Hi There. You may have noticed something different when you install a fresh copy of MySQL 5.7 either via yum or using binary source. The root password is auto-generated. Ok and where can I find it ? Centos cat /var/log/mysqld.log | grep “A temporary password is generated for” | awk ‘{print $NF}’ Example: [root@master ~]# cat /var/log/mysqld.log | grep “A temporary password is generated for” | awk ‘{print $NF}’ a3BGf#TY.pBj Binary distribution Once you initialization the datadir mysqld –initialize you will see the bellow log printed on screen: . . . 2016-01-13T21:05:03.070322Z 1 [Note] A temporary password is generated for root@localhost: vL8n>Hs%kr>s . . . You will be required to change the password on the first login. You can do it following step 2 of this article. That’s it. Now . . .
Audit MySQL isn’t an easy task by default, you can use some technics like tcpdump, write a parser for general log, use MySQL proxy, or you can use some of audit plugins available out there(Mcafee MySQL Audit Plugin or MySQL Enterprise Audit Log Plugin for example). On this post I’ll cover the Mcafee MySQL Audit Plugin (https://github.com/mcafee/mysql-audit), on a follow-up post I’ll talk about MySQL Enterprise Audit Log Plugin. The installation is easy and require just a few steps, I’m using MySQL 5.5 32 bits, so I’ll download the files for my MySQL version and architecture from https://github.com/mcafee/mysql-audit/downloads [root@mysql-audit marcelo]# wget https://github.com/downloads/mcafee/mysql-audit/audit-plugin-mysql-5.5-1.0.3-371-linux-i386.zip [root@mysql-audit marcelo]# unzip audit-plugin-mysql-5.5-1.0.3-371-linux-i386.zip Archive: audit-plugin-mysql-5.5-1.0.3-371-linux-i386.zip creating: audit-plugin-mysql-5.5/ creating: audit-plugin-mysql-5.5/lib/ inflating: audit-plugin-mysql-5.5/lib/libaudit_plugin.so inflating: audit-plugin-mysql-5.5/COPYING inflating: audit-plugin-mysql-5.5/THIRDPARTY.txt inflating: audit-plugin-mysql-5.5/README.txt Next step is to copy the libaudit_plugin.so to MySQL plugin . . .
Hi folks, let’s continue talk about replication, you can see the basics in this other post First of all, lets create the ssl certificates, go to the master server: Create CA certificate: openssl genrsa 2048 > ca-key.pem openssl req -new -x509 -nodes -days 1000 -key ca-key.pem > ca-cert.pem Create server certificate: openssl req -newkey rsa:2048 -days 1000 -nodes -keyout server-key.pem > server-req.pem openssl x509 -req -in server-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem Create client certificate: openssl req -newkey rsa:2048 -days 1000 -nodes -keyout client-key.pem > client-req.pem openssl x509 -req -in client-req.pem -days 1000 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem copy ca-cert.pem, client-req.pem, client-cert.pem to slave server Adjust the cnf file: ssl ssl-ca=/etc/mysql/sslcerts/ca-cert.pem ssl-cert=/etc/mysql/sslcerts/server-cert.pem ssl-key=/etc/mysql/sslcerts/server-key.pem Make sure you restart the MySQL service, and check . . .