How to secure MongoDB on CentOS 7

MongoDB allows you to restrict database actions by specifying roles for users. The default installation does not include an admin user, so in this tutorial we will create one.

Creating an admin user

To start, you will need to enable access control on your MongoDB instance.

Ensure your MongoDB is not currently running:

[root@ ~]# systemctl status mongod
● mongod.service - MongoDB Database Server
   Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
   Active: inactive (dead) since Mon 2020-09-14 16:31:20 BST; 6s ago
     Docs: https://docs.mongodb.org/manual

Start up an instance of MongoDB with no authentication:

mongod --port 27017 --dbpath /var/lib/mongo

Create your admin user with a strong password, and then exit:

use admin
db.createUser(
  {
    user: 'admin',
    pwd: 'Some1ncrediblystrongpassword!',
    roles: [ { role: 'root', db: 'admin' } ]
  }
)

db.adminCommand( { shutdown: 1 } )

As a sudo user, edit the MongoDB configuration file to specify that authentication is to be enabled. Un-comment the security directive and amend as below:

[root@ ~]# vi /etc/mongod.conf
...
security:
  authorization: "enabled"

Ensure the directory is owned by mongod:

[root@ ~]# chown -R mongod: /var/lib/mongo

Start the service:

[root@ ~]# systemctl start mongod

Test your new admin user:

[root@~]# mongo -u admin -p --authenticationDatabase admin
...
> show dbs
admin    0.000GB
config   0.000GB
local    0.000GB

Creating an admin user​

Creating an admin user