Uploaded image for project: 'Percona Monitoring and Management'
  1. Percona Monitoring and Management
  2. PMM-7506

[STT] Reduce False Positives due to Roles automatically created in PXC with no password but cannot be used to login

    XMLWordPrintable

    Details

    • Story Points:
      0
    • Sprint:
      04 - Portal, 05 - Portal
    • Needs Review:
      Yes
    • Needs QA:
      Yes
    • Platform Team:
      Portal

      Description

      Some internal accounts are created in PXC 8.0.x for XtraBackup.
      mysql.pxc.internal.session
      mysql.pxc.sst.user
      mysql.pxc.sst.role

      The last one is generated with no password.

      The mysql.pxc.sst.role is the MySQL role that provides the privileges needed for XtraBackup. This allows for easy addition/removal of privileges needed for an SST.

      So this account is triggering an alert by "MySQL Empty Password" check.
      mysql.pxc.sst.role user has to be excluded as a false positive from this check.
       

      Note we should not just "ignore these users" but see if we can incorporate a check to ignore users with blank passwords that are locked...  that way if the user account is inadvertantly unlocked it WILL alert...and WILL be a security issue. 

        Attachments

        1. Screenshot 2021-03-12 at 18.42.21.png
          206 kB
          Zoriana Stefanyshyn
        2. Screenshot 2021-03-12 at 18.42.44.png
          456 kB
          Zoriana Stefanyshyn

          Activity

            People

            Assignee:
            vadim.yalovets Vadim Yalovets
            Reporter:
            vadim.yalovets Vadim Yalovets
            Reviewer:
            Alok Kumar
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 7 hours, 30 minutes
                7h 30m

                  Smart Checklist