Find the real killer: who is connecting to my database?

Source: Internet
Author: User

Find the real killer: who is connecting to my database?

Qunyingliu

2014.10.31

Background:

Database migration needs to comb the database authentication information, the business database configuration information is relatively loose, the known has been modified but there are always some orders.

How do you find the real killer?

1. Log in to the database server to view the network links to the database:

SSH 1.1.

Netstat-ntp|grep "Database IP: Database Port"

View the connections already established on the database server, as shown in:

TCP 0 0 10.1.1.85:3306 10.2.1.33:3610 established 13025/mysqld

For a machine network connection that cannot be viewed, the source IP and port number can be determined by MySQL---->show processlist:

mysql> show processlist;+-----------+------------+----------------------+------+-------------+--- -------+----------------------------------------------------------------+-------------------------------------- ----------------------------------------------------------------+| id         | User       | Host                  | db   |  command     | time     | state                                                              | info                                                                                                      |+-----------+------------+----------------------+------+-------------+--- -------+----------------------------------------------------------------+-------------------------------------- ----------------------------------------------------------------+| 204883537 | hehe     | 10.2.1.33:3610  | null | select * from a.table  | 13428752  |sleep| null 

2. Log in to the business Server that is connected to the database, such as 10.2.1.33

View via network connection Status:

TCP 0 0 10.2.1.33:3610 10.1.1.85:3306 established 709/datasend

In general, through the network connection status can see the corresponding process ID and process name, such as PID 709, process named Datasend (a random name).

However, there are times when you encounter the following situations:

TCP 0 0 10.2.1.33:3610 10.1.1.85:3306 established-----

Where is the process ID and process name replaced by a horizontal line or a set of horizontal lines?


3. Through the Lsof-i: port number, such as lsof-i:3610, you can view the process ID and process name for that port number on the business machine.

Myhost # Lsof-i:3610command PID USER FD TYPE DEVICE size/off NODE namedatasend 709 root 3u IPv4 1600769833 0t0 TCP 10.2.1.33:3610->mydbhost:mysql (established)

PID and command have been found, if it is not clear which process, through the Ll/proc/${pid}/exe

We can find the corresponding program.

This, the corresponding machine IP, port number, process, program address, have found, can find the victim to chat and drink tea.


This article from "Ops said: from rookie to veteran" blog, please be sure to keep this source http://liuqunying.blog.51cto.com/3984207/1570529

Find the real killer: who is connecting to my database?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.