gt; mysql -V
MySQL> SHOW VARIABLES WHERE variable_name LIKE "version";
# 查看数据库用户和口令信息
MySQL> SELECT host,user,plugin,authentication_string,password_lifetime,account_locked FROM mysql.user;
# 查看用户权限
MySQL> SHOW GRANTS FOR 'audit'@'localhost';
# 创建新用户
MySQL> CREATE USER 'manager'@'localhost' IDENTIFIED BY 'password';
# 修改账号密码
MySQL> ALTER USER 'manager'@'localhost' IDENTIFIED BY 'new_password';
# 给用户授权
MySQL> GRANT PRIVILEGES ON DatabaseName.TableName TO 'manager'@'localhost';
MySQL> GRANT SELECT, INSERT, UPDATE, DELETE ON DatabaseName.TableName TO 'manager'@'localhost';
# 撤销用户权限
MySQL> REVOKE PRIVILEGE ON DatabaseName.TableName TO 'manager'@'localhost';
# 检查用户权限列表
MySQL> SELECT * FROM mysql.user\G
# 检查数据库权限列表
MySQL> SELECT * FROM mysql.db\G
# 检查用户表权限列表
MySQL> SELECT * FROM mysql.tables_priv\G
# 取消所有授权
MySQL> REVOKE ALL PRIVILEGES ON *.* FROM 'audit'@'localhost';
# 删除用户
MySQL> DROP USER 'manager'@'localhost';
# 查看密码复杂度
MySQL> SHOW VARIABLES LIKE 'validate%';
# 上述命令执行结果为空时,安装插件
MySQL> INSTALL PLUGIN validate_password SONAME 'validate_password.so';
# 安装插件
MySQL> INSTALL PLUGIN CONNECTION_CONTROL SONAME 'connection_control.so'
# 安装插件
MySQL> INSTALL PLUGIN CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS SONAME 'connection_control.so';
查看变量
MySQL> SHOW VARIABLES LIKE '%connection_control%';
## 修改my.cnf文件
#登陆失败次数限制
connection-control-failed-connections-threshold=5
#限制重试时间,此处为毫秒,注意按需求换算,此处为5分钟
connection-control-min-connection-delay=300000
# 重启mysql服务才能生效
gt; service mysqld start
# 查看密码过期天数
MySQL> SHOW VARIABLES LIKE "%password%";
# 修改/etc/my.cnf文件
default_password_lifetime=180 # 默认default_password_lifetime=0
# 重启mysql服务才能生效
gt; service mysqld start
# 查看登录失败策略
MySQL> SHOW VARIABLES LIKE '%max_connect_errors%';
# 操作超时自动退出
MySQL> SHOW VARIABLES LIKE "%timeout%";
# 询问是否采用远程管理,如果本地管理则不适用,远程管理是否启用SSL
MySQL> SHOW VARIABLES LIKE "%have_ssl%";
MySQL> SHOW VARIABLES LIKE "%have_openssl%";
执行下列语句,默认为OFF,不符合。应设置为ON为开启审计。
MySQL> SHOW GLOBAL VARIABLES LIKE '%general%';
MySQL> SET GLOBAL GENERAL_LOG=ON;