Library

Securing a Windows Installation

From MangosWiki

A) Do not use a super or root user in the Mangos database connections

B) When running Mangos (either interactively or as a Service), run it as a user that belongs to only the Users group

C) Secure your NTFS permissions to only what the user in B) requires

For A): This needs to be done after you have created the base databases (they do not have to be populated or have any tables, but you need to have the databases created before you can assign permissions).

Create a new user in MySQL. In the "host" field for the new user, provide the exact IP address of the server Mangos will be running on (if Mangos and MySQL are on the same computer, enter 127.0.0.1). So, for example, your user would be wow@192.168.0.100. Do not provide this user with any server-level permissions. Don't forget to use a secure password!

Using Sqlyog, go to Tools -> User Manager -> Manage Permissions. In the Username field, drop it down to the user you just created. For each of the four databases (Characters, Mangos, Realmd, and ScriptDev2), select only the following fields: Select, Insert, Update, Delete, Index

None of the other options are required.

In your mangosd.conf, realmd.conf, and ScriptDev2.conf files, use the above username and password for your database connections.

For B): Create a use Windows user. Leave it in the default Users group. If you run Mangos interactively (e.g. you double click on the executables to run Mangos/Realmd), just log into Windows with this user or right click on the executables and choose Run As.

If you run Mangos as a service, install the services as you normally would (e.g. realmd -s install, mangosd -s install). Open up services.msc. Find the Mangos World service and double click it. Go to the Log On tab. Click on the "This account" radio button. Hit Browse and then type in the newly created username. Click OK. Type in the Password for the new user and confirm the password. Click OK. Repeat for the Mangos Realmd service.

Doing the above requires configuring NTFS permissions, so onto C)...

C): Assuming your Mangos installation is at C:\Mangos, the user needs the following NTFS permissions: At C:\Mangos, remove the default permissions. The only permissions that should remain at this point are "Administrators" and "SYSTEM". "Creator Owner" and "Users" should be removed.

Now, customize the permissions adding the specific user you created in B) to these folders:

C:\Mangos root folder - NTFS Read permissions

C:\Mangos\Crashes, Logs (or whereever your Mangos crashes/logs are stored) - NTFS Modify permissions

C:\Mangos\dbc, maps, vmaps (or whereever these folders are at) - NTFS Read permissions (heritance is enabled by default, so you shouldn't need to adjust permissions at this level)

Retrieved from "http://getmangos.com/wiki/Securing_a_Windows_Installation"
Powered by MediaWiki GNU Free Documentation License 1.2
© 2005 - 2009, <MaNGOS foundation> · Privacy policy · About MangosWiki · Disclaimers