Ubuntu 20.04, you need to create a user with admin rights, configure authentication and test it. MongoDB (Mongo) is a database that belongs to NoSQL and stores JSON with dynamic schemas.

Why do I need to configure MongoDB security in Ubuntu 20.04

Mongo's security problem is there is no authentication out of the box. Any user who has access to the server from the database can add and delete data without restrictions. This seriously affects security. It is for this reason that to protect against the MongoDB vulnerability in Ubuntu 20.04, it is necessary:

- create a user with admin rights and access to the database;

- enable authentication;

- check authentication using tests.

What is needed to configure Mongo security

1, MongoDB database on the server.

2. Ubuntu 20.04 server without root users, but with a firewall.

Step-by-step instructions for configuring MongoDB security:

Add a user with admin rights. You can do this without additional settings, because authentication is disabled by default. Creating a user with the db.createUser(. In fact, you are creating a JSON file with data (name, password, role). After creating the user, we exit the MongoDB client using the exit command.

Activate authentication in the MongoDB config file mongod.conf. To do this, find security in the configs and select

security:

authorization: "enabled"

To activate the changes in the configs, restart the daemon.

At the final stage, we check the Mongo authentication settings. You can check access restrictions using the show dbs command. If the authentication of the user with the previously specified rights is not performed, the system will not give access to the database.