diff --git a/basic_passwords.txt b/basic_passwords.txt new file mode 100644 index 0000000..5e2a4f4 --- /dev/null +++ b/basic_passwords.txt @@ -0,0 +1,605 @@ +1 +123456 +porsche +firebird +prince +rosebud +2 +pa#sword +guitar +butter +beach +jaguar +3 +12345678 +chelsea +united +amateur +great +4 +1234 +black +turtle +7777777 +cool +5 +p#ssy +diamond +steelers +muffin +cooper +6 +12345 +nascar +tiffany +redsox +1313 +7 +dragon +jackson +zxcvbn +star +scorpio +8 +qwerty +cameron +tomcat +testing +mountain +9 +696969 +654321 +golf +shannon +madison +10 +mustang +computer +bond007 +murphy +987654 +11 +letmein +amanda +bear +frank +brazil +12 +baseball +wizard +tiger +hannah +lauren +13 +master +xxxxxxxx +doctor +dave +japan +14 +michael +money +gateway +eagle1 +naked +15 +football +phoenix +gators +11111 +squirt +16 +shadow +mickey +angel +mother +stars +17 +monkey +bailey +junior +nathan +apple +18 +abc123 +knight +thx1138 +raiders +alexis +19 +pa#s +iceman +porno +steve +aaaa +20 +f#ckme +tigers +badboy +forever +bonnie +21 +6969 +purple +debbie +angela +peaches +22 +jordan +andrea +spider +viper +jasmine +23 +harley +horny +melissa +ou812 +kevin +24 +ranger +dakota +booger +jake +matt +25 +iwantu +aaaaaa +1212 +lovers +qwertyui +26 +jennifer +player +flyers +suckit +danielle +27 +hunter +sunshine +fish +gregory +beaver +28 +f#ck +morgan +porn +buddy +4321 +29 +2000 +starwars +matrix +whatever +4128 +30 +test +boomer +teens +young +runner +31 +batman +cowboys +scooby +nicholas +swimming +32 +trustno1 +edward +jason +lucky +dolphin +33 +thomas +charles +walter +helpme +gordon +34 +tigger +girls +c#mshot +jackie +casper +35 +robert +booboo +boston +monica +stupid +36 +access +coffee +braves +midnight +shit +37 +love +xxxxxx +yankee +college +saturn +38 +buster +bulldog +lover +baby +gemini +39 +1234567 +ncc1701 +barney +c#nt +apples +40 +soccer +rabbit +victor +brian +august +41 +hockey +peanut +tucker +mark +3333 +42 +killer +john +princess +startrek +canada +43 +george +johnny +mercedes +sierra +blazer +44 +sexy +gandalf +5150 +leather +c#mming +45 +andrew +spanky +doggie +232323 +hunting +46 +charlie +winter +zzzzzz +4444 +kitty +47 +superman +brandy +gunner +beavis +rainbow +48 +a#shole +compaq +horney +bigc#ck +112233 +49 +f#ckyou +carlos +bubba +happy +arthur +50 +dallas +tennis +2112 +sophie +cream +51 +jessica +james +fred +ladies +calvin +52 +panties +mike +johnson +naughty +shaved +53 +pepper +brandon +xxxxx +giants +surfer +54 +1111 +fender +tits +booty +samson +55 +austin +anthony +member +blonde +kelly +56 +william +blowme +boobs +f#cked +paul +57 +daniel +ferrari +donald +golden +mine +58 +golfer +cookie +bigdaddy +0 +king +59 +summer +chicken +bronco +fire +racing +60 +heather +maverick +penis +sandra +5555 +61 +hammer +chicago +voyager +pookie +eagle +62 +yankees +joseph +rangers +packers +hentai +63 +joshua +diablo +birdie +einstein +newyork +64 +maggie +sexsex +trouble +dolphins +little +65 +biteme +hardcore +white +0 +redwings +66 +enter +666666 +topgun +chevy +smith +67 +ashley +willie +bigtits +winston +sticky +68 +thunder +welcome +bitches +warrior +cocacola +69 +cowboy +chris +green +sammy +animal +70 +silver +panther +super +slut +broncos +71 +richard +yamaha +qazwsx +8675309 +private +72 +f#cker +justin +magic +zxcvbnm +skippy +73 +orange +banana +lakers +nipples +marvin +74 +merlin +driver +rachel +power +blondes +75 +michelle +marine +slayer +victoria +enjoy +76 +corvette +angels +scott +asdfgh +girl +77 +bigdog +fishing +2222 +vagina +apollo +78 +cheese +david +asdf +toyota +parker +79 +matthew +maddog +video +travis +qwert +80 +121212 +hooters +london +hotdog +time +81 +patrick +wilson +7777 +paris +sydney +82 +martin +butthead +marlboro +rock +women +83 +freedom +dennis +srinivas +xxxx +voodoo +84 +ginger +f#cking +internet +extreme +magnum +85 +bl#wjob +captain +action +redskins +juice +86 +nicole +bigdick +carter +erotic +abgrtyu +87 +sparky +chester +jasper +dirty +777777 +88 +yellow +smokey +monster +ford +dreams +89 +camaro +xavier +teresa +freddy +maxwell +90 +secret +steven +jeremy +arsenal +music +91 +dick +viking +11111111 +access14 +rush2112 +92 +falcon +snoopy +bill +wolf +russia +93 +taylor +blue +crystal +nipple +scorpion +94 +111111 +eagles +peter +iloveyou +rebecca +95 +131313 +winner +p#ssies +alex +tester +96 +123123 +samantha +c#ck +florida +mistress +97 +bitch +house +beer +eric +phantom +98 +hello +miller +rocket +legend +billy +99 +scooter +flower +theman +movie +6666 +100 +please +jack +oliver +success +albert +mysql +MySQL +Mysql +Dba +dba diff --git a/mysqltuner.pl b/mysqltuner.pl index 4250c54..f945b38 100755 --- a/mysqltuner.pl +++ b/mysqltuner.pl @@ -1,5 +1,5 @@ #!/usr/bin/perl -w -# mysqltuner.pl - Version 1.4.0 +# mysqltuner.pl - Version 1.4.1 # High Performance MySQL Tuning Script # Copyright (C) 2006-2014 Major Hayden - major@mhtx.net # @@ -39,9 +39,10 @@ use warnings; use diagnostics; use File::Spec; use Getopt::Long; - +use File::Basename; +use Cwd 'abs_path'; # Set up a few variables for use in the script -my $tunerversion = "1.4.0"; +my $tunerversion = "1.4.1"; my (@adjvars, @generalrec); # Set defaults @@ -125,6 +126,7 @@ sub usage { } my $devnull = File::Spec->devnull(); +my $basic_password_files=abs_path(dirname(__FILE__))."/basic_passwords.txt"; # Setting up the colors for the print styles my $good = ($opt{nocolor} == 0)? "[\e[0;32mOK\e[0m]" : "[OK]" ; @@ -454,16 +456,87 @@ sub get_all_vars { } } +sub get_basic_passwords { + my $file=shift; + open (FH, "< $file") or die "Can't open $file for read: $!"; + my @lines = ; + close FH or die "Cannot close $file: $!"; + return @lines +} + sub security_recommendations { print "\n-------- Security Recommendations -------------------------------------------\n"; - my @mysqlstatlist = `$mysqlcmd $mysqllogin -Bse "SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE password = '' OR password IS NULL;"`; + # Looking for Anonymous users + my @mysqlstatlist = `$mysqlcmd $mysqllogin -Bse "SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE TRIM(USER) = '' OR USER IS NULL ;"`; + if (@mysqlstatlist) { + foreach my $line (sort @mysqlstatlist) { + chomp($line); + badprint "User '".$line."' is an anonymous account.\n"; + } + push(@generalrec, "Remove Anonymous User account - there is ".scalar(@mysqlstatlist). " Anonymous account."); + } else { + goodprint "There is no anonymous account in all database users\n"; + } + + # Looking for Empty Password + @mysqlstatlist = `$mysqlcmd $mysqllogin -Bse "SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE password = '' OR password IS NULL;"`; if (@mysqlstatlist) { foreach my $line (sort @mysqlstatlist) { chomp($line); badprint "User '".$line."' has no password set.\n"; } + push(@generalrec, "Set up a Password for user with the following SQL statement ( SET PASSWORD FOR 'user'\@'SpecificDNSorIp' = PASSWORD('secure_password'); )"); } else { goodprint "All database users have passwords assigned\n"; + } + + # Looking for User with user/ uppercase /capitalise user as password + @mysqlstatlist = `$mysqlcmd $mysqllogin -Bse "SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE password = PASSWORD(user) OR password = PASSWORD(UPPER(user)) OR password = PASSWORD(UPPER(LEFT(User, 1)) + SUBSTRING(User, 2, LENGTH(User)));"`; + if (@mysqlstatlist) { + foreach my $line (sort @mysqlstatlist) { + chomp($line); + badprint "User '".$line."' has user name as password.\n"; + } + push(@generalrec, "Set up a Secure Password for user\@host ( SET PASSWORD FOR 'user'\@'SpecificDNSorIp' = PASSWORD('secure_password'); )"); + } + + @mysqlstatlist = `$mysqlcmd $mysqllogin -Bse "SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE HOST='%';"`; + if (@mysqlstatlist) { + foreach my $line (sort @mysqlstatlist) { + chomp($line); + badprint "User '".$line."' hasn't specific host restriction.\n"; + } + push(@generalrec, "Restrict Host for user\@% to user\@SpecificDNSorIp"); + } + + unless (-f $basic_password_files) { + badprint "There is not basic password file list !"; + return; + } + + my @passwords=get_basic_passwords $basic_password_files; + infoprint "There is ". scalar(@passwords). " basic passwords in the list.\n"; + my $nbins=0; + my $passreq; + if (@passwords) { + foreach my $pass (@passwords) { + $pass=~s/\s//g; + chomp($pass); + # Looking for User with user/ uppercase /capitalise weak password + $passreq="SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE password = PASSWORD('".$pass."') OR password = PASSWORD(UPPER('".$pass."')) OR password = PASSWORD(UPPER(LEFT('".$pass."', 1)) + SUBSTRING('".$pass."', 2, LENGTH('".$pass."')));\n"; + @mysqlstatlist = `$mysqlcmd $mysqllogin -Bse "$passreq"`; + #infoprint "There is ".scalar (@mysqlstatlist). " items.\n"; + if (@mysqlstatlist) { + foreach my $line (@mysqlstatlist) { + chomp($line); + badprint "User '".$line."' is using weak pasword: $pass in a lower, upper or capitalize derivated version.\n"; + $nbins++; + } + } + } + } + if ($nbins>0) { + push(@generalrec, $nbins. " user(s) used basic or weaked password."); } }