-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathcheck-security.sh
66 lines (57 loc) · 2.66 KB
/
check-security.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/bin/bash
# Created by Roel Van de Paar, Percona LLC
# Please make sure your server is up and running before using this tool
# Internal variables: please do not change! Ref below for user configurable variables
RANDOM=$(date +%s%N | cut -b10-19 | sed 's|^[0]\+||') # Random entropy init
RANDOMD=$(echo $RANDOM$RANDOM$RANDOM | sed 's/..\(......\).*/\1/')
SCRIPT_PWD=$(dirname $(readlink -f "${0}"))
# User Configurable Variables
BASEDIR=/sda/Percona-Server-5.7.13-6-Linux.x86_64.ssl101
SOCKET=${BASEDIR}/socket.sock
CLIENT=${BASEDIR}/bin/mysql
USER="root" # MySQL Username on the target host
PASSWORD="" # Password on the target host
DATABASE=checksecurity # Database on the target host. Do not use any default included databases like 'test' or 'mysql' etc.
echoit(){
echo "[$(date +'%T')] $1"
if [ "${WORKDIR}" != "" ]; then echo "[$(date +'%T')] $1" >> /${WORKDIR}/pquery-run-direct.log; fi
}
# Trap ctrl-c
trap ctrl-c SIGINT
ctrl-c(){
echoit "CTRL+C Was pressed. Terminating run..."
echoit "Terminating check-security with exit code 2..."
exit 2
}
# Environment check
if [ ! -r ${CLIENT} ]; then echoit "${CLIENT} is missing. Terminating."; exit 1; fi
if [ ! -r ${BASEDIR}/bin/mysqladmin ]; then echoit "${BASEDIR}/bin/mysqladmin is missing. Terminating."; exit 1; fi
# Check that server is up and running (has to be started before tool is used)
PWD=
if [ "$(${BASEDIR}/bin/mysqladmin -uroot -S${SOCKET} ping 2>/dev/null)" != "mysqld is alive" ]; then
if [ "$(${BASEDIR}/bin/mysqladmin -uroot -phidden -S${SOCKET} ping 2>/dev/null)" != "mysqld is alive" ]; then
echoit "The server with socket ${SOCKET} is not alive. Terminating."; exit 1;
else
PWD='-phidden'
fi
fi
execute(){
EXEC="${ROOTCLIENT} -e \"${1}\""
eval ${EXEC}
}
# Commence testing
## Secure root
${CLIENT} 2>/dev/null -uroot ${PWD} -S${SOCKET} -B -f -e "DROP USER root@localhost;CREATE user root@localhost IDENTIFIED BY 'hidden';GRANT ALL ON *.* TO root@localhost WITH GRANT OPTION;FLUSH PRIVILEGES;"
## Setup testing database
${CLIENT} 2>/dev/null -uroot -phidden -S${SOCKET} -B -f -e "DROP DATABASE IF EXISTS ${DATABASE};CREATE DATABASE ${DATABASE};"
## Define clients
ROOTCLIENT="${CLIENT} -uroot -phidden -S${SOCKET} ${DATABASE} -B -f"
USERCLIENT="${CLIENT} -S${SOCKET} ${DATABASE} -B -f"
echoit "Creating 100000 users"
for seq in $(seq 0 100000); do
execute "#DROP USER IF EXISTS 'u${seq}'@'localhost';\
CREATE USER 'u${seq}'@'localhost' IDENTIFIED BY '${seq}';\
GRANT USAGE ON ${DATABASE}.* TO 'u${sec}'@'localhost';\
FLUSH PRIVILEGES;"
#eval ${USERCLIENT} -uu${sec}@localhost -p${sec} -e "SELECT 1;"
done