Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

利用Init connect做mysql clients stat 用户审计

1,364 views

Published on

利用Init connect做mysql clients stat 用户审计

  • If you are looking for customer-oriented academic and research paper writing service try ⇒⇒⇒ WRITE-MY-PAPER.net ⇐⇐⇐ liked them A LOTTT Really nice solutions for the last-day papers
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • My personal experience with research paper writing services was highly positive. I sent a request to ⇒ www.HelpWriting.net ⇐ and found a writer within a few minutes. Because I had to move house and I literally didn’t have any time to sit on a computer for many hours every evening. Thankfully, the writer I chose followed my instructions to the letter. I know we can all write essays ourselves. For those in the same situation I was in, I recommend ⇒ www.HelpWriting.net ⇐.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

利用Init connect做mysql clients stat 用户审计

  1. 1. MySQLClients审计介绍<br />@杨德华Devin<br />
  2. 2. init_connect<br />A string to be executed by the server for each client that connects. <br />The string consists of one or more SQL statements, separated by semicolon characters.<br />
  3. 3. Example<br />SET GLOBAL init_connect='SET global autocommit=0';<br />init_connect='SET NAMES utf8'<br />[mysqld] <br />init_connect='SET autocommit=0‘;<br />
  4. 4. How does it work?<br />prepare_new_connection_state<br />
  5. 5. gdb it<br />Root用户不生效…(super权限)<br />sudo gdb -p `ps aux | grep mysqld | grep -v "grep" | grep -v "mysqld_safe" | awk '{print $2}'`<br />break sql_connect.cc:1047<br />print sys_init_connect->value<br />What you see is what you have set.<br />
  6. 6. 实际效果<br />for d in `echo "select distinct(default_database) from test.accesslog" | mysql -uroot -pxxxx -N`<br />do<br />if [[ $d != "NULL" ]];then<br />echo -e "n";<br />echo "====="$d" Latest Clients=====";<br />echo "User Access Time"<br />echo "select distinct(matchname),check_time from test.accesslog where default_database='$d' order by check_time desc limit 2" | $MYSQL<br /> -N;<br />fi<br />done<br />
  7. 7. 建表<br />CREATE TABLE IF NOT EXISTS  test.`accesslog`  (  `id` int(11) NOT NULL,  `check_time` datetime DEFAULT NULL,  `localname` varchar(60) DEFAULT NULL,  `matchname` varchar(60) DEFAULT NULL,  `default_database` varchar(60) default null,   index idx_db(`default_database`),<br />   index idx_time(`check_time`),<br />   index idx_user(`matchname`)<br />  )engine=innodb ;<br />
  8. 8. set global init_connect<br />set global init_connect=‘<br /> insert into test.accesslog values<br />(connection_id(),now(),user(),current_user(),database()  );  '; <br />
  9. 9. 函数介绍<br />CONNECTION_ID()Return the connection ID (thread ID) for the connection<br />CURRENT_USER(), CURRENT_USER()The authenticated user name and host name<br />DATABASE()Return the default (current) database name<br />USER()The user name and host name provided by the client<br />
  10. 10. Problems<br />root@test 10:07:21>insert into test.accesslog values(connection_id(),now(),user(),current_user(),database()  );<br />Query OK, 1 row affected, 1 warning (0.00 sec)root@test 10:07:27>show warnings;+-------+------+-------------------------------------------------------+| Level | Code | Message                                               |+-------+------+-------------------------------------------------------+| Note  | 1592 | Statement may not be safe to log in statement format. |+-------+------+-------------------------------------------------------+<br />
  11. 11. 改进<br />set sql_log_bin=0;insert into test.accesslog values(connection_id(),now(),user(),current_user(),database()  ); <br />
  12. 12. 再改进<br />set sql_log_bin=0;insert into test.accesslog values(connection_id(),now(),user(),current_user(),database()  );  set sql_log_bin=1;  <br />
  13. 13. select (60*3+8+8)*10000/1024/1024*365;<br />+--------------------------------+<br />| (60*3+8+8)*10000/1024/1024*365 |<br />+--------------------------------+<br />| 682.25860596 | <br />+--------------------------------+<br />1 row in set (0.00 sec)<br />
  14. 14. 再改进<br />set sql_log_bin=0;insert into test.accesslog values(connection_id(),now(),user(),current_user(),database()  );  DELETE FROM test.accesslog WHERE check_time < DATE_SUB(CURDATE(),INTERVAL 3 MONTH) limit 10; set sql_log_bin=1; <br />
  15. 15. 使用注意<br />备库init_connect不能有insert操作<br />

×