def check(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True cursor.execute('SELECT @@global.sql_mode;') rows = cursor.fetchall() if cursor.rowcount > 0: for dir in rows: # cursor only contains 1 record if dir[0]: globalSetting = dir[0] break cursor.execute('SELECT @@session.sql_mode;') rows = cursor.fetchall() if cursor.rowcount > 0: for dir in rows: if dir[0]: sessionSetting = dir[0] if globalSetting and sessionSetting: if not re.search("NO_AUTO_CREATE_USER", globalSetting) or not re.search( "NO_AUTO_CREATE_USER", sessionSetting): error_list.append( '[WARNING] NO_AUTO_CREAT_USER might be activated') error_list.insert(0, 17200) flag = False if flag: error_list.insert(0, 0) return error_list
def fix(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() if cursor: cursor.execute('SHOW DATABASES LIKE \'test\';') dir = cursor.fetchone() if dir and dir[1]: cursor.execute('DROP DATABASE "test";')
def fix(username, password): connection = helper.connectToMysql(username,password) cursor = connection.cursor() if cursor: cursor.execute('SELECT * FROM information_schema.plugins WHERE PLUGIN_NAME=\'daemon_memcached\';') dir = cursor.fetchone() if dir and dir[1]: cursor.execute('uninstall plugin daemon_memcached;')
def fix(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() if cursor: cursor.execute('SHOW GLOBAL VARIABLES LIKE \'log_error_verbosity\';') dir = cursor.fetchone() if dir and dir[1] != 2 and dir[1] != 3: mysqlDefConf = '/etc/mysql/mysql.conf.d/mysqld.cnf' helper.fixConfFile(mysqlDefConf, 'log-error_verbosity', '2')
def fix(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute('SHOW variables LIKE \'have_symlink\';') dir = cursor.fetchone() if dir and dir[1] != 'DISABLED': mysqlDefConf = '/etc/mysql/mysql.conf.d/mysqld.cnf' helper.fixConfFile(mysqlDefConf, 'skip_symbolic_links', 'YES')
def fix(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() if cursor: cursor.execute('SHOW VARIABLES LIKE \'default_password_lifetime\';') dir = cursor.fetchone() # cursor only contains 1 record if dir and dir[1] < 90: # cursor only contains 1 record cursor.execute('SET GLOBAL default_password_lifetime=90') mysqlDefConf = '/etc/mysql/mysql.conf.d/mysqld.cnf' helper.fixConfFile(mysqlDefConf, 'default_password_lifetime', '90')
def fix(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() if cursor: cursor.execute('SHOW variables LIKE \'log_error\';') dir = cursor.fetchone() if not dir[1]: mysqlDefConf = '/etc/mysql/mysql.conf.d/mysqld.cnf' helper.fixConfFile(mysqlDefConf, 'log-error', '/var/log/mysql/error.log')
def fix(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() if cursor: cursor.execute( 'SHOW VARIABLES WHERE Variable_name = \'local_infile\';') dir = cursor.fetchone() if dir and dir[1] == 'ON': mysqlDefConf = '/etc/mysql/mysql.conf.d/mysqld.cnf' helper.fixConfFile(mysqlDefConf, 'local-infile', '0')
def fix(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() if cursor: cursor.execute( 'SHOW VARIABLES WHERE Variable_name = \'master_info_repository\';') dir = cursor.fetchone() if dir and dir[1] == 'FILE': mysqlDefConf = '/etc/mysql/mysql.conf.d/mysqld.cnf' helper.fixConfFile(mysqlDefConf, 'master_info_repository', 'TABLE')
def fix(username,password): connection = helper.connectToMysql(username,password) cursor = connection.cursor() if cursor: cursor.execute('show variables where variable_name = \'datadir\';') dir = cursor.fetchone() if dir and dir[1]: output = os.popen('ls -l ' + dir[1] + '/.. | egrep "^d[r|w|x]{3}------\s*.\s*mysql\s*mysql\s*\d*.*mysql"').read() if not output: os.system('chmod 700 ' + dir[1]) os.system('chown mysql:mysql ' + dir[1]) return
def fix(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() if cursor: cursor.execute('show global variables like \'relay_log_basename\';') dir = cursor.fetchone() if dir and dir[1]: output = os.popen('ls -la ' + dir[1]).read() output = output.split() if output and output[0] > '-rw-rw----': os.system('chmod 660 ' + dir[1]) os.system('chown mysql:mysql ' + dir[1])
def fix(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute('SHOW VARIABLES LIKE \'sql_mode\';') dir = cursor.fetchone() if dir and dir[1]: match = re.search('STRICT_ALL_TABLES', dir[1]) if not match: mysqlDefConf = '/etc/mysql/mysql.conf.d/mysqld.cnf' helper.fixConfFile(mysqlDefConf, 'sql_mode', dir[1] + ',STRICT_ALL_TABLES')
def fix(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute( 'SHOW GLOBAL VARIABLES WHERE Variable_name = \'secure_file_priv\' AND Value<>\'\';' ) for dir in cursor: # cursor only contains 1 record if not dir[1]: mysqlDefConf = '/etc/mysql/mysql.conf.d/mysqld.cnf' helper.fixConfFile(mysqlDefConf, 'secure_file_priv', '/var/lib/mysql-files/')
def fix(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() if cursor: cursor.execute('show global variables like \'log_error\';') for dir in cursor: # cursor only contains 1 record if dir[1]: output = os.popen('ls -la ' + dir[1]).read() output = output.split() if output > '-rw-rw----': os.system('chmod 660 ' + dir[1]) os.system('chown mysql:mysql ' + dir[1]) break
def fix(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute('show variables where variable_name = \'ssl_key\';') dir = cursor.fetchone() if dir and dir[1]: output = os.popen( 'ls -l <ssl_key Value> | egrep "^-r--------[ \t]*.[ \t]*mysql[ \t]*mysql.*$"' ).read() if not output: os.system('chown mysql:mysql ' + dir[1]) os.system('chmod 400 ' + dir[1])
def check(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute('SHOW variables WHERE variable_name = \'have_ssl\';') dir = cursor.fetchone() # cursor only contains 1 record if dir and dir[1] != 'YES': error_list.append('[WARNING] have_ssl might not be set') error_list.insert(0, 18100) flag = False if flag: error_list.insert(0, 0) return error_list
def check(username, password): connection = helper.connectToMysql(username,password) cursor = connection.cursor() flag = True if cursor: cursor.execute('SELECT * FROM information_schema.plugins WHERE PLUGIN_NAME=\'daemon_memcached\';') dir = cursor.fetchone() if dir: error_list.append('[WARNING] deamon_memcached plugin might be installed.') error_list.insert(0, 14700) flag = False if flag: error_list.insert(0, 0) return error_list
def fix(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() if cursor: cursor.execute('show variables where variable_name = \'plugin_dir\';') dir = cursor.fetchone() if dir and dir[1]: output = os.popen( 'ls -l ' + dir[1] + '/.. | egrep "^drwxr[-w]xr[-w]x[ \t]*[0-9][ \t]*mysql[ \t]*mysql.*plugin.*$"' ).read() if not output: os.system('chmod 755 ' + dir[1]) os.system('chown mysql:mysql ' + dir[1]) return
def check(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute('SHOW variables LIKE \'log_error\';') for dir in cursor: # cursor only contains 1 record if not dir[1]: error_list.append('[WARNING] log_error path is empty.') error_list.insert(0, 16100) flag = False break if flag: error_list.insert(0, 0) return error_list
def check(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute('SHOW DATABASES LIKE \'test\';') dir = cursor.fetchone() if dir: error_list.append( '[WARNING] \'test\' database might be installed.') error_list.insert(0, 14200) flag = False if flag: error_list.insert(0, 0) return error_list
def fix(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute('SHOW VARIABLES LIKE \'validate_password%\';') config = dict() rows = cursor.fetchall() if cursor.rowcount > 0: flag = False for dir in rows: config[dir[0]] = dir[1] fixStrength(config) if flag: fixPlugin()
def check(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute('SHOW variables LIKE \'have_symlink\';') dir = cursor.fetchone() if dir and dir[1] != 'DISABLED': flag = False error_list.append( ('[WARNING] skip_symbolic_links feature might be enabled')) error_list.insert(0, 14600) if flag: error_list.insert(0, 0) return error_list
def check(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute( 'SHOW VARIABLES WHERE Variable_name = \'local_infile\';') dir = cursor.fetchone() if dir and dir[1] == 'ON': flag = False error_list.append( ('[WARNING] local_infile feature might be activated')) error_list.insert(0, 14400) if flag: error_list.insert(0, 0) return error_list
def check(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute('SHOW VARIABLES LIKE \'default_password_lifetime\';') dir = cursor.fetchone() # cursor only contains 1 record if dir and dir[1] >= 90: error_list.append( '[WARNING] default_password_lifetime should be less than or equal to 90' ) error_list.insert(0, 17400) flag = False if flag: error_list.insert(0, 0) return error_list
def check(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute('SELECT user, host FROM mysql.user WHERE host = \'%\';') dir = cursor.fetchone() # cursor only contains 1 record if dir: error_list.append( '[WARNING] There might be some users have wildcard in their names.' ) error_list.insert(0, 17600) flag = False if flag: error_list.insert(0, 0) return error_list
def check(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute('SHOW VARIABLES LIKE \'sql_mode\';') dir = cursor.fetchone() if dir and dir[1]: match = re.search('STRICT_ALL_TABLES', dir[1]) if not match: error_list.append( ('[WARNING] STRICT_ALL_TABLES feature might be disabled')) error_list.insert(0, 14900) if flag: error_list.insert(0, 0) return error_list
def check(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute( 'SHOW GLOBAL VARIABLES WHERE Variable_name = \'secure_file_priv\' AND Value<>\'\';' ) dir = cursor.fetchone() if dir and not dir[1]: error_list.append( '[WARNING] secure_file_priv might be deactivated') error_list.insert(0, 14800) flag = False if flag: error_list.insert(0, 0) return error_list
def check(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute( 'SELECT User,host FROM mysql.user WHERE authentication_string=\'\';' ) dir = cursor.fetchone() # cursor only contains 1 record if dir: error_list.append( '[WARNING] There might be some users don\'t have passwords.') error_list.insert(0, 17300) flag = False if flag: error_list.insert(0, 0) return error_list
def check(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute( 'SHOW GLOBAL VARIABLES LIKE \'master_info_repository\';') dir = cursor.fetchone() if dir and dir[1] == 'FILE': flag = False error_list.append(( '[WARNING] master_info_repository should be save in TABLE instead of FILE' )) error_list.insert(0, 19300) if flag: error_list.insert(0, 0) return error_list
def check(username, password): connection = helper.connectToMysql(username, password) cursor = connection.cursor() flag = True if cursor: cursor.execute('SHOW GLOBAL VARIABLES LIKE \'log_error_verbosity\';') dir = cursor.fetchone() if dir and dir[1]: # cursor only contains 1 record if dir[1] != 2 and dir[1] != 3: error_list.append( '[WARNING] log_error_verbosity should be 2 or 3.') error_list.insert(0, 16300) flag = False if flag: error_list.insert(0, 0) return error_list