I assume you started from my guide for hardened Raspberry Pi.
First steps
MariaDB is a simple, popular and open-source relational database.
sudo apt update
sudo apt install mariadb-server
Run the following script to secure your installation and define root password.
sudo mariadb-secure-installation
Check if the service is running.
systemctl status mariadb
Add firewall rule to allow connection.
ufw allow 3306/tcp
Connect for the first time to control everything is ok.
mysql -u root -p
Hardening users and network configuration
Create a user with full privilege. Choose a meaningful username, a strong password and you can choose to connect only from local host or from a local network like 192.168.1.%
GRANT ALL PRIVILEGES ON *.* TO '<new user login>'@'%' IDENTIFIED BY '<new user password>' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;
Connect with the new user to control.
mysql -u <new user login> -p
Remove default users.
DROP USER 'mysql'@'localhost';
DROP USER 'root'@'localhost';
EXIT;
Remove the shell of user mysql.
sudo chsh -s /usr/sbin/nologin mysql
By default MariaDB is only available on loopback (localhost/127.0.0.1). Either you use an SSH tunnel to connect or change the configuration.
sudo vi /etc/mysql/mariadb.conf.d/50-server.cnf
# replace bind-adress = 127.0.0.1
# by bind-adress = 0.0.0.0
sudo systemctl restart mariadb
I generally continue configuring the database with graphical client like DBeaver.
Where are the data stored?
MariaDB will store the data in the folder /var/lib/mysql and it’s a good idea to backup these data regularly.