disable anonymous access to MongoDB
You have to restart the mongod instance with the --auth command line option (run it in the shell):
mongod --auth --port 27017 --dbpath /var/lib/mongodb
Keep in mind that the path to mongodb can be different, so you can check the dbPath value in the mongodb config file:
sudo vi /etc/mongod.conf
Enabling authorization in version 2.6+ - it's in yml format:
security:
authorization: enabled
Extra Information:
also note if you are using security config such as key file configuration, the
security:
authorization: enabled
key is not required, that's why you may see config files without this flag... another note: in recent versions, 4.x you also need to configure access IP list: net: bindIp: ::,0.0.0.0 #to bind all v4 and v6 ip addresses, or use specific address which your specific host access, recommended for production
or
net:
net.bindIpAll: true #to bind all ip addresses
To fully disable anonymous authentication you need to ensure that you:
1) Add an administrative user to the admin database.
Until the first admin user is created, by default there is a localhost bypass that allows you to login anonymously and set up that first user.
To check you have at least one user in your admin database, run:
db.getSiblingDB('admin').system.users.find()
2) Start your MongoDB server with auth enabled (standalone server) or keyFile enabled (replica set).
The keyFile option implies auth, and is used for internal authentication between replica set nodes.
To check the configuration settings for a running MongoDB instance, you can refer to the output of db.serverCmdLineOpts() in a mongo shell.
If the options have been changed from the default they should show up in the parsed section of the output. That is, one of these should return true:
db.serverCmdLineOpts().parsed.auth
db.serverCmdLineOpts().parsed.keyFile
I am not sure what 3rd step is meant
Following the documentation to Install MongoDB On Windows...
You should specify two options when running MongoDB as a Windows Service: a path for the log output (i.e. logpath) and a configuration file.
This means that your mongod command (as defined in your Windows service) should look something like this:
c:\mongodb\bin\mongod.exe --config c:\mongodb\mongod.cfg
In your configuration file (whatever it is called, mongod.cfg in my above example) you will want to have a line like this:
auth = true
Try that, and see if it works. If your service definition does not contain the "--config" option, then re-install your service (following the doc I referenced) to add it.