-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path210204-Mysql密码安全策略配置.html
30 lines (29 loc) · 17.6 KB
/
210204-Mysql密码安全策略配置.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
<!DOCTYPE html><html lang="zh-CN"><head><meta name="generator" content="Hexo 3.9.0"><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" name="viewport"><meta content="yes" name="apple-mobile-web-app-capable"><meta content="black-translucent" name="apple-mobile-web-app-status-bar-style"><meta content="telephone=no" name="format-detection"><meta name="description" content><title>Mysql密码安全策略配置 | zhiheng's blog</title><link rel="stylesheet" type="text/css" href="/css/style.css?v=1.0.0"><link rel="stylesheet" type="text/css" href="//cdn.jsdelivr.net/npm/normalize.css/normalize.min.css"><link rel="stylesheet" type="text/css" href="//cdn.jsdelivr.net/npm/purecss/build/pure-min.min.css"><link rel="stylesheet" type="text/css" href="//cdn.jsdelivr.net/npm/purecss/build/grids-responsive-min.css"><link rel="stylesheet" href="//cdn.jsdelivr.net/npm/[email protected]/css/font-awesome.min.css"><script type="text/javascript" src="//cdn.jsdelivr.net/npm/jquery/dist/jquery.min.js"></script><link rel="icon" mask sizes="any" href="/img/favicon.ico"><link rel="Shortcut Icon" type="image/x-icon" href="/img/favicon.ico"><link rel="apple-touch-icon" href="/apple-touch-icon.png"><link rel="apple-touch-icon-precomposed" href="/apple-touch-icon.png"><link rel="alternate" type="application/atom+xml" href="/atom.xml"><script type="text/javascript" src="//cdn.jsdelivr.net/npm/clipboard/dist/clipboard.min.js"></script><script type="text/javascript" src="//cdn.jsdelivr.net/gh/codeseven/toastr/build/toastr.min.js"></script><link rel="stylesheet" href="//cdn.jsdelivr.net/gh/codeseven/toastr/build/toastr.min.css"></head><body><div class="body_container"><div id="header"><div class="site-name"><h1 class="hidden">Mysql密码安全策略配置</h1><a id="logo" href="/.">zhiheng's blog</a><p class="description">喜于分享,勤于积累;欢迎关注我的微信公众号:治恒说说</p></div><div id="nav-menu"><a class="current" href="/."><i class="fa fa-home"> 首页</i></a><a href="/archives/"><i class="fa fa-archive"> 归档</i></a><a href="/about/"><i class="fa fa-user"> 关于</i></a><a href="/demo/"><i class="fa fa-square"> 有趣的代码</i></a></div></div><div class="pure-g" id="layout"><div class="pure-u-1 pure-u-md-3-4"><div class="content_container"><div class="post"><h1 class="post-title">Mysql密码安全策略配置</h1><div class="post-meta">2021年02月04日<span> | </span><span class="category"><a href="/categories/Mysql/">Mysql</a></span><script src="https://busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js" async></script><span id="busuanzi_container_page_pv"> | <span id="busuanzi_value_page_pv"></span><span> 阅读</span></span></div><div class="post-content"><p>近些年来,网络安全相应的法律法规在逐步完善,网络安全等级保护制度在《网络安全法》的正式实施后,得到大力推进。很多公司、单位,逐渐认识到网络安全等级保护的重要性,为了落实网络安全等级保护工作,我所在的项目最近也做了一次等保的测评,下面是针对 MySQL 数据库相关的一些整改配置。</p>
<blockquote>
<p>Tips:示例是以 Mysql 5.7 为例</p>
</blockquote>
<h2 id="密码策略"><a href="#密码策略" class="headerlink" title="密码策略"></a>密码策略</h2><p>首先登录 Mysql 查看目前数据库的密码策略<br><figure class="highlight sql"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">show</span> <span class="keyword">variables</span> <span class="keyword">like</span> <span class="string">'validate_password%'</span>;</span><br></pre></td></tr></table></figure></p>
<p>如果出现 <code>Empty set (0.01 sec)</code> 的字样,说明你的 Mysql 还未安装 <code>validate_password</code> 的插件。查看插件列表:<br><figure class="highlight sql"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">show</span> plugins;</span><br></pre></td></tr></table></figure></p>
<p><img src="https://i.loli.net/2021/02/04/5IgGol6d9bTfkFC.png" alt="图一"><br>如果没有这一项,说明确实没有安装<code>validate_password</code>插件。</p>
<h2 id="安装插件"><a href="#安装插件" class="headerlink" title="安装插件"></a>安装插件</h2><p>要使服务器可用,插件库文件必须位于 MySQL 插件目录中(由plugin_dir系统变量命名的目录)。如果需要,通过在服务器启动时设置 plugin_dir 的值来配置插件目录位置。<br><figure class="highlight sql"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">show</span> <span class="keyword">variables</span> <span class="keyword">like</span> <span class="string">'plugin_dir'</span>;</span><br></pre></td></tr></table></figure></p>
<p><img src="https://i.loli.net/2021/02/04/kHz2YjrEyGQ6J3P.png" alt="图二"></p>
<p>插件库的文件名是 validate_password.文件名后缀根据平台的不同而不同(.so 是Unix和类Linux系统,.dll是Windows系统)。要在服务器启动时加载插件,可以在配置文件中使用 <code>plugin-load-add</code> 参数来命名包含它的库文件。修改配置文件<code>my.cnf</code><br><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/my.cnf</span><br><span class="line"></span><br><span class="line">[mysqld]</span><br><span class="line"><span class="attribute">plugin-load-add</span>=validate_password.so</span><br><span class="line"><span class="comment">#服务器在启动时加载插件,并防止在服务器运行时删除插件。</span></span><br><span class="line"><span class="attribute">validate-password</span>=FORCE_PLUS_PERMANENT</span><br></pre></td></tr></table></figure></p>
<p>修改 my.cnf 之后,重启服务器以使新设置生效。或者,要在运行时注册插件,可以使用以下命令:<br><figure class="highlight sql"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">service mysqld restart</span><br><span class="line"><span class="comment">#或</span></span><br><span class="line"><span class="keyword">install</span> <span class="keyword">plugin</span> validate_password <span class="keyword">soname</span> <span class="string">'validate_password.so'</span>;</span><br></pre></td></tr></table></figure></p>
<p>然后在次查看插件列表,就会出现图一中的那一项 <code>validate_password</code></p>
<h2 id="配置"><a href="#配置" class="headerlink" title="配置"></a>配置</h2><p>再次执行查看密码策略的命令:<br><figure class="highlight sql"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">show</span> <span class="keyword">variables</span> <span class="keyword">like</span> <span class="string">'validate_password%'</span>;</span><br></pre></td></tr></table></figure></p>
<p><img src="https://i.loli.net/2021/02/04/Y4I5nLstzM9ClmH.png" alt="image.png"></p>
<p><code>validate_password_check_user_name</code>:设置为ON的时候表示能将密码设置成当前用户名。<br><code>validate_password_dictionary_file</code>:用于检查密码的字典文件的路径名。<br><code>validate_password_length</code>:所需密码的最小长度。<br><code>validate_password_mixed_case_count</code>:默认值为1,如果密码策略是中等或更强的,限制小写字符和大写字符个数。<br><code>validate_password_number_count</code>:如果密码策略是中等或更强的,要求密码具有数字的个数。<br><code>validate_password_policy</code>: 默认值为1, 密码强度等级 [LOW:0| MEDIUM:1 | STRONG:2]<br><code>validate_password_special_char_count</code> : 默认值为1,限制特殊字符个数<br>其中,validate_password_policy<br>0/LOW:只检查长度。<br>1/MEDIUM:检查长度、数字、大小写、特殊字符。<br>2/STRONG:检查长度、数字、大小写、特殊字符字典文件。</p>
<p>可以使用一下命令修改上述值:<br><figure class="highlight sql"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">set</span> <span class="keyword">global</span> validate_password_policy=<span class="number">1</span>;</span><br><span class="line"><span class="keyword">set</span> <span class="keyword">global</span> validate_password_length=<span class="number">8</span>;</span><br><span class="line"><span class="keyword">flush</span> <span class="keyword">privileges</span>;</span><br></pre></td></tr></table></figure></p>
<p>也可以在配置文件中直接配置:<br><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">vim /etc/my.cnf</span><br><span class="line"></span><br><span class="line">[mysqld]</span><br><span class="line"><span class="attribute">validate_password_policy</span>=1</span><br><span class="line"><span class="attribute">validate_password_length</span>=8</span><br></pre></td></tr></table></figure></p>
<h2 id="参考和相关链接"><a href="#参考和相关链接" class="headerlink" title="参考和相关链接"></a>参考和相关链接</h2><p>mysql 5.7安装密码校验插件validate_password:<a href="https://www.cnblogs.com/alonely/p/10927541.html" target="_blank" rel="noopener">https://www.cnblogs.com/alonely/p/10927541.html</a></p>
<p>MYSQL57密码策略修改:<a href="https://www.cnblogs.com/zhi-leaf/p/5994478.html" target="_blank" rel="noopener">https://www.cnblogs.com/zhi-leaf/p/5994478.html</a></p>
<p><div style="text-align:center;margin:0;" markdown="1"><img src="../img/ddAnswer.jpg" alt="ddAnswer" style="margin:0 auto;"></div></p>
<p style="text-align: center;margin:0;">更多文章请关注微信公众号: zhiheng博客</p>
<p style="text-align: center;margin:20 0;">如果文章对你有用,转发分享、赞赏才是真爱 [斜眼笑]</p>
</div><div class="tags"><a href="/tags/运维/"><i class="fa fa-tag"></i>运维</a><a href="/tags/Mysql/"><i class="fa fa-tag"></i>Mysql</a></div><div class="post-nav"><a class="pre" href="/210206-SpringBoot-使用JdbcTemplate操作数据库.html">SpringBoot-使用JdbcTemplate操作数据库</a><a class="next" href="/210127-SpringBoot-集成Swagger2文档生成.html">SpringBoot-集成Swagger2文档生成</a></div></div></div></div><div class="pure-u-1-4 hidden_mid_and_down"><div id="sidebar"><div class="widget"><div class="search-form"><input id="local-search-input" placeholder="Search" type="text" name="q" results="0"><div id="local-search-result"></div></div></div><div class="widget"><div class="widget-title"><i class="fa fa-wechat"> 微信公众号</i></div><div class="tagcloud"><img src="/img/zhihengss.jpg" style="width: 80%"></div></div><div class="widget"><div class="widget-title"><i class="fa fa-folder-o"> 分类</i></div><ul class="category-list"><li class="category-list-item"><a class="category-list-link" href="/categories/Github/">Github</a><span class="category-list-count">5</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/Mysql/">Mysql</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/Python/">Python</a><span class="category-list-count">2</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/Spring-Boot/">Spring Boot</a><span class="category-list-count">6</span></li></ul></div><div class="widget"><div class="widget-title"><i class="fa fa-star-o"> 标签</i></div><div class="tagcloud"><a href="/tags/杂谈/" style="font-size: 15px;">杂谈</a> <a href="/tags/Kotlin/" style="font-size: 15px;">Kotlin</a> <a href="/tags/Google/" style="font-size: 15px;">Google</a> <a href="/tags/微信/" style="font-size: 15px;">微信</a> <a href="/tags/Photo/" style="font-size: 15px;">Photo</a> <a href="/tags/旅行/" style="font-size: 15px;">旅行</a> <a href="/tags/go/" style="font-size: 15px;">go</a> <a href="/tags/总结/" style="font-size: 15px;">总结</a> <a href="/tags/推荐/" style="font-size: 15px;">推荐</a> <a href="/tags/Spring-Boot/" style="font-size: 15px;">Spring Boot</a> <a href="/tags/Java/" style="font-size: 15px;">Java</a> <a href="/tags/运维/" style="font-size: 15px;">运维</a> <a href="/tags/Mysql/" style="font-size: 15px;">Mysql</a> <a href="/tags/Github/" style="font-size: 15px;">Github</a> <a href="/tags/教程/" style="font-size: 15px;">教程</a> <a href="/tags/软件/" style="font-size: 15px;">软件</a> <a href="/tags/Python/" style="font-size: 15px;">Python</a> <a href="/tags/Excel/" style="font-size: 15px;">Excel</a> <a href="/tags/工具/" style="font-size: 15px;">工具</a> <a href="/tags/JavaScript/" style="font-size: 15px;">JavaScript</a> <a href="/tags/Test/" style="font-size: 15px;">Test</a> <a href="/tags/Chrome/" style="font-size: 15px;">Chrome</a> <a href="/tags/Css/" style="font-size: 15px;">Css</a> <a href="/tags/Html/" style="font-size: 15px;">Html</a> <a href="/tags/设计模式/" style="font-size: 15px;">设计模式</a> <a href="/tags/Web/" style="font-size: 15px;">Web</a> <a href="/tags/React-Native/" style="font-size: 15px;">React-Native</a> <a href="/tags/ES6/" style="font-size: 15px;">ES6</a></div></div><div class="widget"><div class="widget-title"><i class="fa fa-file-o"> 最近文章</i></div><ul class="post-list"><li class="post-list-item"><a class="post-list-link" href="/211206-github精选-github加速访问神器.html">github精选-github加速访问神器</a></li><li class="post-list-item"><a class="post-list-link" href="/211204-github精选-一款高颜值的Redis客户端.html">github精选-一款高颜值的Redis客户端</a></li><li class="post-list-item"><a class="post-list-link" href="/211203-Python读取Excel中的图片(二).html">Python读取Excel中的图片(二)</a></li><li class="post-list-item"><a class="post-list-link" href="/211124-github精选-Linux命令大全.html">github精选-Linux命令大全</a></li><li class="post-list-item"><a class="post-list-link" href="/211120-github精选-PeaZip一款好用又免费的压缩软件.html">github精选-PeaZip一款好用又免费的压缩软件</a></li><li class="post-list-item"><a class="post-list-link" href="/211116-使用Python读取Excel中的图片并对应到记录.html">使用Python读取Excel中的图片并对应到记录</a></li><li class="post-list-item"><a class="post-list-link" href="/211111-SpringRestTemplate的使用.html">Spring RestTemplate的使用</a></li><li class="post-list-item"><a class="post-list-link" href="/211108-github精选-秒杀系统设计与实现.html">github精选-秒杀系统设计与实现</a></li><li class="post-list-item"><a class="post-list-link" href="/210208-Mysql登录失败多次锁定配置.html">Mysql登录失败多次锁定配置</a></li><li class="post-list-item"><a class="post-list-link" href="/210206-SpringBoot-使用JdbcTemplate操作数据库.html">SpringBoot-使用JdbcTemplate操作数据库</a></li></ul></div><div class="widget"><div class="widget-title"><i class="fa fa-external-link"> 友情链接</i></div><ul></ul><a href="https://geektutu.com/" title="极客兔兔" target="_blank">极客兔兔</a><ul></ul><a href="https://www.itmuch.com/" title="周立的博客" target="_blank">周立的博客</a><ul></ul><a href="https://liwenzhou.com/" title="李文周的博客" target="_blank">李文周的博客</a><ul></ul><a href="https://github.com/dddreams/dddreams.github.io/issues" title="添加友链请提交Issues" target="_blank">添加友链请提交Issues</a></div></div></div><div class="pure-u-1 pure-u-md-3-4"><div id="footer">Copyright © 2021 <a href="/." rel="nofollow">zhiheng's blog.</a> Powered by<a rel="nofollow" target="_blank" href="https://hexo.io"> Hexo.</a><a rel="nofollow" target="_blank" href="https://github.com/tufu9441/maupassant-hexo"> Theme</a> by<a rel="nofollow" target="_blank" href="https://github.com/pagecho"> Cho.</a></div></div></div><a class="show" id="rocket" href="#top"></a><script type="text/javascript" src="/js/totop.js?v=1.0.0" async></script><script type="text/javascript" src="//cdn.jsdelivr.net/gh/fancyapps/fancybox/dist/jquery.fancybox.min.js" async></script><script type="text/javascript" src="/js/fancybox.js?v=1.0.0" async></script><link rel="stylesheet" type="text/css" href="//cdn.jsdelivr.net/gh/fancyapps/fancybox/dist/jquery.fancybox.min.css"><link rel="stylesheet" type="text/css" href="/css/search.css?v=1.0.0"><script type="text/javascript" src="/js/search.js?v=1.0.0"></script><script>var search_path = 'search.xml';
if (search_path.length == 0) {
search_path = 'search.xml';
}
var path = '/' + search_path;
searchFunc(path, 'local-search-input', 'local-search-result');
</script><script type="text/javascript" src="/js/copycode.js" successtext="复制成功!"></script><link rel="stylesheet" type="text/css" href="/css/copycode.css"><script type="text/javascript" src="/js/codeblock-resizer.js?v=1.0.0"></script><script type="text/javascript" src="/js/smartresize.js?v=1.0.0"></script></div></body></html>