問題描述:
(1)數(shù)據(jù)庫系統(tǒng)配置不合規(guī)的遠程管理模式。
■MySQL 數(shù)據(jù)庫系統(tǒng)have_openssl為DISABLED
整改建議:
(1)建議數(shù)據(jù)庫系統(tǒng)采用安全的方式登錄到數(shù)據(jù)庫進行管理,配置have_openssl為YES你辣。
整改結(jié)果:
整改前:
mysql> show variables like '%ssl%';
+-------------------------------------+----------+
| Variable_name | Value |
+-------------------------------------+----------+
| admin_ssl_ca | |
| admin_ssl_capath | |
| admin_ssl_cert | |
| admin_ssl_cipher | |
| admin_ssl_crl | |
| admin_ssl_crlpath | |
| admin_ssl_key | |
| have_openssl | DISABLED |
| have_ssl | DISABLED |
| mysqlx_ssl_ca | |
| mysqlx_ssl_capath | |
| mysqlx_ssl_cert | |
| mysqlx_ssl_cipher | |
| mysqlx_ssl_crl | |
| mysqlx_ssl_crlpath | |
| mysqlx_ssl_key | |
| performance_schema_show_processlist | OFF |
| ssl_ca | |
| ssl_capath | |
| ssl_cert | |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_fips_mode | OFF |
| ssl_key | |
+-------------------------------------+----------+
25 rows in set (0.00 sec)
整改后:
mysql> show global variables like '%ssl%';
+-------------------------------------+-----------------+
| Variable_name | Value |
+-------------------------------------+-----------------+
| admin_ssl_ca | |
| admin_ssl_capath | |
| admin_ssl_cert | |
| admin_ssl_cipher | |
| admin_ssl_crl | |
| admin_ssl_crlpath | |
| admin_ssl_key | |
| have_openssl | YES |
| have_ssl | YES |
| mysqlx_ssl_ca | |
| mysqlx_ssl_capath | |
| mysqlx_ssl_cert | |
| mysqlx_ssl_cipher | |
| mysqlx_ssl_crl | |
| mysqlx_ssl_crlpath | |
| mysqlx_ssl_key | |
| performance_schema_show_processlist | OFF |
| ssl_ca | ca.pem |
| ssl_capath | |
| ssl_cert | server-cert.pem |
| ssl_cipher | |
| ssl_crl | |
| ssl_crlpath | |
| ssl_fips_mode | OFF |
| ssl_key | server-key.pem |
+-------------------------------------+-----------------+
25 rows in set (0.00 sec)
如果是云數(shù)據(jù)庫,需要在控制臺進行操作:
https://cloud.tencent.com/document/product/236/76511
