Bug #60697 False Positives for Root Account Can Login Remotely
Submitted: 30 Mar 2011 8:36 Modified: 26 May 2011 2:05
Reporter: Daniël van Eeden Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Enterprise Monitor: Advisors/Rules Severity:S3 (Non-critical)
Version:2.3.1 OS:Any
Assigned to: CPU Architecture:Any
Tags: Contribution, patch
Triage: Needs Triage: D3 (Medium)

[30 Mar 2011 8:36] Daniël van Eeden
Description:
Since MySQL 5.5 ::1 is also alowed. The "False Positives for Root Account Can Login Remotely" v1.5 rule only uses localhost and 127.0.0.1 als local and thus this rule triggers on 5.5 while it shouldn't.

How to repeat:
Schedule this rule on a 5.5.8 node.

Suggested fix:
--- items-mysql-monitor.xml.old	2011-03-30 10:23:24.000000000 +0200
+++ items-mysql-monitor.xml.new	2011-03-30 10:33:00.000000000 +0200
@@ -26,7 +26,7 @@
 	<class>
 		<namespace>mysql</namespace>
 		<classname>root_remote_login</classname>
-		<query><![CDATA[SELECT COUNT(*) as remote_login FROM mysql.user WHERE user='root' AND host <> 'localhost' AND host <> '127.0.0.1']]></query>
+		<query><![CDATA[SELECT COUNT(*) as remote_login FROM mysql.user WHERE user='root' AND host <> 'localhost' AND host <> '127.0.0.1' AND host <> '::1']]></query>
 	</class>
 	<class>
 		<namespace>mysql</namespace>
[31 Mar 2011 10:36] Valeriy Kravchuk
Thank you for the problem report and patch contributed. Verified by code review.
[26 May 2011 2:05] John Russell
Added to 2.3.4 changelog:

       The rule Root Account Can Login Remotely could
        give an incorrect warning on MySQL 5.5, if the root account
        logged in using the local specification ::1
        (for the IPv6 loopback interface).