O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

利用Init connect做mysql clients stat 用户审计

1.368 visualizações

Publicada em

利用Init connect做mysql clients stat 用户审计

Publicada em: Tecnologia, Diversão e humor
  • Login to see the comments

  • Seja a primeira pessoa a gostar disto

利用Init connect做mysql clients stat 用户审计

  1. 1. MySQLClients审计介绍<br />@杨德华Devin<br />
  2. 2. init_connect<br />A string to be executed by the server for each client that connects. <br />The string consists of one or more SQL statements, separated by semicolon characters.<br />
  3. 3. Example<br />SET GLOBAL init_connect='SET global autocommit=0';<br />init_connect='SET NAMES utf8'<br />[mysqld] <br />init_connect='SET autocommit=0‘;<br />
  4. 4. How does it work?<br />prepare_new_connection_state<br />
  5. 5. gdb it<br />Root用户不生效…(super权限)<br />sudo gdb -p `ps aux | grep mysqld | grep -v "grep" | grep -v "mysqld_safe" | awk '{print $2}'`<br />break sql_connect.cc:1047<br />print sys_init_connect->value<br />What you see is what you have set.<br />
  6. 6. 实际效果<br />for d in `echo "select distinct(default_database) from test.accesslog" | mysql -uroot -pxxxx -N`<br />do<br />if [[ $d != "NULL" ]];then<br />echo -e "n";<br />echo "====="$d" Latest Clients=====";<br />echo "User Access Time"<br />echo "select distinct(matchname),check_time from test.accesslog where default_database='$d' order by check_time desc limit 2" | $MYSQL<br /> -N;<br />fi<br />done<br />
  7. 7. 建表<br />CREATE TABLE IF NOT EXISTS  test.`accesslog`  (  `id` int(11) NOT NULL,  `check_time` datetime DEFAULT NULL,  `localname` varchar(60) DEFAULT NULL,  `matchname` varchar(60) DEFAULT NULL,  `default_database` varchar(60) default null,   index idx_db(`default_database`),<br />   index idx_time(`check_time`),<br />   index idx_user(`matchname`)<br />  )engine=innodb ;<br />
  8. 8. set global init_connect<br />set global init_connect=‘<br /> insert into test.accesslog values<br />(connection_id(),now(),user(),current_user(),database()  );  '; <br />
  9. 9. 函数介绍<br />CONNECTION_ID()Return the connection ID (thread ID) for the connection<br />CURRENT_USER(), CURRENT_USER()The authenticated user name and host name<br />DATABASE()Return the default (current) database name<br />USER()The user name and host name provided by the client<br />
  10. 10. Problems<br />root@test 10:07:21>insert into test.accesslog values(connection_id(),now(),user(),current_user(),database()  );<br />Query OK, 1 row affected, 1 warning (0.00 sec)root@test 10:07:27>show warnings;+-------+------+-------------------------------------------------------+| Level | Code | Message                                               |+-------+------+-------------------------------------------------------+| Note  | 1592 | Statement may not be safe to log in statement format. |+-------+------+-------------------------------------------------------+<br />
  11. 11. 改进<br />set sql_log_bin=0;insert into test.accesslog values(connection_id(),now(),user(),current_user(),database()  ); <br />
  12. 12. 再改进<br />set sql_log_bin=0;insert into test.accesslog values(connection_id(),now(),user(),current_user(),database()  );  set sql_log_bin=1;  <br />
  13. 13. select (60*3+8+8)*10000/1024/1024*365;<br />+--------------------------------+<br />| (60*3+8+8)*10000/1024/1024*365 |<br />+--------------------------------+<br />| 682.25860596 | <br />+--------------------------------+<br />1 row in set (0.00 sec)<br />
  14. 14. 再改进<br />set sql_log_bin=0;insert into test.accesslog values(connection_id(),now(),user(),current_user(),database()  );  DELETE FROM test.accesslog WHERE check_time < DATE_SUB(CURDATE(),INTERVAL 3 MONTH) limit 10; set sql_log_bin=1; <br />
  15. 15. 使用注意<br />备库init_connect不能有insert操作<br />

×