aboutsummaryrefslogtreecommitdiff
path: root/databases/administrators/mysql
diff options
context:
space:
mode:
authorChristian Cleberg <hello@cleberg.net>2025-04-25 17:37:39 -0500
committerGitHub <noreply@github.com>2025-04-25 22:37:39 +0000
commit86db2585623515fe38347811ec4bf46565d2c44b (patch)
treea0d9860ea8ffeea4ff08939ffdb41c6c8158dd1c /databases/administrators/mysql
parent7ba7b11f85dcca361ba5497d23b33e53f2525b0c (diff)
downloadaudit-tools-86db2585623515fe38347811ec4bf46565d2c44b.tar.gz
audit-tools-86db2585623515fe38347811ec4bf46565d2c44b.tar.bz2
audit-tools-86db2585623515fe38347811ec4bf46565d2c44b.zip
MySQL & Postgres Enhancements (#5)
* remove mysql login script and add password script * move excess mysql password query to new script * add db admin folders * add postgres * add mongo admins script * Commit from GitHub Actions (Ruff) * update tests for mysql and postgres * update tests for mysql and postgres --------- Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Diffstat (limited to 'databases/administrators/mysql')
-rw-r--r--databases/administrators/mysql/README.org108
-rw-r--r--databases/administrators/mysql/mysql_admins.sql1
-rw-r--r--databases/administrators/mysql/mysql_admins_alt.sql14
3 files changed, 123 insertions, 0 deletions
diff --git a/databases/administrators/mysql/README.org b/databases/administrators/mysql/README.org
new file mode 100644
index 0000000..82ae540
--- /dev/null
+++ b/databases/administrators/mysql/README.org
@@ -0,0 +1,108 @@
+#+title: MySQL Admins
+
+* =mysql_admins.sql=
+
+#+begin_src sql
+SELECT * FROM information_schema.user_privileges;
+#+end_src
+
+#+begin_src
+MySQL [(none)]> SELECT * FROM information_schema.user_privileges;
++--------------------------------+---------------+---------------------------------+--------------+
+| GRANTEE | TABLE_CATALOG | PRIVILEGE_TYPE | IS_GRANTABLE |
++--------------------------------+---------------+---------------------------------+--------------+
+| 'mysql.infoschema'@'localhost' | def | SELECT | NO |
+| 'mysql.infoschema'@'localhost' | def | AUDIT_ABORT_EXEMPT | NO |
+| 'mysql.infoschema'@'localhost' | def | FIREWALL_EXEMPT | NO |
+| 'mysql.infoschema'@'localhost' | def | SYSTEM_USER | NO |
+| 'mysql.session'@'localhost' | def | SHUTDOWN | NO |
+| 'mysql.session'@'localhost' | def | SUPER | NO |
+| 'mysql.session'@'localhost' | def | AUDIT_ABORT_EXEMPT | NO |
+| 'mysql.session'@'localhost' | def | AUTHENTICATION_POLICY_ADMIN | NO |
+| 'mysql.session'@'localhost' | def | BACKUP_ADMIN | NO |
+| 'mysql.session'@'localhost' | def | CLONE_ADMIN | NO |
+| 'mysql.session'@'localhost' | def | CONNECTION_ADMIN | NO |
+| 'mysql.session'@'localhost' | def | FIREWALL_EXEMPT | NO |
+| 'mysql.session'@'localhost' | def | PERSIST_RO_VARIABLES_ADMIN | NO |
+| 'mysql.session'@'localhost' | def | SESSION_VARIABLES_ADMIN | NO |
+| 'mysql.session'@'localhost' | def | SYSTEM_USER | NO |
+| 'mysql.session'@'localhost' | def | SYSTEM_VARIABLES_ADMIN | NO |
+| 'mysql.sys'@'localhost' | def | USAGE | NO |
+| 'mysql.sys'@'localhost' | def | AUDIT_ABORT_EXEMPT | NO |
+| 'mysql.sys'@'localhost' | def | FIREWALL_EXEMPT | NO |
+| 'mysql.sys'@'localhost' | def | SYSTEM_USER | NO |
+| 'root'@'localhost' | def | SELECT | YES |
+| 'root'@'localhost' | def | INSERT | YES |
+| 'root'@'localhost' | def | UPDATE | YES |
+| 'root'@'localhost' | def | DELETE | YES |
+| 'root'@'localhost' | def | CREATE | YES |
+| 'root'@'localhost' | def | DROP | YES |
+| 'root'@'localhost' | def | RELOAD | YES |
+| 'root'@'localhost' | def | SHUTDOWN | YES |
+| 'root'@'localhost' | def | PROCESS | YES |
+| 'root'@'localhost' | def | FILE | YES |
+| 'root'@'localhost' | def | REFERENCES | YES |
+| 'root'@'localhost' | def | INDEX | YES |
+| 'root'@'localhost' | def | ALTER | YES |
+| 'root'@'localhost' | def | SHOW DATABASES | YES |
+| 'root'@'localhost' | def | SUPER | YES |
+| 'root'@'localhost' | def | CREATE TEMPORARY TABLES | YES |
+| 'root'@'localhost' | def | LOCK TABLES | YES |
+| 'root'@'localhost' | def | EXECUTE | YES |
+| 'root'@'localhost' | def | REPLICATION SLAVE | YES |
+| 'root'@'localhost' | def | REPLICATION CLIENT | YES |
+| 'root'@'localhost' | def | CREATE VIEW | YES |
+| 'root'@'localhost' | def | SHOW VIEW | YES |
+| 'root'@'localhost' | def | CREATE ROUTINE | YES |
+| 'root'@'localhost' | def | ALTER ROUTINE | YES |
+| 'root'@'localhost' | def | CREATE USER | YES |
+| 'root'@'localhost' | def | EVENT | YES |
+| 'root'@'localhost' | def | TRIGGER | YES |
+| 'root'@'localhost' | def | CREATE TABLESPACE | YES |
+| 'root'@'localhost' | def | CREATE ROLE | YES |
+| 'root'@'localhost' | def | DROP ROLE | YES |
+| 'root'@'localhost' | def | ALLOW_NONEXISTENT_DEFINER | YES |
+| 'root'@'localhost' | def | APPLICATION_PASSWORD_ADMIN | YES |
+| 'root'@'localhost' | def | AUDIT_ABORT_EXEMPT | YES |
+| 'root'@'localhost' | def | AUDIT_ADMIN | YES |
+| 'root'@'localhost' | def | AUTHENTICATION_POLICY_ADMIN | YES |
+| 'root'@'localhost' | def | BACKUP_ADMIN | YES |
+| 'root'@'localhost' | def | BINLOG_ADMIN | YES |
+| 'root'@'localhost' | def | BINLOG_ENCRYPTION_ADMIN | YES |
+| 'root'@'localhost' | def | CLONE_ADMIN | YES |
+| 'root'@'localhost' | def | CONNECTION_ADMIN | YES |
+| 'root'@'localhost' | def | CREATE_SPATIAL_REFERENCE_SYSTEM | YES |
+| 'root'@'localhost' | def | ENCRYPTION_KEY_ADMIN | YES |
+| 'root'@'localhost' | def | FIREWALL_EXEMPT | YES |
+| 'root'@'localhost' | def | FLUSH_OPTIMIZER_COSTS | YES |
+| 'root'@'localhost' | def | FLUSH_PRIVILEGES | YES |
+| 'root'@'localhost' | def | FLUSH_STATUS | YES |
+| 'root'@'localhost' | def | FLUSH_TABLES | YES |
+| 'root'@'localhost' | def | FLUSH_USER_RESOURCES | YES |
+| 'root'@'localhost' | def | GROUP_REPLICATION_ADMIN | YES |
+| 'root'@'localhost' | def | GROUP_REPLICATION_STREAM | YES |
+| 'root'@'localhost' | def | INNODB_REDO_LOG_ARCHIVE | YES |
+| 'root'@'localhost' | def | INNODB_REDO_LOG_ENABLE | YES |
+| 'root'@'localhost' | def | OPTIMIZE_LOCAL_TABLE | YES |
+| 'root'@'localhost' | def | PASSWORDLESS_USER_ADMIN | YES |
+| 'root'@'localhost' | def | PERSIST_RO_VARIABLES_ADMIN | YES |
+| 'root'@'localhost' | def | REPLICATION_APPLIER | YES |
+| 'root'@'localhost' | def | REPLICATION_SLAVE_ADMIN | YES |
+| 'root'@'localhost' | def | RESOURCE_GROUP_ADMIN | YES |
+| 'root'@'localhost' | def | RESOURCE_GROUP_USER | YES |
+| 'root'@'localhost' | def | ROLE_ADMIN | YES |
+| 'root'@'localhost' | def | SENSITIVE_VARIABLES_OBSERVER | YES |
+| 'root'@'localhost' | def | SERVICE_CONNECTION_ADMIN | YES |
+| 'root'@'localhost' | def | SESSION_VARIABLES_ADMIN | YES |
+| 'root'@'localhost' | def | SET_ANY_DEFINER | YES |
+| 'root'@'localhost' | def | SHOW_ROUTINE | YES |
+| 'root'@'localhost' | def | SYSTEM_USER | YES |
+| 'root'@'localhost' | def | SYSTEM_VARIABLES_ADMIN | YES |
+| 'root'@'localhost' | def | TABLE_ENCRYPTION_ADMIN | YES |
+| 'root'@'localhost' | def | TELEMETRY_LOG_ADMIN | YES |
+| 'root'@'localhost' | def | TRANSACTION_GTID_TAG | YES |
+| 'root'@'localhost' | def | XA_RECOVER_ADMIN | YES |
+| 'cmc'@'%' | def | USAGE | NO |
++--------------------------------+---------------+---------------------------------+--------------+
+92 rows in set (0.001 sec)
+#+end_src
diff --git a/databases/administrators/mysql/mysql_admins.sql b/databases/administrators/mysql/mysql_admins.sql
new file mode 100644
index 0000000..9115ec5
--- /dev/null
+++ b/databases/administrators/mysql/mysql_admins.sql
@@ -0,0 +1 @@
+SELECT * FROM information_schema.user_privileges;
diff --git a/databases/administrators/mysql/mysql_admins_alt.sql b/databases/administrators/mysql/mysql_admins_alt.sql
new file mode 100644
index 0000000..9552ee2
--- /dev/null
+++ b/databases/administrators/mysql/mysql_admins_alt.sql
@@ -0,0 +1,14 @@
+-- Global Permissions
+SELECT ... FROM mysql.user;
+
+-- Database Permissions
+SELECT ... FROM mysql.db
+WHERE db = @db_name;
+
+-- Table Permissions
+SELECT ... FROM mysql.tables
+WHERE db = @db_name;
+
+-- Column Permissions
+SELECT ... FROM mysql.columns_priv
+WHERE db = @db_name;
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-15 10:14:42 +0000