[PMM-7506] [STT] Reduce False Positives due to Roles automatically created in PXC with no password but cannot be used to login - Percona JIRA

XML

Word

Printable

Details

Type: Improvement
Status: Done
Priority: Low
Resolution: Done
Affects Version/s: 2.14.0
Fix Version/s: 2.16.0
Component/s: Security Threat Tool
Labels:
- pmmframework/diagnose&troubleshoot

Story Points:
0
Sprint:
04 - Portal, 05 - Portal
Needs Review:
Yes
Needs QA:
Yes
Platform Team:
Portal

Description

Some internal accounts are created in PXC 8.0.x for XtraBackup.
mysql.pxc.internal.session
mysql.pxc.sst.user
mysql.pxc.sst.role

The last one is generated with no password.

The mysql.pxc.sst.role is the MySQL role that provides the privileges needed for XtraBackup. This allows for easy addition/removal of privileges needed for an SST.

So this account is triggering an alert by "MySQL Empty Password" check.
mysql.pxc.sst.role user has to be excluded as a false positive from this check.

Note we should not just "ignore these users" but see if we can incorporate a check to ignore users with blank passwords that are locked... that way if the user account is inadvertantly unlocked it WILL alert...and WILL be a security issue.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Screenshot 2021-03-12 at 18.42.21.png
206 kB
12/Mar/21 4:44 PM
Screenshot 2021-03-12 at 18.42.44.png
456 kB
12/Mar/21 4:44 PM

Activity

People

Assignee:: Vadim Yalovets

Reporter:: Vadim Yalovets

Reviewer:: Alok Kumar

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 12/Feb/21 11:03 AM

Updated:: 16/Apr/21 2:56 PM

Resolved:: 16/Apr/21 2:56 PM

Time Tracking

Estimated:

Not Specified

Remaining:

Not Specified

Logged:

7h 30m

Details

Description

Attachments

Attachments

Activity

People

Dates

Time Tracking

Smart Checklist