How to Install and Secure MongoDB 4 in CentOS 8

MongoDB is a cross-platform NoSQL database system written in C++. MongoDB is different from traditional table-based SQL databases like MySQL and PostgreSQL and is specially designed for high-volume data storage. MongoDB uses JSON-like documents with dynamic schemas and does not require a predefined schema before you add data to a database. MongoDB is free, open-source, and comes with a rich set of features including, storage, data replication, Ad-hoc queries, load balancing, and many more.

In this tutorial, we will explain how to install and secure MongoDB on CentOS 8.

Step 1 – Add the MongoDB Repository

By default, MongoDB is not available in the CentOS 8 default repository, so you will need to create a repo file for MongoDB.

You can create it with the following command:

nano /etc/yum.repos.d/mongodb-org.repo

Add the following lines:

[mongodb-org-4.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/4.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc

Save and close the file when you are finished. Next, you can proceed to install MongoDB in your system.

Step 2 – Install MongoDB

Now, you can install the MongoDB by simply running the following command:

dnf install mongodb-org -y

Once the installation has been completed, start the MongoDB service and enable it to start after system reboot with the following command:

systemctl start mongod
systemctl enable mongod

You can now check the status of the MongoDB service using the following command:

systemctl status mongod

You should see the following output:

● mongod.service - MongoDB Database Server
   Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2020-04-10 10:58:18 EDT; 7s ago
     Docs: https://docs.mongodb.org/manual
  Process: 2904 ExecStart=/usr/bin/mongod $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 2902 ExecStartPre=/usr/bin/chmod 0755 /var/run/mongodb (code=exited, status=0/SUCCESS)
  Process: 2899 ExecStartPre=/usr/bin/chown mongod:mongod /var/run/mongodb (code=exited, status=0/SUCCESS)
  Process: 2897 ExecStartPre=/usr/bin/mkdir -p /var/run/mongodb (code=exited, status=0/SUCCESS)
 Main PID: 2906 (mongod)
   Memory: 77.0M
   CGroup: /system.slice/mongod.service
           └─2906 /usr/bin/mongod -f /etc/mongod.conf

Apr 10 10:58:17 centos8 systemd[1]: Starting MongoDB Database Server...
Apr 10 10:58:17 centos8 mongod[2904]: about to fork child process, waiting until server is ready for connections.
Apr 10 10:58:17 centos8 mongod[2904]: forked process: 2906
Apr 10 10:58:18 centos8 mongod[2904]: child process started successfully, parent exiting
Apr 10 10:58:18 centos8 systemd[1]: Started MongoDB Database Server.

Now, MongoDB is running and listening on port 27017. You can verify it with the following command:

netstat -pnltu | grep 27017

You should get the following output:

tcp        0      0 127.0.0.1:27017         0.0.0.0:*               LISTEN      2906/mongod

You can also access the MongoDB shell with the following command:

mongo

You should get the following output:

MongoDB shell version v4.2.5
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("b0f7656f-f939-4f50-87d2-01cbeca0849a") }
MongoDB server version: 4.2.5
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
            http://docs.mongodb.org/
Questions? Try the support group
            http://groups.google.com/group/mongodb-user
Server has startup warnings:
2020-04-10T10:58:18.521-0400 I  CONTROL  [initandlisten]
2020-04-10T10:58:18.521-0400 I  CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2020-04-10T10:58:18.521-0400 I  CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2020-04-10T10:58:18.521-0400 I  CONTROL  [initandlisten]
2020-04-10T10:58:18.521-0400 I  CONTROL  [initandlisten]
2020-04-10T10:58:18.521-0400 I  CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2020-04-10T10:58:18.521-0400 I  CONTROL  [initandlisten] **        We suggest setting it to 'never'
2020-04-10T10:58:18.522-0400 I  CONTROL  [initandlisten]
---
Enable MongoDB's free cloud-based monitoring service, which will then receive and display
metrics about your deployment (disk utilization, CPU, operation statistics, etc).

The monitoring data will be available on a MongoDB website with a unique URL accessible to you
and anyone you share the URL with. MongoDB may use this information to make product
improvements and to suggest MongoDB products and deployment options to you.

To enable free monitoring, run the following command: db.enableFreeMonitoring()
To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---

You can exit from the MongoDB shell with the following command:

>exit

Step 3 – Enable MongoDB Authentication

By default, authentication is disabled in MongoDB. Any user can interact with the database, and create and destroy databases. It is a good idea to enable authentication in MongoDB. You can enable it by editing mongod.conf file:

nano /etc/mongod.conf

Add the following line at the end of the file:

security:
  authorization: enabled

Save and close the file when you are finished. Then, restart the MongoDB service to apply the changes:

systemctl restart mongod

Step 4 – Create a MongoDB Admin User

Next, you will need to create an administrative user with all privileges to perform administrative tasks.

First, access the MongoDB shell with the following command:

mongo

You should get the following output:

MongoDB shell version v4.2.5
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("09e0e028-cd26-4f9d-9270-52b938925f99") }
MongoDB server version: 4.2.5

Next, change the database to admin with the following command:

> use admin

Next, create a MongoDB admin user called myadmin with the following command:

> db.createUser( { user: "myadmin", pwd: "password", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )

Once the user has been created, you should get the following output:

Successfully added user: {
            "user" : "myadmin",
            "roles" : [
                        {
                                    "role" : "userAdminAnyDatabase",
                                    "db" : "admin"
                        }
            ]
}

Next, exit from the MongoDB shell with the following command:

>exit

Step 5 – Verify MongoDB Authentication

At this point, MongoDB is configured with authentication. Now you will be required to provide a username and password before interacting with MongoDB.

Next, connect the MongoDB without authentication:

mongo

You should get the following output:

MongoDB shell version v4.2.5
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("fecf1846-13fd-4959-91da-5cf323781e13") }
MongoDB server version: 4.2.5

Now, run the following command to list MongoDB users:

> show users

You should get the following error:

2020-04-10T11:08:04.598-0400 E  QUERY    [js] uncaught exception: Error: command usersInfo requires authentication :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.getUsers@src/mongo/shell/db.js:1638:15
shellHelper.show@src/mongo/shell/utils.js:883:9
shellHelper@src/mongo/shell/utils.js:790:15
@(shellhelp2):1:1

This demonstrates that you can not list the users without authenticating.

Now, exit from MongoDB with the following command:

>exit

Step 6 – Access MongoDB with Administrative User

Now, let’s connect to the MongoDB with the administrative user:

mongo -u myadmin -p --authenticationDatabase admin

You will be asked to provide your admin password as shown below:

MongoDB shell version v4.2.5
Enter password:

Provide your admin password and hit Enter. You should get the following output:

connecting to: mongodb://127.0.0.1:27017/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("a39f723c-f1b5-4c93-9e67-ff82379dfb62") }
MongoDB server version: 4.2.5

Next, change the database to admin and list the users with the following command:

> use admin
> show users

You should get the following output:

{
            "_id" : "admin.myadmin",
            "userId" : UUID("bcd920c1-63fd-4b82-a8a6-eb6515d51a34"),
            "user" : "myadmin",
            "db" : "admin",
            "roles" : [
                        {
                                    "role" : "userAdminAnyDatabase",
                                    "db" : "admin"
                        }
            ],
            "mechanisms" : [
                        "SCRAM-SHA-1",
                        "SCRAM-SHA-256"
            ]
}

Now, exit from the MongoDB shell with the following output:

> exit

Conclusion

In the above guide, we learned how to install MongoDB on CentOS 8. We have also shown how to enable MongoDB authentication and create an administrative user. Your MongoDB on your Atlantic.Net VPS is now secured with username and password – if you don’t have a VPS from Atlantic.Net, get started with VPS hosting today to install MongoDB!