Need to configure Authentication for MongoDB on Ubuntu to enhance Security? Our Experienced Server Administrators can help you today.

By default, Authentication is not enabled for MongoDB. This allows any user to just access a MongoDB server and perform activities such as Adding or Deleting data without any restrictions.

Here at Ibmi Media, as part of our Server Management Services, we regularly perform Server Hardening tasks for our customers.

In this context, we shall look into the method to enable authentication for MongoDB on Ubuntu Server.

Importance of enabling Authentication for MongoDB on Ubuntu?

As earlier stated, by default, Since authentication is disabled, users of MongoDb have full access to its database.

This poses a security threat in that any user can compromise the database without any interruptions.
This is why it is necessary to secure MongoDB database authentication.

If you observe MongoDB on connecting to its shell prompt, a warning message will be displayed just as shown below;

MongoDB shell version v4.4.0

2020-06-09T13:26:51.391+0000 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.

2020-06-09T13:26:51.391+0000 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.

How to add an Administrative User for MongoDB on Ubuntu Machine?

It is important to add an administrative user account so as to secure the Server from this security flaw.
To get started, add an administrative user by connecting to the MongoDB Shell using the command below;

mongo

Next, make a connection to the admin database with the statement below;

use admin

MongoDB Admin database contains vital information of the users such as passwords, Usernames as well as roles.

MongoDB is made up of JavaScript based shell methods for its database management such as "db.createUser" method which helps to create new users for the database. It looks like this;

db.createUser(

  {

    user: "Admintest",

    pwd: "Password",

    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]

  }

)

From the above method, we can make it more secure by using a passwordPrompt() method instead of the password in a clear text format. When implemented, then once you launch the database, you will be prompted to enter the password. So ensure that a strong password is used.

After adding the user successfully, you will get an output that the addition of a new user is successful. Now you can exit MongoDB client with the exit command or by simply pressing "CTRL + C" button on your keyboard.

How to enable Authentication for MongoDB?

To enable authentication for MongoDB, simply modify its configuration file which is "mongod.conf". Once you edit this file, look out for the security section which is commented as shown below;

#security:

#operationProfiling:

All you need to do is to uncomment it and add the authorization parameter by setting to "enabled" as shown below;

security:

  authorization: "enabled"

#operationProfiling:

After modification, save and exit the file and restart the MongoDB service and daemon to effect changes with the following commands;

sudo systemctl restart mongod

sudo systemctl status mongod

You will see that the daemon is up and running. Now you can proceed with connecting to the MongDB client with any further security warning as such.

Now users cannot access the Database without using the correct username and password.

To authenticate, you can access MongoDB as an administrator with the mongo command below;

mongo -u Admintest -p --authenticationDatabase admin

Need to enhance security for MongoDB on Ubuntu? We are available to help you today.