zoukankan      html  css  js  c++  java
  • 启动MYSQL密码审计插件

    http://www.innomysql.com/article/25717.html

    [root@server-mysql plugin]# pwd
    /usr/local/mysql56/lib/plugin
    [root@server-mysql plugin]# ll
    total 2184
    -rwxr-xr-x. 1 root mysql  15437 Sep 19  2015 adt_null.so
    -rwxr-xr-x. 1 root mysql  25619 Sep 19  2015 auth.so
    -rwxr-xr-x. 1 root mysql  12364 Sep 19  2015 auth_socket.so
    -rwxr-xr-x. 1 root mysql  25072 Sep 19  2015 auth_test_plugin.so
    -rw-r--r--. 1 root mysql    227 Sep 18  2015 daemon_example.ini
    drwxr-xr-x. 2 root mysql   4096 Dec 11  2015 debug
    -rwxr-xr-x. 1 root mysql 573478 Sep 19  2015 innodb_engine.so
    -rwxr-xr-x. 1 root mysql  42321 Sep 19  2015 libdaemon_example.so
    -rwxr-xr-x. 1 root mysql 584295 Sep 19  2015 libmemcached.so
    -rwxr-xr-x. 1 root mysql  17539 Sep 19  2015 mypluglib.so
    -rwxr-xr-x. 1 root mysql  11913 Sep 19  2015 mysql_no_login.so
    -rwxr-xr-x. 1 root mysql  18151 Sep 19  2015 qa_auth_client.so
    -rwxr-xr-x. 1 root mysql  23798 Sep 19  2015 qa_auth_interface.so
    -rwxr-xr-x. 1 root mysql  12926 Sep 19  2015 qa_auth_server.so
    -rwxr-xr-x. 1 root mysql 421090 Sep 19  2015 semisync_master.so
    -rwxr-xr-x. 1 root mysql 250206 Sep 19  2015 semisync_slave.so
    -rwxr-xr-x. 1 root mysql 157141 Sep 19  2015 validate_password.so
    my.cnf加入:
    plugin-load=validate_password.so validate-password=FORCE_PLUS_PERMANENT
    mysql> SHOW PLUGINS;
    +----------------------------+----------+--------------------+----------------------+---------+
    | Name                       | Status   | Type               | Library              | License |
    +----------------------------+----------+--------------------+----------------------+---------+
    | binlog                     | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | mysql_native_password      | ACTIVE   | AUTHENTICATION     | NULL                 | GPL     |
    | mysql_old_password         | ACTIVE   | AUTHENTICATION     | NULL                 | GPL     |
    | sha256_password            | ACTIVE   | AUTHENTICATION     | NULL                 | GPL     |
    | MRG_MYISAM                 | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | MyISAM                     | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | MEMORY                     | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | CSV                        | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | InnoDB                     | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | INNODB_TRX                 | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_LOCKS               | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_LOCK_WAITS          | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_CMP                 | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_CMP_RESET           | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_CMPMEM              | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_CMPMEM_RESET        | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_CMP_PER_INDEX       | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_CMP_PER_INDEX_RESET | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_BUFFER_PAGE         | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_BUFFER_PAGE_LRU     | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_BUFFER_POOL_STATS   | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_METRICS             | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_FT_DEFAULT_STOPWORD | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_FT_DELETED          | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_FT_BEING_DELETED    | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_FT_CONFIG           | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_FT_INDEX_CACHE      | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_FT_INDEX_TABLE      | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_TABLES          | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_TABLESTATS      | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_INDEXES         | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_COLUMNS         | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_FIELDS          | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_FOREIGN         | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_FOREIGN_COLS    | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_TABLESPACES     | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_DATAFILES       | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | PERFORMANCE_SCHEMA         | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | BLACKHOLE                  | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | FEDERATED                  | DISABLED | STORAGE ENGINE     | NULL                 | GPL     |
    | ARCHIVE                    | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | partition                  | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | validate_password          | ACTIVE   | VALIDATE PASSWORD  | validate_password.so | GPL     |
    +----------------------------+----------+--------------------+----------------------+---------+
    43 rows in set (0.01 sec)
    mysql> set password=password("123");
    ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
    mysql> set password=password("Aa@1");
    ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
    mysql> set password=password("Aa@12345");
    Query OK, 0 rows affected (0.01 sec)
    mysql> show variables like "%password%";
    +--------------------------------------+--------+
    | Variable_name                        | Value  |
    +--------------------------------------+--------+
    | disconnect_on_expired_password       | ON     |
    | old_passwords                        | 0      |
    | report_password                      |        |
    | validate_password_dictionary_file    |        |
    | validate_password_length             | 8      |
    | validate_password_mixed_case_count   | 1      |
    | validate_password_number_count       | 1      |
    | validate_password_policy             | MEDIUM |
    | validate_password_special_char_count | 1      |
    +--------------------------------------+--------+
    9 rows in set (0.00 sec)
    参数validate_password_length用于设置密码的最小长度,默认值为8。

    参数validate_password_policy表示密码策略,可设置的值有:
    0 or LOW 仅需需符合密码长度(由参数validate_password_length指定) 1 or MEDIUM 满足LOW策略,同时还需满足至少有1个数字,小写字母,大写字母和特殊字符 2 or STRONG 满足MEDIUM策略,同时密码不能存在字典文件(dictionary file)中
    可以发现PVP强大之处还在于其在STRONG模式下还能设置字典文件,字典中存在的密码不得使用。
    可以通过参数validate_password_dictionary_file来设置字典文件。不过就Inside君来看,貌似MEDIUM策略的安全性已足够高了。
  • 相关阅读:
    数据库表结构变动发邮件脚本
    .net程序打包部署
    无法登陆GitHub解决方法
    netbeans 打包生成 jar
    第一次值班
    RHEL6 纯命令行文本界面下安装桌面
    C语言中格式化输出,四舍五入类型问题
    I'm up to my ears
    How to boot ubuntu in text mode instead of graphical(X) mode
    the IP routing table under linux@school
  • 原文地址:https://www.cnblogs.com/zengkefu/p/5630644.html
Copyright © 2011-2022 走看看