1.通用方面的 比如账号密码授权方 MySQL更改默认端口等等

2.采用复杂口令。 生成数字,字母和字符混合密码

密码策略 MySQL5.6默认不支持口令检查功能,需要启用validate_password插件 http://dev.mysql.com/doc/refman/5.6/en/validate-password-plugin.html 配置文件: plugin-load=validate_password.so validate-password=FORCE_PLUS_PERMANENT

运行时启用: INSTALL PLUGIN validate_password SONAME ‘validate_password.so’;

mysql> SHOW VARIABLES LIKE 'validate_password%';
Empty set (0.00 sec)

mysql> INSTALL PLUGIN validate_password SONAME 'validate_password.so';
Query OK, 0 rows affected (0.01 sec)

mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password_dictionary_file    |        |
| validate_password_length             | 8      |
| validate_password_mixed_case_count   | 1      |
| validate_password_number_count       | 1      |
| validate_password_policy             | MEDIUM |
| validate_password_special_char_count | 1      |
+--------------------------------------+--------+
6 rows in set (0.00 sec)

mysql> CREATE USER 'ccj'@'localhost';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

MEDIUM 检查长度、数字、大小写、特殊字符

3.文件权限 chown mysql:mysql /etc/my.cnf chmod 600 /etc/my.cnf

4.MySQL加密连接

采用SSL安全连接 https://dev.mysql.com/doc/refman/5.6/en/using-ssl-connections.html https://dev.mysql.com/doc/refman/5.6/en/openssl-versus-yassl.html

https://dev.mysql.com/doc/refman/5.6/en/sha256-authentication-plugin.html 服务端启用sha256_password 客户端需要ssl或者RSA连接

社区版本二进制使用yaSSL不能用RSA,需要用SSL

密码RSA加密使用非加密连接方式(需要编译源码,启用openssl或者企业版)需要指定公钥文件。 mysql –ssl=0 -u sha256user -p –server-public-key-path=file_name

创建用户

CREATE USER ‘sha256user’@‘localhost’ IDENTIFIED WITH sha256_password; SET old_passwords = 2; SET PASSWORD FOR ‘sha256user’@‘localhost’ = PASSWORD(‘Sh@256Pa33’);

密钥生成 openssl genrsa -out private_key.pem 2048 openssl rsa -in private_key.pem -pubout -out public_key.pem

配置文件修改 sha256_password_private_key_path=/var/lib/mysql/private_key.pem sha256_password_public_key_path=/var/lib/mysql/public_key.pem

5.企业版相关增强 MySQL Enterprise Audit Log Plugin MySQL Enterprise Firewall

0 回复
需要 登录 后方可回复, 如果你还没有账号你可以 注册 一个帐号。