KALYPTO (IN)SECURITY

Research, demonstrations, and popcorn

How to enable Authentication on your MongoDB instance

This is a quick post on enabling authentication on your MongoDB instance, but the first thing you should do is bring the MongoDB inside your network if possible.  If it is not exposed externally, there is a far lower chance of intrusion.
The second thing is to create an administrator account that will be used for management.  To do that, perform the following:
  1. Connect to MongoDB
  2. Create the Admin user that does not have the word admin in it:
    use admin
    db.createUser(
    {
    user:”DataManager”,
    pwd:”[Enter a 31+ character alphanumeric password]”,
    roles: [ { role:”userAdminAnyDatabase”, db:”admin” } ]
    }
    )
  3. Re-start MongoDB on a different port than 27017 with authentication enabled:  mongod –auth –port PORT_NUMBER –dbpath PATH_TO_YOUR_DATA

From here forward, you can create named accounts for your data connections and completely prevent anonymous access.

authenticationmongodb

Kalypto • January 24, 2017


Previous Post

Next Post