Uploaded image for project: 'Percona Monitoring and Management'
  1. Percona Monitoring and Management
  2. PMM-7506

[STT] Reduce False Positives due to Roles automatically created in PXC with no password but cannot be used to login

Details

    • 0
    • Yes
    • Yes
    • [obsolete] Portal

    Description

      Some internal accounts are created in PXC 8.0.x for XtraBackup.
      mysql.pxc.internal.session
      mysql.pxc.sst.user
      mysql.pxc.sst.role

      The last one is generated with no password.

      The mysql.pxc.sst.role is the MySQL role that provides the privileges needed for XtraBackup. This allows for easy addition/removal of privileges needed for an SST.

      So this account is triggering an alert by "MySQL Empty Password" check.
      mysql.pxc.sst.role user has to be excluded as a false positive from this check.
       

      Note we should not just "ignore these users" but see if we can incorporate a check to ignore users with blank passwords that are locked...  that way if the user account is inadvertantly unlocked it WILL alert...and WILL be a security issue. 

      Attachments

        Activity

          People

            vadim.yalovets Vadim Yalovets
            vadim.yalovets Vadim Yalovets
            Alok Kumar Alok Kumar
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 7 hours, 30 minutes
                7h 30m

                Smart Checklist