Mysql security upgrade from 5.6.14 to mysql5.6.25, 5.6.14mysql5.6.25
Mysql versions on the server are: community edition mysql-community-server-5.6.14. Recently, the Bureau scanned the server for vulnerabilities and found that mysql on zhyh08 had several high-risk vulnerabilities and required repair. These vulnerabilities affect versions 5.6.17 and earlier. Therefore, upgrade mysql to the latest version 5.6.25 to solve the problem.
1. download the latest mysql installation package (rpm file). The link is as follows:
MySQL-5.6.25-1.el6.x86_64.rpm-bundle.tar
2. Back up database data. Here the mysqldump command is used.
3. Backup/etc/my. cnf: cp/etc/my. cnf/etc/my. cnf_backup
3. stop mysql service: service mysql stop
4. Unzip the tar package above: tar-xvf MySQL-5.6.25-1.el6.x86_64.rpm-bundle.tar
5. Confirm the mysql components installed on the server. Here we only upgrade the server and client.
[hadoop@zlyh08 chx]$ rpm -qa|grep -i mysqlmysql-community-libs-compat-5.6.14-3.el6.x86_64mysql-community-devel-5.6.14-3.el6.x86_64mysql-community-common-5.6.14-3.el6.x86_64mysql-community-libs-5.6.14-3.el6.x86_64mysql-community-server-5.6.14-3.el6.x86_64mysql-community-client-5.6.14-3.el6.x86_64perl-DBD-MySQL-4.013-3.el6.x86_64[hadoop@zlyh08 chx]$
6. Uninstall the server and client:
rpm -e mysql-community-server-5.6.14-3.el6.x86_64rpm -e mysql-community-client-5.6.14-3.el6.x86_64
Note: If you do not uninstall it first, a file conflict will be reported during installation:
[root@zlyh08 chx]# rpm -Uvh MySQL-server-5.6.25-1.el6.x86_64.rpm Preparing... ########################################### [100%]file /usr/share/mysql/bulgarian/errmsg.sys from install of MySQL-server-5.6.25-1.el6.x86_64 conflicts with file from package mysql-community-common-5.6.14-3.el6.x86_64…………file /usr/share/mysql/french/errmsg.sys from install of MySQL-server-5.6.25-1.el6.x86_64 conflicts with file from package mysql-community-common-5.6.14-3.el6.x86_64
7. reinstall the server and client:
[Root @ zlyh08 chx] # rpm-ivh MySQL-server-5.6.25-1.el6.x86_64.rpmPreparing... ######################################## ### [100%] 1: mySQL-server ##################################### ###### [100%] 16:02:40 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. please use -- explicit_defaults_for_timestamp server option (see documentation for more details ). 16:02:40 0 [Note] /Usr/sbin/mysqld (mysqld 5.6.25) starting as process 28611... 16:02:40 28611 [Note] InnoDB: Using atomics to ref count buffer pool pages2015-07-01 16:02:40 28611 [Note] InnoDB: The InnoDB memory heap is disabled ............ 16:02:44 28633 [Note] InnoDB: FTS optimize thread exiting.2015-07-01 16:02:44 28633 [Note] InnoDB: Starting shutdown... 16:02:45 28633 [Note] InnoDB: Shutdown completed; log sequence number 1625987A random password has been set for the MySQL root USER! You will find that password in '/root/. mysql_secret'. # Cat/root /. mysql_secret # The random password set for the root user at Thu Nov 20 15:52:02 2014 (local time): sFpJCf6WLhyYKc35 ---------- You must change that password on your first connect, no other statement but 'set password' will be accepted. see the manual for the semantics of the 'password expired' flag. also, the account for the anonymous user has been removed. in addition, you can run:/usr/bin/mysql_secure_installationwhich will also give you the option of removing the test database. this is stronugly recommended for production servers. see the manual for more instructions. please report any problems at http://bugs.mysql.com/The latest information about MySQL is available on the web athttp: // www. mysql. comSupport MySQL by buying support/licenses at http://shop.mysql.comNew default config file was created as/usr/my. cnf andwill be used by default by the server when you start it. you may edit this file to change server settings [root @ zlyh08 chx] # rpm-ivh MySQL-client-5.6.25-1.el6.x86_64.rpm Preparing... ######################################## ### [100%] 1: mySQL-client ##################################### ###### [100%] [root @ zlyh08 chx] #
8. Restore my. cnf: cp/etc/my. cnf_backup/etc/my. cnf
9. start mysql service: service mysql start
[root@zlyh08 chx]# service mysql startStarting MySQL... SUCCESS!
10. Use a client to connect to mysql:
[root@zlyh08 mysql-5.6.25]# mysqlERROR 2002 (HY000): Can t connect to local MySQL server through socket '/data1/mysql/mysql.sock' (2)
11. Check whether the mysql. sock file exists in the/data1/mysql directory.
12. Check the/etc/my. cnf file and find that it is only configured under [mysql ].
[Mysql] socket =/data1/mysql. sockdefault-character-set = utf8 [mysqld] # No socket configured under mysqld # skip-grant-tablesinteractive_timeout = 300wait_timeout = 300
13. edit/etc/my. cnf and add the socket configuration under [mysqld]. The server and client use the same socket file, as shown below:
[Mysql] socket =/data1/mysql. sockdefault-character-set = utf8 [mysqld] # skip-grant-tablessocket =/data1/mysql. sock # Add this row. Previously, only [mysql] added this item interactive_timeout = 300wait_timeout = 300.
14. Restart the mysql service.
15. Use the root user before the upgrade to connect to mysql:
[hadoop@zlyh08 report_script]$ mysql -hzlyh08 -uroot -pEnter password: Welcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 233Server version: 5.6.25 MySQL Community Server (GPL)Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> show databases;+--------------------+| Database |+--------------------+| information_schema || apollo_v1.0 || hive || log || metastore || mysql || oozie || performance_schema || test |+--------------------+9 rows in set (0.00 sec)mysql>
16. Now, the upgrade is complete.
The above section describes how to upgrade Mysql from 5.6.14 to mysql5.6.25. I hope it will help you. If you have any questions, please leave a message, the editor will reply to you in a timely manner. Thank you very much for your support for the help House website!