Shulou(Shulou.com)06/01 Report--

This article mainly introduces "the way of baseline verification of Mysql database". In the daily operation, I believe that many people have doubts about the way of baseline verification of Mysql database. The editor consulted all kinds of data and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "the way of baseline verification of Mysql database". Next, please follow the editor to study!

I. identity authentication 1.1 should provide the functions of unique user identity and complexity check of authentication information to ensure that there is no duplicate user identity in the application system, and the identity authentication information is not easy to be used falsely.

a. Accounts should be assigned according to users to avoid sharing accounts among different users.

b. Check to see if an anonymous account exists:

Mysql > use mysql

Mysql > delete from user where User =''

Mysql > flush privileges

c. Check for empty passwords: execute if they exist

To modify the weak password of an account, execute the following command to change the password:

Mysql > update user set password=password ('new password') where user='root'; mysql > flush privileges

Check if there is an empty password (version 5.7) before MySQL5.7, the password field in the User table is Password, and starting with MySQL5.7, the password field becomes authentication_string.

d. The default management of the original account should be changed to prevent exhaustive malicious behavior to system users.

Mysql > update user set user= "newname" where user= "root"

Mysql > flush privileges; newname is the new name of the administrator account, which is changed to a user name that is not easy to guess.

Second, access control 2.1 should provide access control function to control user access to files, database tables and other objects according to security policies.

a. Check to see if the test library installed by the test is deleted (the test library for installation testing should be deleted)

Mysql > show databases

Mysql > drop database test; mysql > flush privileges

Check whether mysql is prohibited from accessing local files

Mysql should be prohibited from accessing local files

Method 1: add local-infile=0 under the mysql field of my.cnf

Method 2: start mysql with the parameter local-infile=0 / etc/init.d/mysql start-- local-infile=0 if you need to obtain local files, you need to turn on this function, but for security reasons, it is recommended to close and reopen the command / etc/init.d/mysql start-- local-infile=1 needs to restart mysql Note: you can query the my.cnf path through the mysql-- help command prompt.

Check whether mysql is prohibited from running with administrator account privileges

Method 1: add-- user=user-name eg: / etc/init.d/mysql start-- user=user-name when starting mysql

Method 2: under the mysql installation directory, modify the configuration file my.cnf (please modify the my-medium.cnf file in the installation directory if you use the rpm package) and add user=mysql to the [mysqld] configuration section.

Security audit 3.1 should provide a security audit function covering each user to audit important security events in the application system.

a. Check whether the logging feature is configured

b. Check whether the error log is configured

Reference configuration operation

Under the mysql installation directory, modify the my.cnf configuration file by adding log_error = / home/mysql.err

To restart mysql, execute the command / etc/init.d/mysql restart supplement: please refer to your own environment configuration for specific log_error storage path.

c. Check whether the generic query log is configured

Reference configuration operation

Under the mysql installation directory, modify the my.cnf configuration file by adding general_log = 1

Restart mysql, executable command / etc/init.d/mysql restart Note: you can query the my.cnf path through the mysql-- help command prompt.

Check whether slow query logs are configured

Reference configuration operation

(1) under the installation directory of mysql, modify the my.cnf configuration file and add slow_query_log = 1 (2) restart mysql, and execute the command / etc/init.d/mysql restart Note: you can query the my.cnf path through the mysql-- help command prompt.

e. Detect whether the update log is configured

Reference configuration operation

(1) add log_slave_updates under mysqld of my.cnf

(2) restart mysql and execute the command / etc/init.d/mysql restart Note: you can query the my.cnf path through the mysql-- help command prompt.

f. Check whether binary logs are configured

Reference configuration operation

Under the installation directory of mysql, modify the my.cnf configuration file, add log_bin = mysql-bin (2) restart mysql, execute the command / etc/init.d/mysql restart after 5.7.3, modify the my.cnf configuration file, and add log_bin = file name server_id = serial number under [mysqld].

IV. Malicious code prevention 4.1 We should install anti-malicious code software or reinforce software with corresponding functions, and upgrade and update the anti-malicious code base regularly.

Install the latest patches to ensure that the system has the latest security patches installed.

Note: under the premise of ensuring business and network security, and after compatibility testing, install the update patch.

Resource Control 5.1 should provide a security audit function covering each user to audit important security events of the application system.

a. Should be able to allocate maximum and minimum quotas to the resources occupied by an access account or a requesting process

Set the maximum number of connections according to machine performance and business requirements. Under the installation directory of mysql, add "max_connections = 1000" in the [mysqld] configuration section of my.cnf to restart the mysql service Note: you can query the my.cnf path through the mysql-- help command prompt.

VI. Data backup and recovery 6.1 should provide local data backup and recovery functions for important data

Check to see if there are backup files, and understand the backup and recovery mechanisms

If not, you need to establish backup files and implement a daily incremental and weekly backup strategy.

6.2 remote data backup function should be provided, and important data should be transmitted to the standby site in batches using the communication network.

Store backup files in remote locations and ensure their effectiveness to avoid the risk of recovery after a single point of failure.

At this point, the study on "the way to check the baseline of Mysql database" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.