当前位置：首页 >

GBase 8a 安全配置

发布时间：2024/1/1 47 豆豆

生活随笔收集整理的这篇文章主要介绍了 GBase 8a 安全配置小编觉得挺不错的,现在分享给大家,帮大家做个参考.

密码复杂度

修改root的默认密码

登录失败尝试次数

重鉴别

开启审计日志

客户端SSL加密连接

密码复杂度

修改密码策略之前，记得先修改用户密码符合新的规则，不然重启后旧的用户密码将无法登录使用

修改coordinator 节点的配置文件 gbase_8a_gcluster.cnf（每个节点都需要改，不改的节点密码策略不生效，可以继续使用简单密码）
修改node 节点的配置文件gbase_8a_gbase.cnf（每个节点都需要改，不改的节点密码策略不生效，可以继续使用简单密码）

对相同变量配置相同的值

[gbase@VM-8-10-centos gbase]$ cd $GCLUSTER_BASE/config [gbase@VM-8-10-centos config]$ vi gbase_8a_gcluster.cnf [gbase@VM-8-10-centos gnode]$ cd $GBASE_BASE/config [gbase@VM-8-10-centos config]$ vi gbase_8a_gbase.cnf[gbase@VM-8-10-centos config]$ gcluster_services gcluster restartgbase> set password for user_1 = password('111'); ERROR 1809 (HY000): Invalid password format,length should > 8 and contain 'number' 'small letter' 'captital letter' 'special character'.

[gbased]

password_format_option = '15' #包含数字大小写其他字符
password_min_length = '8' #最小长度为8
password_life_time = '90' #90天过期

修改root的默认密码

登录失败尝试次数

达到失败次数后该用户会被锁定禁止登录，解锁后可正常使用

[gbase@VM-8-10-centos gcluster]$ cd $GCLUSTER_BASE/config [gbase@VM-8-10-centos config]$ vi gbase_8a_gcluster.cnf [gbase@VM-8-10-centos config]$ gcluster_services gcluster restart[gbase@VM-8-10-centos config]$ gccli -uroot -p Enter password: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) [gbase@VM-8-10-centos config]$ gccli -uroot -p Enter password: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) [gbase@VM-8-10-centos config]$ gccli -uroot -p Enter password: ERROR 1825 (HY000): Access denied for user 'root'@'%'. Account is locked.

[gbased]
login_attempt_max = '3'

用户解锁

[gbase@VM-8-10-centos gbase]$ gccli -ugbase -pgbase> alter user root identified by 'gBase20333333#'; Query OK, 0 rows affected (Elapsed: 00:00:00.01)gbase> alter user root account unlock; Query OK, 0 rows affected (Elapsed: 00:00:00.00)

重鉴别

10分钟空闲需要重新登录

修改每个 coordinator 节点的配置文件 gbase_8a_gcluster.cnf
修改每个 node 节点的配置文件gbase_8a_gbase.cnf

[gbased]

interactive_timeout = 600 #单位为秒这个参数默认是开启的默认1000000

wait_timeout = 600 #单位为秒这个参数默认是开启的默认1000000

开启审计日志

gbase> set global audit_log = 1 ; gbase> set global log_output = 'table';

创建审计策略

gbase> CREATE AUDIT POLICY audit_policy_1 ( Enable = 'Y'); Query OK, 0 rows affected (Elapsed: 00:00:00.01)gbase> \q Bye [gbase@VM-8-10-centos gbase]$ gccli -uroot -p Enter password: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) [gbase@VM-8-10-centos gbase]$ gccli -uroot -p Enter password: ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) [gbase@VM-8-10-centos gbase]$ gccli -uroot -p Enter password: ERROR 1825 (HY000): Access denied for user 'root'@'%'. Account is locked. [gbase@VM-8-10-centos gbase]$ gccli -ugbase -p Enter password: gbase> SELECT start_time,user_host,query_time,rows, LEFT(sql_text, 30), conn_type FROM gbase.audit_log; gbase> SELECT * FROM gbase.audit_log; +-----------+--------+---------------------+---------------------+-----------------------------+-----+-------+-----------+-----------------+------+---------+----+--------------------------------------------------------+--------------------------------------------------------------------------+----------+-------------+-----------+---------+-----------+ | thread_id | taskid | start_time | end_time | user_host | uid | user | host_ip | query_time | rows | vc_id | db | table_list | sql_text | sql_type | sql_command | operators | status | conn_type | +-----------+--------+---------------------+---------------------+-----------------------------+-----+-------+-----------+-----------------+------+---------+----+--------------------------------------------------------+--------------------------------------------------------------------------+----------+-------------+-----------+---------+-----------+ | 95 | 0 | 2022-10-31 22:47:27 | 2022-10-31 22:47:27 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000122 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | CREATE GCLUSTER_LOCAL AUDIT POLICY "audit_policy_1" (Enable='Y',User='') | DDL | OTHERS | | SUCCESS | CAPI | | 94 | 131152 | 2022-10-31 22:47:27 | 2022-10-31 22:47:27 | gbase[gbase] @ localhost [] | 2 | gbase | | 00:00:00.002588 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | CREATE AUDIT POLICY audit_policy_1 ( Enable = 'Y',User = '' ) | DDL | OTHERS | | SUCCESS | ODBC | | 94 | 0 | 2022-10-31 22:47:31 | 2022-10-31 22:47:31 | gbase[gbase] @ localhost [] | 2 | gbase | | 00:00:00.000006 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | ODBC | | 95 | 0 | 2022-10-31 22:47:31 | 2022-10-31 22:47:31 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000003 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI | | 97 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000467 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI | | 98 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000433 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI | | 98 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000126 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | set self gcluster_lock_timeout=0, gbase_fast_update=0 | OTHERS | OTHERS | | SUCCESS | CAPI | | 98 | 131155 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000160 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET character_set_results = utf8mb4 | OTHERS | OTHERS | | SUCCESS | CAPI | | 98 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000066 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET SELF SCN = 0 | OTHERS | OTHERS | | SUCCESS | CAPI | | 98 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000154 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | ALTER GCLUSTER_LOCAL USER "root"@"%" ACCOUNT ADD | DDL | OTHERS | | SUCCESS | CAPI | | 97 | 131154 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.007139 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | alter user "root"@"%" account add | DDL | OTHERS | | SUCCESS | CAPI | | 97 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000001 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI | | 96 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | [root] @ localhost [] | 0 | root | | 00:00:00.013624 | 0 | | | | Connect | OTHERS | Connect | | FAILED | ODBC | | 98 | 0 | 2022-10-31 22:47:35 | 2022-10-31 22:47:35 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000001 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI | | 100 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000440 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI | | 101 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000467 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI | | 101 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000125 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | set self gcluster_lock_timeout=0, gbase_fast_update=0 | OTHERS | OTHERS | | SUCCESS | CAPI | | 101 | 131157 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000148 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET character_set_results = utf8mb4 | OTHERS | OTHERS | | SUCCESS | CAPI | | 101 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000080 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET SELF SCN = 0 | OTHERS | OTHERS | | SUCCESS | CAPI | | 101 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000174 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | ALTER GCLUSTER_LOCAL USER "root"@"%" ACCOUNT ADD | DDL | OTHERS | | SUCCESS | CAPI | | 100 | 131156 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.007594 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | alter user "root"@"%" account add | DDL | OTHERS | | SUCCESS | CAPI | | 100 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000001 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI | | 99 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | [root] @ localhost [] | 0 | root | | 00:00:00.009110 | 0 | | | | Connect | OTHERS | Connect | | FAILED | ODBC | | 101 | 0 | 2022-10-31 22:47:39 | 2022-10-31 22:47:39 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000002 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI | | 103 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000436 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI | | 104 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000443 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | CAPI | | 104 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000125 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | set self gcluster_lock_timeout=0, gbase_fast_update=0 | OTHERS | OTHERS | | SUCCESS | CAPI | | 104 | 131159 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000137 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET character_set_results = utf8mb4 | OTHERS | OTHERS | | SUCCESS | CAPI | | 104 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000064 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | SET SELF SCN = 0 | OTHERS | OTHERS | | SUCCESS | CAPI | | 104 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000151 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | ALTER GCLUSTER_LOCAL USER "root"@"%" ACCOUNT ADD | DDL | OTHERS | | SUCCESS | CAPI | | 103 | 131158 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.007557 | 0 | vc00003 | | WRITE: ; READ: ; OTHER: ; | alter user "root"@"%" account add | DDL | OTHERS | | SUCCESS | CAPI | | 103 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000001 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI | | 102 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | [root] @ localhost [] | 0 | root | | 00:00:00.009166 | 0 | | | | Connect | OTHERS | Connect | | FAILED | ODBC | | 104 | 0 | 2022-10-31 22:47:40 | 2022-10-31 22:47:40 | gbase[gbase] @ [10.0.8.10] | 2 | gbase | 10.0.8.10 | 00:00:00.000002 | 0 | vc00003 | | | Quit | OTHERS | Quit | | SUCCESS | CAPI | | 105 | 0 | 2022-10-31 22:47:56 | 2022-10-31 22:47:56 | gbase[gbase] @ localhost [] | 2 | gbase | | 00:00:00.000612 | 0 | | | | Connect | OTHERS | Connect | | SUCCESS | ODBC | | 105 | 131160 | 2022-10-31 22:48:04 | 2022-10-31 22:48:04 | gbase[gbase] @ localhost [] | 2 | gbase | | 00:00:00.006332 | 0 | vc00003 | | WRITE: ; READ: `vc00003`.`gbse`.`audit_log`; OTHER: ; | select * from gbse.audit_log | DQL | SELECT | | FAILED | ODBC | +-----------+--------+---------------------+---------------------+-----------------------------+-----+-------+-----------+-----------------+------+---------+----+--------------------------------------------------------+--------------------------------------------------------------------------+----------+-------------+-----------+---------+-----------+ 36 rows in set (Elapsed: 00:00:00.00)

清空审计日志

审计日志高可用

开启审计后，审计日志默认存在audit_log表中， audit_log是当前一段时间的日志，需要定时将一些历史日志转储到audit_log_express 表中，每60分钟转存储一次。

这个event在创建的时候要在每个gcluster节点都执行一遍，event名字不要相同

gbase> use test; Query OK, 0 rows affected (Elapsed: 00:00:00.00)gbase> show events \G; Empty set (Elapsed: 00:00:00.00) [gbase@h4 opt]$ vi /opt/audit.sql [gbase@h4 opt]$ gccli -uroot -p -D test < /opt/audit.sql delimiter // CREATE EVENT import_audit_log ON SCHEDULE EVERY 60 MINUTE ON COMPLETION NOT PRESERVE ENABLE LOCAL DO begindeclare errno int;declare msg text;declare exit handler for sqlexceptionbeginget diagnostics condition 1 errno = gbase_errno, msg = message_text;create table if not exists import_audit_log_errors(err_time datetime,hostname varchar(64),err_no int,msg_txt varchar(1024)) CHARSET=utf8mb4;insert into import_audit_log_errors values (now(), @@hostname, errno, substr(msg, 0, 1024));end;create table if not exists audit_log_express (hostname varchar(64),thread_id int,taskid bigint,start_time datetime,uid bigint, user varchar(16),host_ip varchar(32),query_time time, rows bigint,table_list varchar(4096),sql_text varchar(8191),ql_type varchar(16),sql_command varchar(32),operators varchar(256),status varchar(16),conn_type varchar(16)) CHARSET=utf8mb4;set self sql_mode = '';create self table gbase.audit_log_bak2 like gbase.audit_log;set self sql_mode = default;rename self table gbase.audit_log to gbase.audit_log_bak1, -- 这里不知道为什么 rename之后数据没有进去，所以在后面又insert了一次gbase.audit_log_bak2 to gbase.audit_log;repair table gbase.audit_log;insert into gbase.audit_log_bak1 select * from gbase.audit_log;set _gbase_query_path = on;insert into audit_log_express select@@hostname as hostname,thread_id,taskid,start_time,uid,user,host_ip,query_time,rows,substr(table_list, 0, 4096),substr(sql_text, 0, 8191),sql_type,sql_command,operators,status,conn_typefrom gbase.audit_log_bak1;drop self table gbase.audit_log_bak1; end// delimiter ; [gbase@h4 opt]$ gccli -uroot -p gbase> use test; gbase> show events; +--------------+------------------------------------------------------------------+------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------+-----------+------------+----------------+----------------+---------------------+------+---------+--------------+----------------------+----------------------+--------------------+ | Vc | Db | Name | Definer | Time zone | Type | Execute at | Interval value | Interval field | Starts | Ends | Status | Execute mode | character_set_client | collation_connection | Database Collation | +--------------+------------------------------------------------------------------+------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------+-----------+------------+----------------+----------------+---------------------+------+---------+--------------+----------------------+----------------------+--------------------+ | vcname000002 | test | import_audit_log | root@% | +08:00 | RECURRING | NULL | 60 | MINUTE | 2022-12-17 00:31:18 | NULL | ENABLED | 0 | utf8 | utf8_general_ci | utf8_general_ci | +--------------+------------------------------------------------------------------+------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------+-----------+------------+----------------+----------------+---------------------+------+---------+--------------+----------------------+----------------------+--------------------+ 1 row in set (Elapsed: 00:00:00.00)

客户端SSL加密连接

生成服务端、客户端证书文件

[root@hw-00 gcinstall]# su - root [root@hw-00 gcinstall]# mkdir -p /usr/local/ssl [root@hw-00 gcinstall]# cd /usr/local/ssl/ [root@hw-00 ssl]# openssl req -sha1 -new -x509 -nodes -days 3650 -keyout ca-key.pem >ca-cert.pem [root@hw-00 ssl]# openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout server-key.pem > server-req.pem [root@hw-00 ssl]# openssl rsa -in server-key.pem -out server-key.pem [root@hw-00 ssl]# openssl x509 -sha1 -req -in server-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem Signature ok subject=/C=11/ST=1/L=1/O=1/OU=1/CN=1/emailAddress=1 Getting CA Private Key [root@hw-00 ssl]# openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout client-key.pem > client-req.pem [root@hw-00 ssl]# openssl rsa -in client-key.pem -out client-key.pem [root@hw-00 ssl]# openssl x509 -sha1 -req -in client-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem Signature ok subject=/C=11/ST=1/L=1/O=1/OU=1/CN=1/emailAddress=1 Getting CA Private Key [root@hw-00 ssl]# ll -rw-r--r-- 1 root root 1285 Nov 14 18:14 ca-cert.pem -rw-r--r-- 1 root root 1708 Nov 14 18:14 ca-key.pem -rw-r--r-- 1 root root 1159 Nov 14 18:22 client-cert.pem -rw-r--r-- 1 root root 1679 Nov 14 18:21 client-key.pem -rw-r--r-- 1 root root 1041 Nov 14 18:21 client-req.pem -rw-r--r-- 1 root root 1159 Nov 14 18:19 server-cert.pem -rw-r--r-- 1 root root 1679 Nov 14 18:18 server-key.pem -rw-r--r-- 1 root root 1041 Nov 14 18:16 server-req.pem

服务端配置

[root@hw-00 ~]# vi /opt/gbase/192.168.0.92/gcluster/config/gbase_8a_gcluster.cnf

[gbased]

ssl-ca=/usr/local/ssl/ca-cert.pem
ssl-cert=/usr/local/ssl/server-cert.pem
ssl-key=/usr/local/ssl/server-key.pem

重启集群验证是否配置成功

[root@hw-00 ~]# su - gbase Last login: Mon Nov 14 18:10:52 CST 2022 from 192.168.0.92 on pts/2 [gbase@hw-00 ~]$ gcluster_services all restart [gbase@hw-00 ~]$ gccli -uroot -pgbase> show variables like 'have_%ssl'; +---------------+-------+ | Variable_name | Value | +---------------+-------+ | have_openssl | YES | | have_ssl | YES | +---------------+-------+ 2 rows in set (Elapsed: 00:00:00.00)

客户端配置

如果有单独的客户端，需要将server 端生成的 ca-cert.pem，client-req.pem，client-key.pem，client-cert.pem 拷贝到 client 端 /usr/local/ssl 路径下，我们的客户端和服务端使用的是同一台机器，就不用拷贝了，直接修改配置文件即可

[gbase@hw-00 ~]$ vi /opt/gbase/192.168.0.92/gcluster/config/gbase_8a_gcluster.cnf

[client]

ssl-ca=/usr/local/ssl/ca-cert.pem
ssl-cert=/usr/local/ssl/client-cert.pem
ssl-key=/usr/local/ssl/client-key.pem

使用远程连接验证ssl是否开启

[gbase@hw-00 ~]$ gccli -h 123.249.11.137 -ugbase -pgba20***** gbase> status -------------- Connection id: 11 Current database: Current user: gbase@123.249.11.137 SSL: Cipher in use is DHE-RSA-AES256-SHA TCP port: 5258 Uptime: Elapsed: 00:16:29.00Threads: 3 Questions: 11 Slow queries: 0 Opens: 28 Flush tables: 1 Open tables: 21 Queries per second avg: 0.11 --------------

总结

以上是生活随笔为你收集整理的GBase 8a 安全配置的全部内容，希望文章能够帮你解决所遇到的问题。

如果觉得生活随笔网站内容还不错，欢迎将生活随笔推荐给好友。

GBase

上一篇： Linux系统源码安装PHP（超详细）
下一篇： win10更新后，wsappx占用高内存