【MySQL】等保3.0部分要求
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# 修改密码定时更换策略 select User,Host,password_lifetime,password_expired from mysql.user; alter user 'gzhadmin'@'ip-1' password expire interval 60 day; alter user 'gzhadmin'@'ip-2' password expire interval 60 day; alter user 'gzhadmin'@'ip-3' password expire interval 60 day; #alter user 'ttt'@'%' password expire never; ## 连接控制插件安装 ## 查看参数,确认是否已安装 show variables like '%connection_control_max%'; show variables like '%failed_connections_threshold%'; show variables like 'wait_timeout%'; show variables like 'interactive_timeout%'; ## 安装插件 install plugin connection_control soname 'connection_control.so'; install plugin connection_control_failed_login_attempts soname 'connection_control.so'; ## 通过命令行修改全局参数配置信息 set global connection_control_failed_connections_threshold=5; set global connection_control_max_connection_delay = 900000; set global interactive_timeout = 1800; set global wait_timeout = 1800; ## 同时修改参数文件:vi /etc/my.cnf connection-control-max-connection-delay = 900000 connection-control-failed-connections-threshold = 5 interactive_timeout = 1800 wait_timeout = 1800 # 开启、关闭 审计日志 set global log_output=file; set global general_log_file='/data/general.log'; set global general_log=on; #set global general_log=off; # 密码复杂度 # 确认是否安装密码复杂度插件 show variables like 'validate%'; # 确认插件所在路径 show global variables like 'plugin_dir'; # 去插件路径验证插件是否存在 [root@mss ~]# cd /usr/local/mysql/lib/plugin/ [root@mss plugin]# ls |grep validate_password # 在命令行安装插件,并确认已是否安装成功 install plugin validate_password soname 'validate_password.so'; show variables like 'validate%'; |