MySQL Preacher

The security plugin for MySQL namely Securich has been migrated to google code a while ago for availability and usability purposes. Last week I finished testing and made available version 0.2.0 which includes some important enhancements like

* Added reconciliation from mysql to securich during installation

The above feature enables the installation of securich on instances already in operation without loosing any of the current user base and associated privileges (unlike previous versions which were mostly usable on new instances without user base).

* Added mysql version check for connection kill using processlist view in information_schema available as from 5.1.7

* Added auditing of users changing password via MySQLs own `set_password`
* Added auditing of role creation and updates
* Added auditing of grants / revokes

With auditing, the dba will be able to look at when a particular permission was granted, and by whom, which roles were updated and what kind of update, privilege added/removed as well as auditing of users trying to change passwords through MySQL rather than through Securich which would otherwise possibly make password complexity and aging futile.

Also some naming changes have been made in order to achieve more “MySQL’ly’ like commands:

* Stored proc check_roles was renamed to show_roles
* Stored proc check_role_privileges was renamed to show_privileges_in_roles
* Stored proc check_user_privileges was renamed to show_user_privileges
* Stored proc check_privilege_users was renamed to show_users_with_privilege
* Stored proc check_user_list was renamed to show_user_list
* Stored proc check_user_entries was renamed to show_user_entries
* Stored proc check_full_user_entries was renamed to show_full_user_entrie

Anyone interested in enhancing the functionality of securich can also use the new test scripts implemented in order to make sure nothing was broken by code change.

Bug reports / feature requests can be done through google code at http://code.google.com/p/securich.

Uncategorized