MySQL利用init-connect增加访问审计功能异常
admin
2023-05-01 09:44:20
0
init-connet设置
注:该参数对超级用户不生效
-- 创建测试库
mysql> create database test;
Query OK, 1 row affected (0.00 sec)

mysql> use test;
Database changed

-- 创建审计记录表
mysql> CREATE TABLE `conn_log` (
    ->   `conn_id` int(11) DEFAULT NULL,
    ->   `conn_time` datetime DEFAULT NULL,
    ->   `user_name` varchar(128) CHARACTER SET utf8 DEFAULT NULL,
    ->   `cur_user_name` varchar(128) CHARACTER SET utf8 DEFAULT NULL,
    ->   `ip` varchar(15) CHARACTER SET utf8 DEFAULT NULL,
    ->   KEY `conn_time` (`conn_time`)
    -> ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 ;
Query OK, 0 rows affected (0.01 sec)

-- 设置审计内容
mysql> set global init_connect="set @user=user(),@cur_user=current_user();insert into test.conn_log values(connection_id(),now(),@user,@cur_user,'10.0.0.1');"
    -> ;
Query OK, 0 rows affected (0.00 sec)

mysql> show variables like '%init%';
+------------------------+-------------------------------------------------------------------------------------------------------------------------------+
| Variable_name          | Value                                                                                                                         |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------+
| init_connect           | set @user=user(),@cur_user=current_user();insert into test.conn_log values(connection_id(),now(),@user,@cur_user,'10.0.0.1'); |
| init_file              |                                                                                                                               |
| init_slave             |                                                                                                                               |
| table_definition_cache | 1400                                                                                                                          |
+------------------------+-------------------------------------------------------------------------------------------------------------------------------+
4 rows in set (0.00 sec)

-- 创建普通用户

mysql> grant select,insert on dba_test.* to 'test'@'%' identified by 'test';
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
异常
[root@test ~]# mysql -S /data0/mysql57/mysql3307/mysqltmp/mysql3307.sock  -utest -ptest 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 117
Server version: 5.7.21-log

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show user();
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id:    118
Current database: *** NONE ***

ERROR 1184 (08S01): Aborted connection 118 to db: 'unconnected' user: 'test' host: 'localhost' (init_connect command failed)
mysql> select user();
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id:    119
Current database: *** NONE ***
异常处理
分析

通过查看erro log发现test用户没有test.conn_log表的写权限,导致init-connect中的sql内容无法进行,
从而导致连接失败

解决
-- 赋权
mysql> grant insert on test.* to 'test'@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

-- 登陆正常
[root@test ~]# mysql -hip地址 -P3307  -utest -ptest
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 140
Server version: 5.7.21-log MySQL Community Server (GPL)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use dba_test;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+--------------------+
| Tables_in_dba_test |
+--------------------+
| user               |
+--------------------+
1 row in set (0.00 sec)

mysql> insert into user(user_id,username) values(4,'d');
Query OK, 1 row affected (0.00 sec)

mysql>

上一篇:MySQL中 sysbench如何使用

下一篇:揭秘!一起宁德钓蟹辅助器,微信小程序麻将能不能开挂吗

相关内容

热门资讯

美媒又想起这茬:2年前在地中海... 【文/观察者网 阮佳琪】2024年12月23日,载有16名船员的俄罗斯“大熊星座”号货船在西班牙近海...
App过度索取授权或被境外间谍... 微信公众号“国家安全部”5月13日发文: 手机里各种各样的应用程序(APP)五花八门,在方便我们生...
广合科技获得发明专利授权:“一... 证券之星消息,根据天眼查APP数据显示广合科技(001389)新获得一项发明专利授权,专利名为“一种...
华尔街科技老将:大科技公司分化... 5月11日,互联网泡沫时期的知名芯片分析师、Niles Investment Management创...
香港80后“地产女王”烧炭身亡... 据《香港01》报道,5月12日,香港九龙传统豪宅地段加多利山畔的豪宅项目Kadoorie Hill发...
谷歌发布安卓 AI 系统,这就... 和去年一样,在正式的 Google I/O 开发者大会之前,谷歌为 Android 单独开了一次小型...
300斤医生走红 曾一年猛涨1...   300斤医生走红 曾一年猛涨100斤  【300斤医生走红 曾一年猛涨100斤】5月11日,上海...
新乡市主要负责同志职务调整 日前,中共河南省委决定:魏建平同志任中共新乡市委书记,李卫东同志不再担任中共新乡市委书记、常委、委员...
九阳电饭锅H01故障 H01是因为上盖异常高温,有可能是机板不良造成的;同时也可能是故障前没有清洗上盖或溢出米浆等情况造成...
电饭煲显示e3是什么原因 1、可能是电饭煲里面的食物水分烧干之后,密封圈在高温运转的环境下被烧焦了,这个情况下可能会出现故障提...