zoukankan      html  css  js  c++  java
  • 启动MYSQL密码审计插件

    http://www.innomysql.com/article/25717.html

    [root@server-mysql plugin]# pwd
    /usr/local/mysql56/lib/plugin
    [root@server-mysql plugin]# ll
    total 2184
    -rwxr-xr-x. 1 root mysql  15437 Sep 19  2015 adt_null.so
    -rwxr-xr-x. 1 root mysql  25619 Sep 19  2015 auth.so
    -rwxr-xr-x. 1 root mysql  12364 Sep 19  2015 auth_socket.so
    -rwxr-xr-x. 1 root mysql  25072 Sep 19  2015 auth_test_plugin.so
    -rw-r--r--. 1 root mysql    227 Sep 18  2015 daemon_example.ini
    drwxr-xr-x. 2 root mysql   4096 Dec 11  2015 debug
    -rwxr-xr-x. 1 root mysql 573478 Sep 19  2015 innodb_engine.so
    -rwxr-xr-x. 1 root mysql  42321 Sep 19  2015 libdaemon_example.so
    -rwxr-xr-x. 1 root mysql 584295 Sep 19  2015 libmemcached.so
    -rwxr-xr-x. 1 root mysql  17539 Sep 19  2015 mypluglib.so
    -rwxr-xr-x. 1 root mysql  11913 Sep 19  2015 mysql_no_login.so
    -rwxr-xr-x. 1 root mysql  18151 Sep 19  2015 qa_auth_client.so
    -rwxr-xr-x. 1 root mysql  23798 Sep 19  2015 qa_auth_interface.so
    -rwxr-xr-x. 1 root mysql  12926 Sep 19  2015 qa_auth_server.so
    -rwxr-xr-x. 1 root mysql 421090 Sep 19  2015 semisync_master.so
    -rwxr-xr-x. 1 root mysql 250206 Sep 19  2015 semisync_slave.so
    -rwxr-xr-x. 1 root mysql 157141 Sep 19  2015 validate_password.so
    my.cnf加入:
    plugin-load=validate_password.so validate-password=FORCE_PLUS_PERMANENT
    mysql> SHOW PLUGINS;
    +----------------------------+----------+--------------------+----------------------+---------+
    | Name                       | Status   | Type               | Library              | License |
    +----------------------------+----------+--------------------+----------------------+---------+
    | binlog                     | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | mysql_native_password      | ACTIVE   | AUTHENTICATION     | NULL                 | GPL     |
    | mysql_old_password         | ACTIVE   | AUTHENTICATION     | NULL                 | GPL     |
    | sha256_password            | ACTIVE   | AUTHENTICATION     | NULL                 | GPL     |
    | MRG_MYISAM                 | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | MyISAM                     | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | MEMORY                     | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | CSV                        | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | InnoDB                     | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | INNODB_TRX                 | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_LOCKS               | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_LOCK_WAITS          | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_CMP                 | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_CMP_RESET           | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_CMPMEM              | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_CMPMEM_RESET        | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_CMP_PER_INDEX       | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_CMP_PER_INDEX_RESET | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_BUFFER_PAGE         | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_BUFFER_PAGE_LRU     | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_BUFFER_POOL_STATS   | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_METRICS             | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_FT_DEFAULT_STOPWORD | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_FT_DELETED          | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_FT_BEING_DELETED    | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_FT_CONFIG           | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_FT_INDEX_CACHE      | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_FT_INDEX_TABLE      | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_TABLES          | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_TABLESTATS      | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_INDEXES         | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_COLUMNS         | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_FIELDS          | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_FOREIGN         | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_FOREIGN_COLS    | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_TABLESPACES     | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | INNODB_SYS_DATAFILES       | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
    | PERFORMANCE_SCHEMA         | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | BLACKHOLE                  | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | FEDERATED                  | DISABLED | STORAGE ENGINE     | NULL                 | GPL     |
    | ARCHIVE                    | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | partition                  | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
    | validate_password          | ACTIVE   | VALIDATE PASSWORD  | validate_password.so | GPL     |
    +----------------------------+----------+--------------------+----------------------+---------+
    43 rows in set (0.01 sec)
    mysql> set password=password("123");
    ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
    mysql> set password=password("Aa@1");
    ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
    mysql> set password=password("Aa@12345");
    Query OK, 0 rows affected (0.01 sec)
    mysql> show variables like "%password%";
    +--------------------------------------+--------+
    | Variable_name                        | Value  |
    +--------------------------------------+--------+
    | disconnect_on_expired_password       | ON     |
    | old_passwords                        | 0      |
    | report_password                      |        |
    | validate_password_dictionary_file    |        |
    | validate_password_length             | 8      |
    | validate_password_mixed_case_count   | 1      |
    | validate_password_number_count       | 1      |
    | validate_password_policy             | MEDIUM |
    | validate_password_special_char_count | 1      |
    +--------------------------------------+--------+
    9 rows in set (0.00 sec)
    参数validate_password_length用于设置密码的最小长度,默认值为8。

    参数validate_password_policy表示密码策略,可设置的值有:
    0 or LOW 仅需需符合密码长度(由参数validate_password_length指定) 1 or MEDIUM 满足LOW策略,同时还需满足至少有1个数字,小写字母,大写字母和特殊字符 2 or STRONG 满足MEDIUM策略,同时密码不能存在字典文件(dictionary file)中
    可以发现PVP强大之处还在于其在STRONG模式下还能设置字典文件,字典中存在的密码不得使用。
    可以通过参数validate_password_dictionary_file来设置字典文件。不过就Inside君来看,貌似MEDIUM策略的安全性已足够高了。
  • 相关阅读:
    20155207 2016-2017-2《Java程序设计》课程总结
    Mycp补交作业
    20155207 实验五 网络编程与安全
    20155206 随堂作业
    20155206 《Java程序设计》实验三实验报告
    20155206 2016-2017-2 《Java程序设计》第十周学习总结
    20155206 《JAVA程序设计》实验二(JAVA面向对象程序设计)实验报告
    20155206 2016-2017-2 《Java程序设计》第9周学习总结
    20155206 2016-2017-2 《Java程序设计》第8周学习总结
    20155206 实验一《Java开发环境的熟悉》实验报告
  • 原文地址:https://www.cnblogs.com/zengkefu/p/5630644.html
Copyright © 2011-2022 走看看