mysql 5.6 安全_Mysql从5.6.14安全升级至mysql5.6.25的方法

服务器上Mysql的版本为：社区版的mysql-community-server-5.6.14。近日局方对服务器进行漏洞扫描，发现zhyh08上的mysql存在几个高危漏洞，要求进行修复。受这几个漏洞影响的主要是5.6.17及以前的版本，所以将mysql升级至最新的5.6.25即可解决问题。

1、下载最新的mysql安装包(rpm文件)，链接如下：

MySQL-5.6.25-1.el6.x86_64.rpm-bundle.tar

2、备份数据库数据，这里使用的是mysqldump命令。

3、备份/etc/my.cnf：cp /etc/my.cnf /etc/my.cnf_backup

3、停止mysql服务：service mysql stop

4、解压上面的tar包：tar -xvf MySQL-5.6.25-1.el6.x86_64.rpm-bundle.tar

5、确认服务器上所安装的mysql的各个组件，这里我们只升级server和client。

?[hadoop@zlyh08 chx]$ rpm -qa|grep -i mysqlmysql-community-libs-compat-5.6.14-3.el6.x86_64mysql-community-devel-5.6.14-3.el6.x86_64mysql-community-common-5.6.14-3.el6.x86_64mysql-community-libs-5.6.14-3.el6.x86_64mysql-community-server-5.6.14-3.el6.x86_64mysql-community-client-5.6.14-3.el6.x86_64perl-DBD-MySQL-4.013-3.el6.x86_64[hadoop@zlyh08 chx]$

6、将server和client卸载：

?12rpm -e mysql-community-server-5.6.14-3.el6.x86_64rpm -e mysql-community-client-5.6.14-3.el6.x86_64

注：如若不先卸载的话，安装时会报文件冲突：

?[root@zlyh08 chx]# rpm -Uvh MySQL-server-5.6.25-1.el6.x86_64.rpmPreparing... ########################################### [100%]file /usr/share/mysql/bulgarian/errmsg.sysfrom installof MySQL-server-5.6.25-1.el6.x86_64 conflictswith filefrom package mysql-community-common-5.6.14-3.el6.x86_64…………file /usr/share/mysql/french/errmsg.sysfrom installof MySQL-server-5.6.25-1.el6.x86_64 conflictswith filefrom package mysql-community-common-5.6.14-3.el6.x86_64

7、重新安装server和client：

?[root@zlyh08 chx]# rpm -ivh MySQL-server-5.6.25-1.el6.x86_64.rpmPreparing... ########################################### [100%]1:MySQL-server ########################################### [100%]2015-07-01 16:02:40 0 [Warning]TIMESTAMP with implicitDEFAULT valueis deprecated. Please use--explicit_defaults_for_timestamp server option (see documentation for more details).2015-07-01 16:02:40 0 [Note] /usr/sbin/mysqld (mysqld 5.6.25) startingas process 28611 ...2015-07-01 16:02:40 28611 [Note] InnoDB: Using atomicsto refcount buffer pool pages2015-07-01 16:02:40 28611 [Note] InnoDB: The InnoDB memory heapis disabled…………2015-07-01 16:02:44 28633 [Note] InnoDB: FTS optimize thread exiting.2015-07-01 16:02:44 28633 [Note] InnoDB: Starting shutdown...2015-07-01 16:02:45 28633 [Note] InnoDB: Shutdown completed; logsequence number 1625987A RANDOMPASSWORD HAS BEENSET FOR THE MySQL rootUSER !You will find thatpassword in '/root/.mysql_secret'.#竟然没发现这一行，难怪装完一直连不上----------[root@appserver ~]# cat /root/.mysql_secret# The randompassword set for the rootuser at Thu Nov 20 15:52:02 2014 (local time): sFpJCf6WLhyYKc35----------You must change thatpassword on yourfirst connect,no other statement but'SET PASSWORD' will be accepted.See the manualfor the semanticsof the'password expired' flag.Also, the accountfor the anonymoususer has been removed.In addition, you can run:/usr/bin/mysql_secure_installationwhich will also give you theoption of removing the testdatabase.Thisis strongly recommendedfor production servers.See the manualfor more instructions.Please reportany problemsat http://bugs.mysql.com/The latest information about MySQLis availableon the webathttp://www.mysql.comSupport MySQLby buying support/licensesat http://shop.mysql.comNewdefault config file was createdas /usr/my.cnfandwill be usedby default by the serverwhen you start it.You may edit this fileto change server settings[root@zlyh08 chx]# rpm -ivh MySQL-client-5.6.25-1.el6.x86_64.rpmPreparing... ########################################### [100%]1:MySQL-client ########################################### [100%][root@zlyh08 chx]#

8、恢复my.cnf：cp /etc/my.cnf_backup /etc/my.cnf

9、启动mysql服务：service mysql start

?12[root@zlyh08 chx]# service mysql startStarting MySQL... SUCCESS!

10、使用客户端连接mysql：

?12[root@zlyh08 mysql-5.6.25]# mysqlERROR 2002 (HY000): Can tconnect to local MySQL server through socket'/data1/mysql/mysql.sock' (2)

11、查看/data1/mysql目录下，确实没有mysql.sock文件。

12、查看/etc/my.cnf文件，发现只在[mysql]下面配置了

?[mysql]socket=/data1/mysql/mysql.sockdefault-character-set=utf8[mysqld] #mysqld下面没有配置socket#skip-grant-tablesinteractive_timeout=300wait_timeout=300

13、编辑/etc/my.cnf，在[mysqld]下面添加socket的配置，使用服务器和客户端都使用同一个socket文件，如下：

?[mysql]socket=/data1/mysql/mysql.sockdefault-character-set=utf8[mysqld]#skip-grant-tablessocket=/data1/mysql/mysql.sock #增加此行，之前只[mysql]加了这一项interactive_timeout=300wait_timeout=300

14、重启mysql服务。

15、使用升级前的root用户连接mysql：

?[hadoop@zlyh08 report_script]$ mysql -hzlyh08 -uroot -pEnterpassword:Welcometo the MySQL monitor. Commandsend with ;or \g.Your MySQLconnection idis 233Server version: 5.6.25 MySQL Community Server (GPL)Copyright (c) 2000, 2015, Oracleand/or its affiliates.All rights reserved.Oracleis a registered trademarkof Oracle Corporationand/or itsaffiliates. Other names may be trademarksof their respectiveowners.Type'help;' or '\h' for help. Type'\c' to clear thecurrent input statement.mysql> show databases;+--------------------+|Database |+--------------------+| information_schema || apollo_v1.0 || hive || log || metastore || mysql || oozie || performance_schema || test |+--------------------+9rows in set (0.00 sec)mysql>

16、至此，升级完成。

以上所述是小编给大家介绍的Mysql从5.6.14安全升级至mysql5.6.25的方法，希望对大家有所帮助，如果大家有任何疑问请给我留言，小编会及时回复大家的。在此也非常感谢大家对脚本之家网站的支持！