security tools for mysql [closed]

Question 1

We are using MySQL Community version on Windows and are trying to secure it as best we can. Assuming that changing the version (for example purchasing the Enterprise edition) is not possible in our environment, I would love to hear how others are doing things such as:

Auditing
Alerts
Monitoring
Password rules
Account disabling after inactive for X days
Backups
Integrity checking
Encryption
Steganography detection

For example, we are using the general log for our cheap "auditing". Maybe not the best solution, but something is better than nothing. Any free tools out there, or maybe homegrown scripts anyone would like to suggest?

Question 2

Here are a few starting points (and I don't have answers to everything). Disclosure: I suggest a couple tools that were written by myself (and of course used in production).

Consider this login audit plugin (open sourced, find in GitHub). I developed & compiled in on Linux, you will have to find your way on Windows. This plugin will log any login attempt (successful or failed) onto your server.

We use the above to audit any login on any of our servers -- using logstash to aggregate all our logs, and kibana to view/query it. Likewise, you can query this log and send alerts to graphite / query by Nagios -- I don not know what bests suits Windows.

Consider common_schema's security_audit. This will generate a report on bad security settings (duplicate passwords, excessive privileges etc.). It does not do any steganography.
Check out GreenSQL - I never tried it myself. It's a proxy sittting between your clients and your MySQL server, that can analyse and block queries on the fly.
Check out MariaDB security enhancements, e.g. role management. Available for Windows.

Question 3

I have replied here MySQL query log

There are other methods for logging and secure your server using audit plugins and binary log, Using MySQL proxy etc..

Question 4

Mahesh, thanks for the info! I will look into some of the other available MySQL logs. The plugins don't apply to me because we're stuck on Windows, and on the Community version, not Enterprise.

Shlomi Noach Shlomi Noach 7,4031 gold badge26 silver badges24 bronze badges · Accepted Answer · 2014-02-01 14:05:35Z

Here are a few starting points (and I don't have answers to everything). Disclosure: I suggest a couple tools that were written by myself (and of course used in production).

Consider this login audit plugin (open sourced, find in GitHub). I developed & compiled in on Linux, you will have to find your way on Windows. This plugin will log any login attempt (successful or failed) onto your server.

We use the above to audit any login on any of our servers -- using logstash to aggregate all our logs, and kibana to view/query it. Likewise, you can query this log and send alerts to graphite / query by Nagios -- I don not know what bests suits Windows.

Consider common_schema's security_audit. This will generate a report on bad security settings (duplicate passwords, excessive privileges etc.). It does not do any steganography.
Check out GreenSQL - I never tried it myself. It's a proxy sittting between your clients and your MySQL server, that can analyse and block queries on the fly.
Check out MariaDB security enhancements, e.g. role management. Available for Windows.

Stack Exchange Network

security tools for mysql [closed]

2 Answers 2

Linked

Hot Network Questions

security tools for mysql [closed]

2 Answers 2

Linked

Related

Hot Network Questions