def check(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
cursor.execute('SELECT @@global.sql_mode;')
rows = cursor.fetchall()
if cursor.rowcount > 0:
for dir in rows: # cursor only contains 1 record
if dir[0]:
globalSetting = dir[0]
break
cursor.execute('SELECT @@session.sql_mode;')
rows = cursor.fetchall()
if cursor.rowcount > 0:
for dir in rows:
if dir[0]:
sessionSetting = dir[0]
if globalSetting and sessionSetting:
if not re.search("NO_AUTO_CREATE_USER",
globalSetting) or not re.search(
"NO_AUTO_CREATE_USER", sessionSetting):
error_list.append(
'[WARNING] NO_AUTO_CREAT_USER might be activated')
error_list.insert(0, 17200)
flag = False
if flag:
error_list.insert(0, 0)
return error_list
def fix(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
if cursor:
cursor.execute('SHOW DATABASES LIKE \'test\';')
dir = cursor.fetchone()
if dir and dir[1]:
cursor.execute('DROP DATABASE "test";')
def fix(username, password):
connection = helper.connectToMysql(username,password)
cursor = connection.cursor()
if cursor:
cursor.execute('SELECT * FROM information_schema.plugins WHERE PLUGIN_NAME=\'daemon_memcached\';')
dir = cursor.fetchone()
if dir and dir[1]:
cursor.execute('uninstall plugin daemon_memcached;')
def fix(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
if cursor:
cursor.execute('SHOW GLOBAL VARIABLES LIKE \'log_error_verbosity\';')
dir = cursor.fetchone()
if dir and dir[1] != 2 and dir[1] != 3:
mysqlDefConf = '/etc/mysql/mysql.conf.d/mysqld.cnf'
helper.fixConfFile(mysqlDefConf, 'log-error_verbosity', '2')
def fix(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute('SHOW variables LIKE \'have_symlink\';')
dir = cursor.fetchone()
if dir and dir[1] != 'DISABLED':
mysqlDefConf = '/etc/mysql/mysql.conf.d/mysqld.cnf'
helper.fixConfFile(mysqlDefConf, 'skip_symbolic_links', 'YES')
def fix(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
if cursor:
cursor.execute('SHOW VARIABLES LIKE \'default_password_lifetime\';')
dir = cursor.fetchone() # cursor only contains 1 record
if dir and dir[1] < 90: # cursor only contains 1 record
cursor.execute('SET GLOBAL default_password_lifetime=90')
mysqlDefConf = '/etc/mysql/mysql.conf.d/mysqld.cnf'
helper.fixConfFile(mysqlDefConf, 'default_password_lifetime', '90')
def fix(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
if cursor:
cursor.execute('SHOW variables LIKE \'log_error\';')
dir = cursor.fetchone()
if not dir[1]:
mysqlDefConf = '/etc/mysql/mysql.conf.d/mysqld.cnf'
helper.fixConfFile(mysqlDefConf, 'log-error',
'/var/log/mysql/error.log')
def fix(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
if cursor:
cursor.execute(
'SHOW VARIABLES WHERE Variable_name = \'local_infile\';')
dir = cursor.fetchone()
if dir and dir[1] == 'ON':
mysqlDefConf = '/etc/mysql/mysql.conf.d/mysqld.cnf'
helper.fixConfFile(mysqlDefConf, 'local-infile', '0')
def fix(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
if cursor:
cursor.execute(
'SHOW VARIABLES WHERE Variable_name = \'master_info_repository\';')
dir = cursor.fetchone()
if dir and dir[1] == 'FILE':
mysqlDefConf = '/etc/mysql/mysql.conf.d/mysqld.cnf'
helper.fixConfFile(mysqlDefConf, 'master_info_repository', 'TABLE')
def fix(username,password):
connection = helper.connectToMysql(username,password)
cursor = connection.cursor()
if cursor:
cursor.execute('show variables where variable_name = \'datadir\';')
dir = cursor.fetchone()
if dir and dir[1]:
output = os.popen('ls -l ' + dir[1] + '/.. | egrep "^d[r|w|x]{3}------\s*.\s*mysql\s*mysql\s*\d*.*mysql"').read()
if not output:
os.system('chmod 700 ' + dir[1])
os.system('chown mysql:mysql ' + dir[1])
return
def fix(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
if cursor:
cursor.execute('show global variables like \'relay_log_basename\';')
dir = cursor.fetchone()
if dir and dir[1]:
output = os.popen('ls -la ' + dir[1]).read()
output = output.split()
if output and output[0] > '-rw-rw----':
os.system('chmod 660 ' + dir[1])
os.system('chown mysql:mysql ' + dir[1])
def fix(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute('SHOW VARIABLES LIKE \'sql_mode\';')
dir = cursor.fetchone()
if dir and dir[1]:
match = re.search('STRICT_ALL_TABLES', dir[1])
if not match:
mysqlDefConf = '/etc/mysql/mysql.conf.d/mysqld.cnf'
helper.fixConfFile(mysqlDefConf, 'sql_mode',
dir[1] + ',STRICT_ALL_TABLES')
def fix(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute(
'SHOW GLOBAL VARIABLES WHERE Variable_name = \'secure_file_priv\' AND Value<>\'\';'
)
for dir in cursor: # cursor only contains 1 record
if not dir[1]:
mysqlDefConf = '/etc/mysql/mysql.conf.d/mysqld.cnf'
helper.fixConfFile(mysqlDefConf, 'secure_file_priv',
'/var/lib/mysql-files/')
def fix(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
if cursor:
cursor.execute('show global variables like \'log_error\';')
for dir in cursor: # cursor only contains 1 record
if dir[1]:
output = os.popen('ls -la ' + dir[1]).read()
output = output.split()
if output > '-rw-rw----':
os.system('chmod 660 ' + dir[1])
os.system('chown mysql:mysql ' + dir[1])
break
def fix(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute('show variables where variable_name = \'ssl_key\';')
dir = cursor.fetchone()
if dir and dir[1]:
output = os.popen(
'ls -l <ssl_key Value> | egrep "^-r--------[ \t]*.[ \t]*mysql[ \t]*mysql.*$"'
).read()
if not output:
os.system('chown mysql:mysql ' + dir[1])
os.system('chmod 400 ' + dir[1])
def check(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute('SHOW variables WHERE variable_name = \'have_ssl\';')
dir = cursor.fetchone() # cursor only contains 1 record
if dir and dir[1] != 'YES':
error_list.append('[WARNING] have_ssl might not be set')
error_list.insert(0, 18100)
flag = False
if flag:
error_list.insert(0, 0)
return error_list
def check(username, password):
connection = helper.connectToMysql(username,password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute('SELECT * FROM information_schema.plugins WHERE PLUGIN_NAME=\'daemon_memcached\';')
dir = cursor.fetchone()
if dir:
error_list.append('[WARNING] deamon_memcached plugin might be installed.')
error_list.insert(0, 14700)
flag = False
if flag:
error_list.insert(0, 0)
return error_list
def fix(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
if cursor:
cursor.execute('show variables where variable_name = \'plugin_dir\';')
dir = cursor.fetchone()
if dir and dir[1]:
output = os.popen(
'ls -l ' + dir[1] +
'/.. | egrep "^drwxr[-w]xr[-w]x[ \t]*[0-9][ \t]*mysql[ \t]*mysql.*plugin.*$"'
).read()
if not output:
os.system('chmod 755 ' + dir[1])
os.system('chown mysql:mysql ' + dir[1])
return
def check(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute('SHOW variables LIKE \'log_error\';')
for dir in cursor: # cursor only contains 1 record
if not dir[1]:
error_list.append('[WARNING] log_error path is empty.')
error_list.insert(0, 16100)
flag = False
break
if flag:
error_list.insert(0, 0)
return error_list
def check(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute('SHOW DATABASES LIKE \'test\';')
dir = cursor.fetchone()
if dir:
error_list.append(
'[WARNING] \'test\' database might be installed.')
error_list.insert(0, 14200)
flag = False
if flag:
error_list.insert(0, 0)
return error_list
def fix(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute('SHOW VARIABLES LIKE \'validate_password%\';')
config = dict()
rows = cursor.fetchall()
if cursor.rowcount > 0:
flag = False
for dir in rows:
config[dir[0]] = dir[1]
fixStrength(config)
if flag:
fixPlugin()
def check(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute('SHOW variables LIKE \'have_symlink\';')
dir = cursor.fetchone()
if dir and dir[1] != 'DISABLED':
flag = False
error_list.append(
('[WARNING] skip_symbolic_links feature might be enabled'))
error_list.insert(0, 14600)
if flag:
error_list.insert(0, 0)
return error_list
def check(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute(
'SHOW VARIABLES WHERE Variable_name = \'local_infile\';')
dir = cursor.fetchone()
if dir and dir[1] == 'ON':
flag = False
error_list.append(
('[WARNING] local_infile feature might be activated'))
error_list.insert(0, 14400)
if flag:
error_list.insert(0, 0)
return error_list
def check(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute('SHOW VARIABLES LIKE \'default_password_lifetime\';')
dir = cursor.fetchone() # cursor only contains 1 record
if dir and dir[1] >= 90:
error_list.append(
'[WARNING] default_password_lifetime should be less than or equal to 90'
)
error_list.insert(0, 17400)
flag = False
if flag:
error_list.insert(0, 0)
return error_list
def check(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute('SELECT user, host FROM mysql.user WHERE host = \'%\';')
dir = cursor.fetchone() # cursor only contains 1 record
if dir:
error_list.append(
'[WARNING] There might be some users have wildcard in their names.'
)
error_list.insert(0, 17600)
flag = False
if flag:
error_list.insert(0, 0)
return error_list
def check(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute('SHOW VARIABLES LIKE \'sql_mode\';')
dir = cursor.fetchone()
if dir and dir[1]:
match = re.search('STRICT_ALL_TABLES', dir[1])
if not match:
error_list.append(
('[WARNING] STRICT_ALL_TABLES feature might be disabled'))
error_list.insert(0, 14900)
if flag:
error_list.insert(0, 0)
return error_list
def check(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute(
'SHOW GLOBAL VARIABLES WHERE Variable_name = \'secure_file_priv\' AND Value<>\'\';'
)
dir = cursor.fetchone()
if dir and not dir[1]:
error_list.append(
'[WARNING] secure_file_priv might be deactivated')
error_list.insert(0, 14800)
flag = False
if flag:
error_list.insert(0, 0)
return error_list
def check(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute(
'SELECT User,host FROM mysql.user WHERE authentication_string=\'\';'
)
dir = cursor.fetchone() # cursor only contains 1 record
if dir:
error_list.append(
'[WARNING] There might be some users don\'t have passwords.')
error_list.insert(0, 17300)
flag = False
if flag:
error_list.insert(0, 0)
return error_list
def check(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute(
'SHOW GLOBAL VARIABLES LIKE \'master_info_repository\';')
dir = cursor.fetchone()
if dir and dir[1] == 'FILE':
flag = False
error_list.append((
'[WARNING] master_info_repository should be save in TABLE instead of FILE'
))
error_list.insert(0, 19300)
if flag:
error_list.insert(0, 0)
return error_list
def check(username, password):
connection = helper.connectToMysql(username, password)
cursor = connection.cursor()
flag = True
if cursor:
cursor.execute('SHOW GLOBAL VARIABLES LIKE \'log_error_verbosity\';')
dir = cursor.fetchone()
if dir and dir[1]:
# cursor only contains 1 record
if dir[1] != 2 and dir[1] != 3:
error_list.append(
'[WARNING] log_error_verbosity should be 2 or 3.')
error_list.insert(0, 16300)
flag = False
if flag:
error_list.insert(0, 0)
return error_list
