Need to configure Authentication for MongoDB on Ubuntu to enhance Security? Our Experienced Server Administrators can help you today.
By default, Authentication is not enabled for MongoDB. This allows any user to just access a MongoDB server and perform activities such as Adding or Deleting data without any restrictions.
Here at Ibmi Media, as part of our Server Management Services, we regularly perform Server Hardening tasks for our customers.
In this context, we shall look into the method to enable authentication for MongoDB on Ubuntu Server.
As earlier stated, by default, Since authentication is disabled, users of MongoDb have full access to its database.
This poses a security threat in that any user can compromise the database without any interruptions.
This is why it is necessary to secure MongoDB database authentication.
If you observe MongoDB on connecting to its shell prompt, a warning message will be displayed just as shown below;
MongoDB shell version v4.4.0
2020-06-09T13:26:51.391+0000 I CONTROL [initandlisten] ** WARNING: Access control is not enabled for the database.
2020-06-09T13:26:51.391+0000 I CONTROL [initandlisten] ** Read and write access to data and configuration is unrestricted.
It is important to add an administrative user account so as to secure the Server from this security flaw.
To get started, add an administrative user by connecting to the MongoDB Shell using the command below;
mongo
Next, make a connection to the admin database with the statement below;
use admin
MongoDB Admin database contains vital information of the users such as passwords, Usernames as well as roles.
MongoDB is made up of JavaScript based shell methods for its database management such as "db.createUser" method which helps to create new users for the database. It looks like this;
db.createUser(
{
user: "Admintest",
pwd: "Password",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
From the above method, we can make it more secure by using a passwordPrompt() method instead of the password in a clear text format. When implemented, then once you launch the database, you will be prompted to enter the password. So ensure that a strong password is used.
After adding the user successfully, you will get an output that the addition of a new user is successful. Now you can exit MongoDB client with the exit command or by simply pressing "CTRL + C" button on your keyboard.
To enable authentication for MongoDB, simply modify its configuration file which is "mongod.conf". Once you edit this file, look out for the security section which is commented as shown below;
#security:
#operationProfiling:
All you need to do is to uncomment it and add the authorization parameter by setting to "enabled" as shown below;
security:
authorization: "enabled"
#operationProfiling:
After modification, save and exit the file and restart the MongoDB service and daemon to effect changes with the following commands;
sudo systemctl restart mongod
sudo systemctl status mongod
You will see that the daemon is up and running. Now you can proceed with connecting to the MongDB client with any further security warning as such.
Now users cannot access the Database without using the correct username and password.
To authenticate, you can access MongoDB as an administrator with the mongo command below;
mongo -u Admintest -p --authenticationDatabase admin
This article will put you through the steps you need to take to enable authentication for MongoDB on Ubuntu by modifying MongoDB configuration file.