Adding extra security test for password based on password list

2015-06-12 16:09:59 +02:00 · 2015-06-12 16:09:59 +02:00 · e919e904ba
commit e919e904ba
parent fa47d9cffa
2 changed files with 683 additions and 4 deletions
--- a/basic_passwords.txt
+++ b/basic_passwords.txt
@ -0,0 +1,605 @@
+1
+123456
+porsche
+firebird
+prince
+rosebud
+2
+pa#sword
+guitar
+butter
+beach
+jaguar
+3
+12345678
+chelsea
+united
+amateur
+great
+4
+1234
+black
+turtle
+7777777
+cool
+5
+p#ssy
+diamond
+steelers
+muffin
+cooper
+6
+12345
+nascar
+tiffany
+redsox
+1313
+7
+dragon
+jackson
+zxcvbn
+star
+scorpio
+8
+qwerty
+cameron
+tomcat
+testing
+mountain
+9
+696969
+654321
+golf
+shannon
+madison
+10
+mustang
+computer
+bond007
+murphy
+987654
+11
+letmein
+amanda
+bear
+frank
+brazil
+12
+baseball
+wizard
+tiger
+hannah
+lauren
+13
+master
+xxxxxxxx
+doctor
+dave
+japan
+14
+michael
+money
+gateway
+eagle1
+naked
+15
+football
+phoenix
+gators
+11111
+squirt
+16
+shadow
+mickey
+angel
+mother
+stars
+17
+monkey
+bailey
+junior
+nathan
+apple
+18
+abc123
+knight
+thx1138
+raiders
+alexis
+19
+pa#s
+iceman
+porno
+steve
+aaaa
+20
+f#ckme
+tigers
+badboy
+forever
+bonnie
+21
+6969
+purple
+debbie
+angela
+peaches
+22
+jordan
+andrea
+spider
+viper
+jasmine
+23
+harley
+horny
+melissa
+ou812
+kevin
+24
+ranger
+dakota
+booger
+jake
+matt
+25
+iwantu
+aaaaaa
+1212
+lovers
+qwertyui
+26
+jennifer
+player
+flyers
+suckit
+danielle
+27
+hunter
+sunshine
+fish
+gregory
+beaver
+28
+f#ck
+morgan
+porn
+buddy
+4321
+29
+2000
+starwars
+matrix
+whatever
+4128
+30
+test
+boomer
+teens
+young
+runner
+31
+batman
+cowboys
+scooby
+nicholas
+swimming
+32
+trustno1
+edward
+jason
+lucky
+dolphin
+33
+thomas
+charles
+walter
+helpme
+gordon
+34
+tigger
+girls
+c#mshot
+jackie
+casper
+35
+robert
+booboo
+boston
+monica
+stupid
+36
+access
+coffee
+braves
+midnight
+shit
+37
+love
+xxxxxx
+yankee
+college
+saturn
+38
+buster
+bulldog
+lover
+baby
+gemini
+39
+1234567
+ncc1701
+barney
+c#nt
+apples
+40
+soccer
+rabbit
+victor
+brian
+august
+41
+hockey
+peanut
+tucker
+mark
+3333
+42
+killer
+john
+princess
+startrek
+canada
+43
+george
+johnny
+mercedes
+sierra
+blazer
+44
+sexy
+gandalf
+5150
+leather
+c#mming
+45
+andrew
+spanky
+doggie
+232323
+hunting
+46
+charlie
+winter
+zzzzzz
+4444
+kitty
+47
+superman
+brandy
+gunner
+beavis
+rainbow
+48
+a#shole
+compaq
+horney
+bigc#ck
+112233
+49
+f#ckyou
+carlos
+bubba
+happy
+arthur
+50
+dallas
+tennis
+2112
+sophie
+cream
+51
+jessica
+james
+fred
+ladies
+calvin
+52
+panties
+mike
+johnson
+naughty
+shaved
+53
+pepper
+brandon
+xxxxx
+giants
+surfer
+54
+1111
+fender
+tits
+booty
+samson
+55
+austin
+anthony
+member
+blonde
+kelly
+56
+william
+blowme
+boobs
+f#cked
+paul
+57
+daniel
+ferrari
+donald
+golden
+mine
+58
+golfer
+cookie
+bigdaddy
+0
+king
+59
+summer
+chicken
+bronco
+fire
+racing
+60
+heather
+maverick
+penis
+sandra
+5555
+61
+hammer
+chicago
+voyager
+pookie
+eagle
+62
+yankees
+joseph
+rangers
+packers
+hentai
+63
+joshua
+diablo
+birdie
+einstein
+newyork
+64
+maggie
+sexsex
+trouble
+dolphins
+little
+65
+biteme
+hardcore
+white
+0
+redwings
+66
+enter
+666666
+topgun
+chevy
+smith
+67
+ashley
+willie
+bigtits
+winston
+sticky
+68
+thunder
+welcome
+bitches
+warrior
+cocacola
+69
+cowboy
+chris
+green
+sammy
+animal
+70
+silver
+panther
+super
+slut
+broncos
+71
+richard
+yamaha
+qazwsx
+8675309
+private
+72
+f#cker
+justin
+magic
+zxcvbnm
+skippy
+73
+orange
+banana
+lakers
+nipples
+marvin
+74
+merlin
+driver
+rachel
+power
+blondes
+75
+michelle
+marine
+slayer
+victoria
+enjoy
+76
+corvette
+angels
+scott
+asdfgh
+girl
+77
+bigdog
+fishing
+2222
+vagina
+apollo
+78
+cheese
+david
+asdf
+toyota
+parker
+79
+matthew
+maddog
+video
+travis
+qwert
+80
+121212
+hooters
+london
+hotdog
+time
+81
+patrick
+wilson
+7777
+paris
+sydney
+82
+martin
+butthead
+marlboro
+rock
+women
+83
+freedom
+dennis
+srinivas
+xxxx
+voodoo
+84
+ginger
+f#cking
+internet
+extreme
+magnum
+85
+bl#wjob
+captain
+action
+redskins
+juice
+86
+nicole
+bigdick
+carter
+erotic
+abgrtyu
+87
+sparky
+chester
+jasper
+dirty
+777777
+88
+yellow
+smokey
+monster
+ford
+dreams
+89
+camaro
+xavier
+teresa
+freddy
+maxwell
+90
+secret
+steven
+jeremy
+arsenal
+music
+91
+dick
+viking
+11111111
+access14
+rush2112
+92
+falcon
+snoopy
+bill
+wolf
+russia
+93
+taylor
+blue
+crystal
+nipple
+scorpion
+94
+111111
+eagles
+peter
+iloveyou
+rebecca
+95
+131313
+winner
+p#ssies
+alex
+tester
+96
+123123
+samantha
+c#ck
+florida
+mistress
+97
+bitch
+house
+beer
+eric
+phantom
+98
+hello
+miller
+rocket
+legend
+billy
+99
+scooter
+flower
+theman
+movie
+6666
+100
+please
+jack
+oliver
+success
+albert
+mysql
+MySQL
+Mysql
+Dba
+dba
--- a/mysqltuner.pl
+++ b/mysqltuner.pl
@ -1,5 +1,5 @@
 #!/usr/bin/perl -w
-# mysqltuner.pl - Version 1.4.0
+# mysqltuner.pl - Version 1.4.1
 # High Performance MySQL Tuning Script
 # Copyright (C) 2006-2014 Major Hayden - major@mhtx.net
 #
@ -39,9 +39,10 @@ use warnings;
 use diagnostics;
 use File::Spec;
 use Getopt::Long;
-
+use File::Basename;
+use Cwd 'abs_path';
 # Set up a few variables for use in the script
-my $tunerversion = "1.4.0";
+my $tunerversion = "1.4.1";
 my (@adjvars, @generalrec);

 # Set defaults
@ -126,6 +127,8 @@ sub usage {

 my $devnull = File::Spec->devnull();

+my $basic_password_files=abs_path(dirname(__FILE__))."/basic_passwords.txt";
+print "$basic_password_files";
 # Setting up the colors for the print styles
 my $good = ($opt{nocolor} == 0)? "[\e[0;32mOK\e[0m]" : "[OK]" ;
 my $bad = ($opt{nocolor} == 0)? "[\e[0;31m!!\e[0m]" : "[!!]" ;
@ -454,16 +457,87 @@ sub get_all_vars {
 	}
 }

+sub get_basic_passwords {
+	my $file=shift;
+	open (FH, "< $file") or die "Can't open $file for read: $!";
+	my @lines = <FH>;
+	close FH or die "Cannot close $file: $!";
+	return @lines 
+}
+
 sub security_recommendations {
 	print "\n-------- Security Recommendations  -------------------------------------------\n";
-	my @mysqlstatlist = `$mysqlcmd $mysqllogin -Bse "SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE password = '' OR password IS NULL;"`;
+	# Looking for Anonymous users
+	my @mysqlstatlist = `$mysqlcmd $mysqllogin -Bse "SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE TRIM(USER) = '' OR USER IS NULL ;"`;
+	if (@mysqlstatlist) {
+		foreach my $line (sort @mysqlstatlist) {
+			chomp($line);
+			badprint "User '".$line."' is an anonymous account.\n";
+		}
+		push(@generalrec, "Remove Anonymous User account - there is ".scalar(@mysqlstatlist). " Anonymous account.");
+	} else {
+		goodprint "There is no anonymous account in all database users\n";
+	} 
+
+	# Looking for Empty Password
+	@mysqlstatlist = `$mysqlcmd $mysqllogin -Bse "SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE password = '' OR password IS NULL;"`;
 	if (@mysqlstatlist) {
 		foreach my $line (sort @mysqlstatlist) {
 			chomp($line);
 			badprint "User '".$line."' has no password set.\n";
 		}
+		push(@generalrec, "Set up a Password for user with the following SQL statement ( SET PASSWORD FOR 'user'\@'SpecificDNSorIp' = PASSWORD('secure_password'); )");
 	} else {
 		goodprint "All database users have passwords assigned\n";
+	} 
+
+	# Looking for User with user/ uppercase /capitalise user as password
+	@mysqlstatlist = `$mysqlcmd $mysqllogin -Bse "SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE password = PASSWORD(user) OR password = PASSWORD(UPPER(user)) OR password = PASSWORD(UPPER(LEFT(User, 1)) + SUBSTRING(User, 2, LENGTH(User)));"`;
+	if (@mysqlstatlist) {
+		foreach my $line (sort @mysqlstatlist) {
+			chomp($line);
+			badprint "User '".$line."' has user name as password.\n";
+		}
+		push(@generalrec, "Set up a Secure Password for user\@host ( SET PASSWORD FOR  'user'\@'SpecificDNSorIp' = PASSWORD('secure_password'); )");
+	}
+
+	@mysqlstatlist = `$mysqlcmd $mysqllogin -Bse "SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE HOST='%';"`;
+	if (@mysqlstatlist) {
+		foreach my $line (sort @mysqlstatlist) {
+			chomp($line);
+			badprint "User '".$line."' hasn't specific host restriction.\n";
+		}
+		push(@generalrec, "Restrict Host for user\@% to user\@SpecificDNSorIp");
+	}
+
+	unless (-f $basic_password_files) {
+		badprint "There is not basic password file list !";
+		return;
+	}
+	
+	my @passwords=get_basic_passwords $basic_password_files;
+	infoprint "There is ". scalar(@passwords). " basic passwords in the list.\n";
+	my $nbins=0;
+	my $passreq;
+	if (@passwords) {
+		foreach my $pass (@passwords) {
+			$pass=~s/\s//g;
+			chomp($pass);
+			# Looking for User with user/ uppercase /capitalise weak password
+			$passreq="SELECT CONCAT(user, '\@', host) FROM mysql.user WHERE password = PASSWORD('".$pass."') OR password = PASSWORD(UPPER('".$pass."')) OR password = PASSWORD(UPPER(LEFT('".$pass."', 1)) + SUBSTRING('".$pass."', 2, LENGTH('".$pass."')));\n";
+			@mysqlstatlist = `$mysqlcmd $mysqllogin -Bse "$passreq"`;
+			infoprint "There is ".scalar (@mysqlstatlist). " items.\n";
+			if (@mysqlstatlist) {
+				foreach my $line (@mysqlstatlist) {
+					chomp($line);
+					badprint "User '".$line."' is using weak pasword: $pass in a lower, upper or capitalize derivated version.\n";
+					$nbins++;
+				}
+			}
+		}
+	}
+	if ($nbins>0) {
+		push(@generalrec, $nbins. " user(s) used basic or weaked password.");
 	}
 }