From 86db2585623515fe38347811ec4bf46565d2c44b Mon Sep 17 00:00:00 2001 From: Christian Cleberg Date: Fri, 25 Apr 2025 17:37:39 -0500 Subject: MySQL & Postgres Enhancements (#5) * remove mysql login script and add password script * move excess mysql password query to new script * add db admin folders * add postgres * add mongo admins script * Commit from GitHub Actions (Ruff) * update tests for mysql and postgres * update tests for mysql and postgres --------- Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> --- databases/passwords/mysql/README.org | 76 ++++++++++++++++++++++++++++++ databases/passwords/mysql/passwords.sql | 13 +++++ databases/passwords/postgres/README.org | 31 ++++++++++++ databases/passwords/postgres/passwords.sql | 18 +++++++ 4 files changed, 138 insertions(+) create mode 100644 databases/passwords/mysql/README.org create mode 100644 databases/passwords/mysql/passwords.sql create mode 100644 databases/passwords/postgres/README.org create mode 100644 databases/passwords/postgres/passwords.sql (limited to 'databases/passwords') diff --git a/databases/passwords/mysql/README.org b/databases/passwords/mysql/README.org new file mode 100644 index 0000000..b843bd1 --- /dev/null +++ b/databases/passwords/mysql/README.org @@ -0,0 +1,76 @@ +#+title: MySQL Passwords + +* =mysql_admins.sql= + +#+begin_src sql +SELECT user, host, plugin FROM mysql.user; +#+end_src + +#+begin_src +mysql> SELECT user, host, plugin FROM mysql.user; ++------------------+-----------+-----------------------+ +| user | host | plugin | ++------------------+-----------+-----------------------+ +| cmc | % | caching_sha2_password | +| mysql.infoschema | localhost | caching_sha2_password | +| mysql.session | localhost | caching_sha2_password | +| mysql.sys | localhost | caching_sha2_password | +| root | localhost | caching_sha2_password | ++------------------+-----------+-----------------------+ +5 rows in set (0.001 sec) +#+end_src + +#+begin_src sql +SHOW GLOBAL VARIABLES LIKE 'validate_password%'; +SHOW VARIABLES LIKE 'validate_password%'; +#+end_src + +#+begin_src +mysql> SHOW GLOBAL VARIABLES LIKE 'validate_password%'; ++-------------------------------------------------+--------+ +| Variable_name | Value | ++-------------------------------------------------+--------+ +| validate_password.changed_characters_percentage | 0 | +| validate_password.check_user_name | ON | +| validate_password.dictionary_file | | +| validate_password.length | 8 | +| validate_password.mixed_case_count | 1 | +| validate_password.number_count | 1 | +| validate_password.policy | MEDIUM | +| validate_password.special_char_count | 1 | ++-------------------------------------------------+--------+ +8 rows in set (0.004 sec) + +mysql> SHOW VARIABLES LIKE 'validate_password%'; ++-------------------------------------------------+--------+ +| Variable_name | Value | ++-------------------------------------------------+--------+ +| validate_password.changed_characters_percentage | 0 | +| validate_password.check_user_name | ON | +| validate_password.dictionary_file | | +| validate_password.length | 8 | +| validate_password.mixed_case_count | 1 | +| validate_password.number_count | 1 | +| validate_password.policy | MEDIUM | +| validate_password.special_char_count | 1 | ++-------------------------------------------------+--------+ +8 rows in set (0.004 sec) +#+end_src + +#+begin_src sql +SELECT * FROM mysql.user +#+end_src + +#+begin_src +MySQL [(none)]> SELECT * FROM mysql.user; ++-----------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+------------------------------------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+ +| Host | User | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv | Reload_priv | Shutdown_priv | Process_priv | File_priv | Grant_priv | References_priv | Index_priv | Alter_priv | Show_db_priv | Super_priv | Create_tmp_table_priv | Lock_tables_priv | Execute_priv | Repl_slave_priv | Repl_client_priv | Create_view_priv | Show_view_priv | Create_routine_priv | Alter_routine_priv | Create_user_priv | Event_priv | Trigger_priv | Create_tablespace_priv | ssl_type | ssl_cipher | x509_issuer | x509_subject | max_questions | max_updates | max_connections | max_user_connections | plugin | authentication_string | password_expired | password_last_changed | password_lifetime | account_locked | Create_role_priv | Drop_role_priv | Password_reuse_history | Password_reuse_time | Password_require_current | User_attributes | ++-----------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+------------------------------------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+ +| % | cmc | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | | N | 2025-04-25 16:28:52 | NULL | N | N | N | NULL | NULL | NULL | NULL | +| localhost | mysql.infoschema | Y | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | N | 2025-04-25 15:51:53 | NULL | Y | N | N | NULL | NULL | NULL | NULL | +| localhost | mysql.session | N | N | N | N | N | N | N | Y | N | N | N | N | N | N | N | Y | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | N | 2025-04-25 15:51:53 | NULL | Y | N | N | NULL | NULL | NULL | NULL | +| localhost | mysql.sys | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | N | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | N | 2025-04-25 15:51:53 | NULL | Y | N | N | NULL | NULL | NULL | NULL | +| localhost | root | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | Y | | | | | 0 | 0 | 0 | 0 | caching_sha2_password | | N | 2025-04-25 15:51:53 | NULL | N | Y | Y | NULL | NULL | NULL | NULL | ++-----------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+-------------+---------------+--------------+-----------+------------+-----------------+------------+------------+--------------+------------+-----------------------+------------------+--------------+-----------------+------------------+------------------+----------------+---------------------+--------------------+------------------+------------+--------------+------------------------+----------+------------+-------------+--------------+---------------+-------------+-----------------+----------------------+-----------------------+------------------------------------------------------------------------+------------------+-----------------------+-------------------+----------------+------------------+----------------+------------------------+---------------------+--------------------------+-----------------+ +5 rows in set (0.005 sec) +#+end_src diff --git a/databases/passwords/mysql/passwords.sql b/databases/passwords/mysql/passwords.sql new file mode 100644 index 0000000..1a5bf81 --- /dev/null +++ b/databases/passwords/mysql/passwords.sql @@ -0,0 +1,13 @@ +-- NOTE: Please review the server's "my.cnf" file for default values; +-- OR: run the "SHOW [GLOBAL | SESSION] VARIABLES" command(s) on the database. + +-- Authentication methods only +SELECT user, host, plugin FROM mysql.user; + +-- Default password configuration only +SHOW GLOBAL VARIABLES LIKE 'validate_password%'; +SHOW VARIABLES LIKE 'validate_password%'; + +-- Authentication methods and MySQL password configurations +-- Reference: https://mariadb.com/kb/en/mysql-user-table/ +SELECT * FROM mysql.user diff --git a/databases/passwords/postgres/README.org b/databases/passwords/postgres/README.org new file mode 100644 index 0000000..694aa4e --- /dev/null +++ b/databases/passwords/postgres/README.org @@ -0,0 +1,31 @@ +#+title: Postgres Passwords + +* =passwords.sql= + +#+begin_src sql +SELECT * +FROM pg_settings +WHERE name LIKE 'password_%'; +#+end_src + +#+begin_src +| name | setting | unit | category | short_desc | extra_desc | context | vartype | source | min_val | max_val | enumvals | boot_val | reset_val | sourcefile | sourceline | pending_restart | +|---------------------+---------------+------+-------------------------------------------------+-------------------------------------------------+------------+---------+---------+---------+---------+---------+---------------------+---------------+---------------+------------+------------+-----------------| +| password_encryption | scram-sha-256 | | Connections and Authentication / Authentication | Chooses the algorithm for encrypting passwords. | | user | enum | default | | | {md5,scram-sha-256} | scram-sha-256 | scram-sha-256 | | | false | +#+end_src + +#+begin_src sql +SELECT + usename AS user_name, + passwd AS password, + valuntil AS valid_until, + useconfig AS user_config +FROM pg_shadow; +#+end_src + +#+begin_src +| user_name | password | valid_until | user_config | +|-----------+---------------------------------------------------------------------------------------------------------------------------------------+------------------------+-------------| +| cmc | | | | +| testuser | SCRAM-SHA-256$4096:+NSpEU+8afhJ4BUTkzdKeg==$FGIRcTWr89b42qkLUl4Ntfp4RUpoc3GIpLHqJl/fWZE=:o1UM8YiEj5SLV5l/geMuqXMRi6onWazryn/l+LXYMxU= | 2025-12-31 00:00:00-06 | | +#+end_src diff --git a/databases/passwords/postgres/passwords.sql b/databases/passwords/postgres/passwords.sql new file mode 100644 index 0000000..cb81cd6 --- /dev/null +++ b/databases/passwords/postgres/passwords.sql @@ -0,0 +1,18 @@ +-- References: +-- : https://www.postgresql.org/docs/current/view-pg-shadow.html +-- : https://www.postgresql.org/docs/current/auth-password.html +-- : https://www.postgresql.org/docs/current/auth-password.html#AUTH-PASSWORD-ENCRYPTION +-- : https://www.postgresql.org/docs/current/runtime-config.html + +-- Defined password configuration +SELECT * +FROM pg_settings +WHERE name LIKE 'password_%'; + +-- Users and their password configurations +SELECT + usename AS user_name, + passwd AS password, + valuntil AS valid_until, + useconfig AS user_config +FROM pg_shadow; \ No newline at end of file -- cgit v1.2.3-70-g09d2