| Bug #51782 | One of the MEM advisors' suggestions could recommend a better action | ||
|---|---|---|---|
| Submitted: | 5 Mar 2010 20:46 | Modified: | 24 May 2010 14:40 |
| Reporter: | Ben Krug | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Enterprise Monitor: Advisors/Rules | Severity: | S4 (Feature request) |
| Version: | OS: | Any | |
| Assigned to: | Andy Bang | CPU Architecture: | Any |
[13 May 2010 23:34]
Enterprise Tools JIRA Robot
Andy Bang writes: In build 2.2.1.1719.
[14 May 2010 21:10]
Enterprise Tools JIRA Robot
Marcos Palacios writes: Verified fixed in advisor bundle 2.2.0.1719.
[24 May 2010 14:40]
MC Brown
No changelog entry required (and the details for this item are in the auto-generated content).
Description: A customer noticed that "the following info alert suggests delete from mysql.user.... why not drop user 'username'@'hostname'? I mean deleting from mysql.user would still leave entries in mysql.db, mysql.tables_priv, mysql.procs_priv etc INFO Alert - Root Account Can Login Remotely (v 1.3 *) Advice Remove remote login capabilities for the root user account. Recommended Action DELETE FROM mysql.user WHERE user = 'root' AND host NOT IN ('localhost','127.0.0.1'); FLUSH PRIVILEGES;" How to repeat: check advisors for system with non-local root accounts Suggested fix: Perhaps something like this? Run the following query on the server: select concat('DROP USER root@''',host,''';') from mysql.user where user='root' and host not in ('localhost','127.0.0.1'); If any rows are returned, use them in order to drop any root access from hosts other than the localhost.