mysql等保三安全策略设置

mysql等保三安全策略设置

　　由于在业务申请等保3级认证时，扫描到mysql版本中除漏洞外，还涉及到账号安全策略问题，但往往大部分场景下，方便使用，默认是没有开启这个功能的。

除了要升级到指定的版本外，下面记录了账号相关的设置策略。

　　

参考资料
https://www.cnblogs.com/likappe/p/9504332.html

1、在配置文件中修改

# my.cnf添加文件如下：

[mysqld]
plugin-load-add=validate_password.so
validate-password=FORCE_PLUS_PERMANENT

2、在mysql命令行中动态加载

install plugin validate_password SONAME 'validate_password.so';
install plugin CONNECTION_CONTROL soname 'connection_control.so';
install plugin CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS soname 'connection_control.so';

mysql> show variables like 'validate_password%';
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password_check_user_name    | OFF    |
| validate_password_dictionary_file    |        |
| validate_password_length             | 8      |
| validate_password_mixed_case_count   | 1      |
| validate_password_number_count       | 1      |
| validate_password_policy             | MEDIUM |
| validate_password_special_char_count | 1      |
+--------------------------------------+--------+
7 rows in set (0.00 sec)

mysql>  show variables like 'connection_control_failed_connections_threshold';
+-------------------------------------------------+-------+
| Variable_name                                   | Value |
+-------------------------------------------------+-------+
| connection_control_failed_connections_threshold | 3     |
+-------------------------------------------------+-------+
1 row in set (0.00 sec)

mysql> set global connection_control_min_connection_delay=1200000;  // 配置登录连接超时时间为15-20分钟。
Query OK, 0 rows affected (0.00 sec)

mysql> show variables like '%connection%';
+-------------------------------------------------+-----------------+
| Variable_name                                   | Value           |
+-------------------------------------------------+-----------------+
| character_set_connection                        | utf8            |
| collation_connection                            | utf8_general_ci |
| connection_control_failed_connections_threshold | 3               |
| connection_control_max_connection_delay         | 2147483647      |
| connection_control_min_connection_delay         | 1200000         |
| max_connections                                 | 1000            |
| max_user_connections                            | 0               |
+-------------------------------------------------+-----------------+
7 rows in set (0.00 sec)

2147483647