create database test; Query OK, 1 row affected (0.00 sec) mysql> use test; Database c..."/>
溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務條款》

MySQL利用init-connect增加訪問審計功能異常

發(fā)布時間:2020-10-06 18:34:19 來源:網(wǎng)絡 閱讀:1542 作者:蘇黎世1995 欄目:MySQL數(shù)據(jù)庫
init-connet設置
注:該參數(shù)對超級用戶不生效
-- 創(chuàng)建測試庫
mysql> create database test;
Query OK, 1 row affected (0.00 sec)

mysql> use test;
Database changed

-- 創(chuàng)建審計記錄表
mysql> CREATE TABLE `conn_log` (
    ->   `conn_id` int(11) DEFAULT NULL,
    ->   `conn_time` datetime DEFAULT NULL,
    ->   `user_name` varchar(128) CHARACTER SET utf8 DEFAULT NULL,
    ->   `cur_user_name` varchar(128) CHARACTER SET utf8 DEFAULT NULL,
    ->   `ip` varchar(15) CHARACTER SET utf8 DEFAULT NULL,
    ->   KEY `conn_time` (`conn_time`)
    -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ;
Query OK, 0 rows affected (0.01 sec)

-- 設置審計內容
mysql> set global init_connect="set @user=user(),@cur_user=current_user();insert into test.conn_log values(connection_id(),now(),@user,@cur_user,'10.0.0.1');"
    -> ;
Query OK, 0 rows affected (0.00 sec)

mysql> show variables like '%init%';
+------------------------+-------------------------------------------------------------------------------------------------------------------------------+
| Variable_name          | Value                                                                                                                         |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------+
| init_connect           | set @user=user(),@cur_user=current_user();insert into test.conn_log values(connection_id(),now(),@user,@cur_user,'10.0.0.1'); |
| init_file              |                                                                                                                               |
| init_slave             |                                                                                                                               |
| table_definition_cache | 1400                                                                                                                          |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------+
4 rows in set (0.00 sec)

-- 創(chuàng)建普通用戶

mysql> grant select,insert on dba_test.* to 'test'@'%' identified by 'test';
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
異常
[root@test ~]# mysql -S /data0/mysql57/mysql3307/mysqltmp/mysql3307.sock  -utest -ptest 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 117
Server version: 5.7.21-log

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show user();
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id:    118
Current database: *** NONE ***

ERROR 1184 (08S01): Aborted connection 118 to db: 'unconnected' user: 'test' host: 'localhost' (init_connect command failed)
mysql> select user();
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id:    119
Current database: *** NONE ***
異常處理
分析

通過查看erro log發(fā)現(xiàn)test用戶沒有test.conn_log表的寫權限,導致init-connect中的sql內容無法進行,
從而導致連接失敗

解決
-- 賦權
mysql> grant insert on test.* to 'test'@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

-- 登陸正常
[root@test ~]# mysql -hip地址 -P3307  -utest -ptest
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 140
Server version: 5.7.21-log MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use dba_test;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+--------------------+
| Tables_in_dba_test |
+--------------------+
| user               |
+--------------------+
1 row in set (0.00 sec)

mysql> insert into user(user_id,username) values(4,'d');
Query OK, 1 row affected (0.00 sec)

mysql>
向AI問一下細節(jié)

免責聲明:本站發(fā)布的內容(圖片、視頻和文字)以原創(chuàng)、轉載和分享為主,文章觀點不代表本網(wǎng)站立場,如果涉及侵權請聯(lián)系站長郵箱:is@yisu.com進行舉報,并提供相關證據(jù),一經(jīng)查實,將立刻刪除涉嫌侵權內容。

AI