Shulou(Shulou.com)06/02 Report--

It is believed that many inexperienced people are at a loss about how the DB security of MYSQL 8 should deal with the bulabula of the security sector. therefore, this article summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

It is true that the security of MYSQL 8 is different from that of MYSQL 5.7, but how to do it is different from that of MYSQL 5.7. You can also take a look at what is still using MYSQL 5.6,5.5. maybe you can skip 5.7in the next upgrade.

Let's take it one step at a time.

1 Security Department Q: is there any database security monitoring in your MYSQL database?

A: yes, MYSQL 8 provides a security monitoring program to monitor some of the security issues of the installed MYSQL? The name of this program is mysql_secure_installation

Let's see what he can do. We type mysql_secure_installation directly in shell

Such a program will ask you a few questions and make some corresponding actions according to your choice.

Judge whether your ROOT password is in line with the current password level and give a score

2 when installing MYSQL, are there any other anonymous users installed in the database? if so, delete them.

3 determine whether your ROOT users can access through the public network. If you can, you can choose to disable such permissions.

4 some MYSQL will be installed with a TEST database, which can be accessed by all users by default. Do you want to do something?

OK, usually after we install MYSQL 8, we can use this program to enhance the security of your MYSQL, or we can verify the basic security of your database when you take over a new database.

2 question: is there any mandatory protection for your user name and password, such as how many digits of the password, password expiration and other settings

A: yes, we use MYSQL 8 security components (not plug-ins are components)

How to verify that you have installed this component

If you finish executing the above statement in the MYSQL database, you can see the contents of my red line, indicating that you have installed this component (for details, let's install this component, please B or G)

So what does this MYSQL 8 component contain? let's list it.

1 whether to turn on password checking. It is on by default.

Validate_password.check_user_name ON

2 what is the length of the password

Validate_password.length defaults to 8

3 whether the number of mixed case passwords is required

Validate_password.mixed_case_count default 1

4 the minimum number of numbers in the password

Validate_password.number_count default 1

Special characters in 5 passwords, (non-alphabetic and numeric)

Validate_password.special_char_count default 1

5 setting of password policy

There are high, medium and low settings in the policy settings of the password, and the matching value is also 0 1 2.

Validate_password.policy default 2

And this setting is directly related to whether and how your above settings will take effect.

Select 0 to check only the length of the password

Select the length of 1 pair of passwords, whether there are numbers, case, and special characters are monitored.

Select 2, on the basis of 1, also compare the dictionary file you set. If it corresponds to the entry in which the prohibition of the dictionary file is set to password, then your password cannot be set.

Exactly how you want to set it up depends on the password requirements of your company's security department.

Note: at the same time, please note that if you used the PT tool to copy the account, there should be a temporary error on MYSQL 8, because the encryption of the password has changed and the tool cannot work.

As for the expiration time or survival time of some user accounts on MYSQL5.7 are the same as before, but it is generally not recommended, unless emphasized by your security department, don't make trouble for yourself. Otherwise, I will call you in the middle of the night to tell you that the app is not connected, and you will have to carry the pot on your own.

3 audit function of MYSQL

Today's databases need to have the function of audit, the database without the function of audit must be complained by the security department or give you a "color" look. How does MYSQL support audit function

1 you pay for the enterprise version of MYSQL, with its own audit function

2 you install the MYSQL SERVER version of PERCONA, and they provide you with AUDIT function free of charge

What, the free official version of MYSQL, OMG, SORRY, please B OR G, because I have been the percona version, official version anyway I do not need.

The following are MYSQL 8.015 versions based on PERCONA, and other versions of MYSQL.

By the way, why PERCONA, PERCONA as the "most" powerful service company in the database industry, the supported database version and capabilities are among the best. MONGODB people have their own products, MYSQL has their own products, POSTGRESQL 11, and now there are free products, MYSQL agent software, and free products. The important thing is free, easy to use, documentation, and if you have money, you can buy a support or something.

Install the AUDIT plug-in

INSTALL PLUGIN audit_log SONAME 'audit_log.so'

Check to see if your plug-in is installed

Percona's audit format supports formats such as XML JSON CSV.

For example, we want to check the users who access the mysql database

SET GLOBAL audit_log_include_databases = 'mysql'

The following two pictures are the relevant configuration information, and the contents of the audit LOG, not to say much specific, are elite, a little look will be.

You can also find an issue, talking about this audit log OK, that's all for today.

After reading the above, do you know how the DB security of MYSQL 8 should deal with the bulabula of the security department? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.