当前位置：Gxlcms > 数据库问题 > 启动MYSQL密码审计插件

启动MYSQL密码审计插件

时间：2021-07-01 10:21:17 帮助过：2人阅读

root@server-mysql plugin]# pwd /usr/local/mysql56/lib/plugin [root@server-mysql plugin]# ll total 2184 -rwxr-xr-x. 1 root mysql 15437 Sep 19 2015 adt_null.so -rwxr-xr-x. 1 root mysql 25619 Sep 19 2015 auth.so -rwxr-xr-x. 1 root mysql 12364 Sep 19 2015 auth_socket.so -rwxr-xr-x. 1 root mysql 25072 Sep 19 2015 auth_test_plugin.so -rw-r--r--. 1 root mysql 227 Sep 18 2015 daemon_example.ini drwxr-xr-x. 2 root mysql 4096 Dec 11 2015 debug -rwxr-xr-x. 1 root mysql 573478 Sep 19 2015 innodb_engine.so -rwxr-xr-x. 1 root mysql 42321 Sep 19 2015 libdaemon_example.so -rwxr-xr-x. 1 root mysql 584295 Sep 19 2015 libmemcached.so -rwxr-xr-x. 1 root mysql 17539 Sep 19 2015 mypluglib.so -rwxr-xr-x. 1 root mysql 11913 Sep 19 2015 mysql_no_login.so -rwxr-xr-x. 1 root mysql 18151 Sep 19 2015 qa_auth_client.so -rwxr-xr-x. 1 root mysql 23798 Sep 19 2015 qa_auth_interface.so -rwxr-xr-x. 1 root mysql 12926 Sep 19 2015 qa_auth_server.so -rwxr-xr-x. 1 root mysql 421090 Sep 19 2015 semisync_master.so -rwxr-xr-x. 1 root mysql 250206 Sep 19 2015 semisync_slave.so -rwxr-xr-x. 1 root mysql 157141 Sep 19 2015 validate_password.so

my.cnf加入:
plugin-load=validate_password.so
validate-password=FORCE_PLUS_PERMANENT

mysql> SHOW PLUGINS;
+----------------------------+----------+--------------------+----------------------+---------+
| Name                       | Status   | Type               | Library              | License |
+----------------------------+----------+--------------------+----------------------+---------+
| binlog                     | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
| mysql_native_password      | ACTIVE   | AUTHENTICATION     | NULL                 | GPL     |
| mysql_old_password         | ACTIVE   | AUTHENTICATION     | NULL                 | GPL     |
| sha256_password            | ACTIVE   | AUTHENTICATION     | NULL                 | GPL     |
| MRG_MYISAM                 | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
| MyISAM                     | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
| MEMORY                     | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
| CSV                        | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
| InnoDB                     | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
| INNODB_TRX                 | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_LOCKS               | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_LOCK_WAITS          | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_CMP                 | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_CMP_RESET           | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_CMPMEM              | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_CMPMEM_RESET        | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_CMP_PER_INDEX       | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_CMP_PER_INDEX_RESET | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_BUFFER_PAGE         | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_BUFFER_PAGE_LRU     | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_BUFFER_POOL_STATS   | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_METRICS             | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_FT_DEFAULT_STOPWORD | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_FT_DELETED          | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_FT_BEING_DELETED    | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_FT_CONFIG           | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_FT_INDEX_CACHE      | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_FT_INDEX_TABLE      | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_SYS_TABLES          | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_SYS_TABLESTATS      | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_SYS_INDEXES         | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_SYS_COLUMNS         | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_SYS_FIELDS          | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_SYS_FOREIGN         | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_SYS_FOREIGN_COLS    | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_SYS_TABLESPACES     | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| INNODB_SYS_DATAFILES       | ACTIVE   | INFORMATION SCHEMA | NULL                 | GPL     |
| PERFORMANCE_SCHEMA         | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
| BLACKHOLE                  | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
| FEDERATED                  | DISABLED | STORAGE ENGINE     | NULL                 | GPL     |
| ARCHIVE                    | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
| partition                  | ACTIVE   | STORAGE ENGINE     | NULL                 | GPL     |
| validate_password          | ACTIVE   | VALIDATE PASSWORD  | validate_password.so | GPL     |
+----------------------------+----------+--------------------+----------------------+---------+
43 rows in set (0.01 sec)

mysql> set password=password("123");
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
mysql> set password=password("Aa@1");
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
mysql> set password=password("Aa@12345");
Query OK, 0 rows affected (0.01 sec)

mysql> show variables like "%password%";
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| disconnect_on_expired_password       | ON     |
| old_passwords                        | 0      |
| report_password                      |        |
| validate_password_dictionary_file    |        |
| validate_password_length             | 8      |
| validate_password_mixed_case_count   | 1      |
| validate_password_number_count       | 1      |
| validate_password_policy             | MEDIUM |
| validate_password_special_char_count | 1      |
+--------------------------------------+--------+
9 rows in set (0.00 sec)

参数validate_password_length用于设置密码的最小长度，默认值为8。

参数validate_password_policy表示密码策略，可设置的值有：

0 or LOW 仅需需符合密码长度（由参数validate_password_length指定）
1 or MEDIUM 满足LOW策略，同时还需满足至少有1个数字，小写字母，大写字母和特殊字符
2 or STRONG 满足MEDIUM策略，同时密码不能存在字典文件（dictionary file）中

可以发现PVP强大之处还在于其在STRONG模式下还能设置字典文件，字典中存在的密码不得使用。
可以通过参数validate_password_dictionary_file来设置字典文件。不过就Inside君来看，貌似MEDIUM策略的安全性已足够高了。

启动MYSQL密码审计插件

标签：

启动MYSQL密码审计插件

人气教程排行