SlideShare a Scribd company logo

Fosdem17 honeypot your database server

Download as PPTX, PDF
Georgi Kodinov
Georgi Kodinov

This document discusses using a honeypot database technique called "audit tripwire" to detect unauthorized access attempts. It describes creating a plugin that monitors access to a predefined "attractive" table and logs a warning if a non-administrator account accesses it, blocking further queries. The document provides example code for the plugin and steps to compile, install, and test it by granting a test user access where they can view database and table information but are blocked from reading the table contents.

Software
1 of 21
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Honeypot Your Database Georgi “Joro” Kodinov Copyright © 2017, Oracle and/or its affiliates. All rights reserved.
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | A honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. – Wikipedia 3
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Honeypot Variant 1: Detect 4
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Honeypot Variant 2: Deflect 5
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Honeypot Variant 3: Counteract 6
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Let’s Do Detect ! Confidential – Oracle Internal/Restricted/Highly Restricted 7
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 8 Practicalities
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Introducing github.com/gkodinov/audit_tripwire • An audit log plugin • Listens on table access events • If a non-DBA accesses a pre-defined “attractive” table – Logs a special message for the DBA into the server error log – Rejects all further commands until the DBA resets it • Couple of lines of code • Easily customizable 9
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | A Taste of Code static int audit_tripwire_notify(MYSQL_THD thd, mysql_event_class_t event_class, const void *event) { /* if we're in panic mode stop all commands from non-supers */ if (panic_mode_value && !is_super(thd)) return TRUE; /* Check if the table (if specified) is accessed */ if (event_class == MYSQL_AUDIT_TABLE_ACCESS_CLASS && (audit_tripwire_table_value || audit_tripwire_db_value)) { const struct mysql_event_table_access *table_access= (const struct mysql_event_table_access *)event; if (!is_super(thd)) { /* check for a matching table name */ if (audit_tripwire_table_value && strncmp(table_access->table_name.str, audit_tripwire_table_value, table_access->table_name.length)) return FALSE; /* check for a matching database name */ if (audit_tripwire_db_value && strncmp(table_access->table_database.str, audit_tripwire_db_value, table_access->table_database.length)) return FALSE; /* table is accessed. Time to panic ! */ my_plugin_log_message(&plugin, MY_WARNING_LEVEL, "Tripwire table `%s`.`%s` accessed from " "connection id %d. Switching to panic mode",…) ); panic_mode_value= TRUE; return TRUE; } } return FALSE; } 10
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Compile • Put the files in plugin/audit_tripwire of a source distro or a git tree • Compile the source distro • http://dev.mysql.com/doc/refman/5.7/en/compiling-plugin-libraries.html for more details 11
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Set audit_tripwire Up • CREATE DATABASE hr; • CREATE TABLE hr.salaries(person varchar(100), salary integer); • GRANT ALL PRIVILEGES on hr.* to ''@'localhost'; • INSTALL PLUGIN audit_tripwire SONAME 'audit_tripwire.dll'; • SET GLOBAL audit_tripwire_table='salaries'; • SET GLOBAL audit_tripwire_db='hr'; 12
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | The Lateral Movement (as haxor@localhost) mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | hr | +--------------------+ 2 rows in set (0.00 sec) 13
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | The Lateral Movement (as haxor@localhost) mysql> use hr; Database changed mysql> show tables; +--------------+ | Tables_in_hr | +--------------+ | salaries | +--------------+ 1 row in set (0.00 sec) 14
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | The Lateral Movement (as haxor@localhost) mysql> show create table salariesG *************************** 1. row *************************** Table: salaries Create Table: CREATE TABLE `salaries` ( `person` varchar(100) DEFAULT NULL, `salary` int(11) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 1 row in set (0.00 sec) 15
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 16 Mmmmmmm !?!
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | The Trespassing (as haxor@localhost) mysql> select * from salaries limit 10; ERROR 3164 (HY000): Aborted by Audit API ('MYSQL_AUDIT_TABLE_ACCESS_READ';1). mysql> select 1; ERROR 3164 (HY000): Aborted by Audit API ('MYSQL_AUDIT_COMMAND_START';1). 17 2017-01-20T15:30:31.285577Z 14 [Warning] Plugin audit_tripwire reported: 'Tripwire table `hr`.`salaries` accessed from connection id 14. Switching to panic mode' Server’s console/error log
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 18 Buuuuzzzzzz !
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Defusing (as root@localhost) mysql> set global audit_tripwire_panic_mode=0; Query OK, 0 rows affected (0.00 sec) 19
Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Questions ? 20
Fosdem17 honeypot your database server

Recommended

2016 oSC MySQL Firewall
2016 oSC MySQL Firewall2016 oSC MySQL Firewall
2016 oSC MySQL Firewall
Georgi Kodinov
 
BGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceBGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack Surface
Georgi Kodinov
 
OUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLOUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQL
Georgi Kodinov
 
The MySQL SYS Schema
The MySQL SYS SchemaThe MySQL SYS Schema
The MySQL SYS Schema
Mark Leith
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep dive
Mark Leith
 
Introduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorIntroduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorMark Leith
 
Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2
Osama Mustafa
 
Performance schema and sys schema
Performance schema and sys schemaPerformance schema and sys schema
Performance schema and sys schema
Mark Leith
 

Recommended

2016 oSC MySQL Firewall
2016 oSC MySQL Firewall2016 oSC MySQL Firewall
2016 oSC MySQL Firewall
Georgi Kodinov
 
BGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceBGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack Surface
Georgi Kodinov
 
OUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLOUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQL
Georgi Kodinov
 
The MySQL SYS Schema
The MySQL SYS SchemaThe MySQL SYS Schema
The MySQL SYS Schema
Mark Leith
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep dive
Mark Leith
 
Introduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorIntroduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorMark Leith
 
Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2Install oracle siebel on windows 2008 r2
Install oracle siebel on windows 2008 r2
Osama Mustafa
 
Performance schema and sys schema
Performance schema and sys schemaPerformance schema and sys schema
Performance schema and sys schema
Mark Leith
 
MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring Mechanisms
Mark Leith
 
12c on RHEL7
12c on RHEL712c on RHEL7
12c on RHEL7
Osama Mustafa
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep dive
Mark Leith
 
Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)
Osama Mustafa
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source Code
Georgi Kodinov
 
How to add storage to esxi 5.5
How to add storage to esxi 5.5How to add storage to esxi 5.5
How to add storage to esxi 5.5
Osama Mustafa
 
Hardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinHardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinAgate Studio
 
Performance schema and_ps_helper
Performance schema and_ps_helperPerformance schema and_ps_helper
Performance schema and_ps_helperMark Leith
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMario Beck
 
Encrypt and decrypt in solaris system
Encrypt and decrypt in solaris systemEncrypt and decrypt in solaris system
Encrypt and decrypt in solaris system
uzzal basak
 
Instrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaInstrumenting plugins for Performance Schema
Instrumenting plugins for Performance Schema
Mark Leith
 
Oracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLinkOracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLink
Osama Mustafa
 
En rhel-deploy-oracle-rac-database-12c-rhel-7
En rhel-deploy-oracle-rac-database-12c-rhel-7En rhel-deploy-oracle-rac-database-12c-rhel-7
En rhel-deploy-oracle-rac-database-12c-rhel-7
Rotua Damanik
 
Steps to Create odbc connection linux
Steps to Create odbc connection linuxSteps to Create odbc connection linux
Steps to Create odbc connection linux
Osama Mustafa
 
Mysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMark Leith
 
What's New MySQL 8.0?
What's New MySQL 8.0?What's New MySQL 8.0?
What's New MySQL 8.0?
OracleMySQL
 
Eouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaEouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafa
Osama Mustafa
 
Oracle autovue
Oracle autovueOracle autovue
Oracle autovue
Osama Mustafa
 
2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server
Georgi Kodinov
 
Oam install & config
Oam install & configOam install & config
Oam install & configVigilant Technologies
 
Openfest15 MySQL Plugin Development
Openfest15 MySQL Plugin DevelopmentOpenfest15 MySQL Plugin Development
Openfest15 MySQL Plugin Development
Georgi Kodinov
 
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
Georgi Kodinov
 

More Related Content

What's hot

MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring Mechanisms
Mark Leith
 
12c on RHEL7
12c on RHEL712c on RHEL7
12c on RHEL7
Osama Mustafa
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep dive
Mark Leith
 
Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)
Osama Mustafa
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source Code
Georgi Kodinov
 
How to add storage to esxi 5.5
How to add storage to esxi 5.5How to add storage to esxi 5.5
How to add storage to esxi 5.5
Osama Mustafa
 
Hardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinHardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinAgate Studio
 
Performance schema and_ps_helper
Performance schema and_ps_helperPerformance schema and_ps_helper
Performance schema and_ps_helperMark Leith
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMario Beck
 
Encrypt and decrypt in solaris system
Encrypt and decrypt in solaris systemEncrypt and decrypt in solaris system
Encrypt and decrypt in solaris system
uzzal basak
 
Instrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaInstrumenting plugins for Performance Schema
Instrumenting plugins for Performance Schema
Mark Leith
 
Oracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLinkOracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLink
Osama Mustafa
 
En rhel-deploy-oracle-rac-database-12c-rhel-7
En rhel-deploy-oracle-rac-database-12c-rhel-7En rhel-deploy-oracle-rac-database-12c-rhel-7
En rhel-deploy-oracle-rac-database-12c-rhel-7
Rotua Damanik
 
Steps to Create odbc connection linux
Steps to Create odbc connection linuxSteps to Create odbc connection linux
Steps to Create odbc connection linux
Osama Mustafa
 
Mysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMark Leith
 
What's New MySQL 8.0?
What's New MySQL 8.0?What's New MySQL 8.0?
What's New MySQL 8.0?
OracleMySQL
 
Eouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaEouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafa
Osama Mustafa
 
Oracle autovue
Oracle autovueOracle autovue
Oracle autovue
Osama Mustafa
 
2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server
Georgi Kodinov
 

What's hot (20)

MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring Mechanisms
 
12c on RHEL7
12c on RHEL712c on RHEL7
12c on RHEL7
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep dive
 
Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)Weblogic 12c installation (oracle linux)
Weblogic 12c installation (oracle linux)
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source Code
 
How to add storage to esxi 5.5
How to add storage to esxi 5.5How to add storage to esxi 5.5
How to add storage to esxi 5.5
 
Hardening Apache Web Server by Aswin
Hardening Apache Web Server by AswinHardening Apache Web Server by Aswin
Hardening Apache Web Server by Aswin
 
Performance schema and_ps_helper
Performance schema and_ps_helperPerformance schema and_ps_helper
Performance schema and_ps_helper
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench Integration
 
Encrypt and decrypt in solaris system
Encrypt and decrypt in solaris systemEncrypt and decrypt in solaris system
Encrypt and decrypt in solaris system
 
Instrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaInstrumenting plugins for Performance Schema
Instrumenting plugins for Performance Schema
 
Oracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLinkOracle to MySQL DatabaseLink
Oracle to MySQL DatabaseLink
 
En rhel-deploy-oracle-rac-database-12c-rhel-7
En rhel-deploy-oracle-rac-database-12c-rhel-7En rhel-deploy-oracle-rac-database-12c-rhel-7
En rhel-deploy-oracle-rac-database-12c-rhel-7
 
Steps to Create odbc connection linux
Steps to Create odbc connection linuxSteps to Create odbc connection linux
Steps to Create odbc connection linux
 
Mysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sys
 
What's New MySQL 8.0?
What's New MySQL 8.0?What's New MySQL 8.0?
What's New MySQL 8.0?
 
Eouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafaEouc 12 on 12c osama mustafa
Eouc 12 on 12c osama mustafa
 
Oracle autovue
Oracle autovueOracle autovue
Oracle autovue
 
2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server2019 indit blackhat_honeypot your database server
2019 indit blackhat_honeypot your database server
 
Oam install & config
Oam install & configOam install & config
Oam install & config
 

Viewers also liked

Openfest15 MySQL Plugin Development
Openfest15 MySQL Plugin DevelopmentOpenfest15 MySQL Plugin Development
Openfest15 MySQL Plugin Development
Georgi Kodinov
 
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
Georgi Kodinov
 
Server Check.in case study - Drupal and Node.js
Server Check.in case study - Drupal and Node.jsServer Check.in case study - Drupal and Node.js
Server Check.in case study - Drupal and Node.js
Jeff Geerling
 
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Jason Trost
 
MySQL Server Defaults
MySQL Server DefaultsMySQL Server Defaults
MySQL Server Defaults
Morgan Tocker
 
Honeypots
HoneypotsHoneypots
Honeypots
Jayant Gandhi
 

Viewers also liked (8)

Openfest15 MySQL Plugin Development
Openfest15 MySQL Plugin DevelopmentOpenfest15 MySQL Plugin Development
Openfest15 MySQL Plugin Development
 
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
 
Server Check.in case study - Drupal and Node.js
Server Check.in case study - Drupal and Node.jsServer Check.in case study - Drupal and Node.js
Server Check.in case study - Drupal and Node.js
 
Honeywall roo 1
Honeywall roo 1Honeywall roo 1
Honeywall roo 1
 
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
 
MySQL Server Defaults
MySQL Server DefaultsMySQL Server Defaults
MySQL Server Defaults
 
Honeypots
HoneypotsHoneypots
Honeypots
 
Honeypots
HoneypotsHoneypots
Honeypots
 

Similar to Fosdem17 honeypot your database server

MySQL Quick Dive
MySQL Quick DiveMySQL Quick Dive
MySQL Quick Dive
Sudipta Kumar Sahoo
 
20190615 hkos-mysql-troubleshootingandperformancev2
20190615 hkos-mysql-troubleshootingandperformancev220190615 hkos-mysql-troubleshootingandperformancev2
20190615 hkos-mysql-troubleshootingandperformancev2
Ivan Ma
 
Rootconf admin101
Rootconf admin101Rootconf admin101
Rootconf admin101
Ligaya Turmelle
 
MySQL JSON Functions
MySQL JSON FunctionsMySQL JSON Functions
MySQL JSON Functions
Sveta Smirnova
 
MySQL 8.0.1 DMR
MySQL 8.0.1 DMRMySQL 8.0.1 DMR
MySQL 8.0.1 DMR
MySQL Brasil
 
FOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptxFOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptx
ssuser20fcbe
 
Oracle OpenWorld 2013 - HOL9737 MySQL Replication Best Practices
Oracle OpenWorld 2013 - HOL9737 MySQL Replication Best PracticesOracle OpenWorld 2013 - HOL9737 MySQL Replication Best Practices
Oracle OpenWorld 2013 - HOL9737 MySQL Replication Best PracticesSven Sandberg
 
Taming Big Data with Big SQL 3.0
Taming Big Data with Big SQL 3.0Taming Big Data with Big SQL 3.0
Taming Big Data with Big SQL 3.0
Nicolas Morales
 
Python and the MySQL Document Store
Python and the MySQL Document StorePython and the MySQL Document Store
Python and the MySQL Document Store
Jesper Wisborg Krogh
 
Marcin Szałowicz - MySQL Workbench
Marcin Szałowicz - MySQL WorkbenchMarcin Szałowicz - MySQL Workbench
Marcin Szałowicz - MySQL Workbench
Women in Technology Poland
 
Get the most out of Oracle Data Guard - POUG version
Get the most out of Oracle Data Guard - POUG versionGet the most out of Oracle Data Guard - POUG version
Get the most out of Oracle Data Guard - POUG version
Ludovico Caldara
 
6 Tips to MySQL Performance Tuning
6 Tips to MySQL Performance Tuning6 Tips to MySQL Performance Tuning
6 Tips to MySQL Performance Tuning
OracleMySQL
 
Microsoft R - ScaleR Overview
Microsoft R - ScaleR OverviewMicrosoft R - ScaleR Overview
Microsoft R - ScaleR Overview
Khalid Salama
 
Postgres Vienna DB Meetup 2014
Postgres Vienna DB Meetup 2014Postgres Vienna DB Meetup 2014
Postgres Vienna DB Meetup 2014
Michael Renner
 
Reactive Java Programming: A new Asynchronous Database Access API by Kuassi M...
Reactive Java Programming: A new Asynchronous Database Access API by Kuassi M...Reactive Java Programming: A new Asynchronous Database Access API by Kuassi M...
Reactive Java Programming: A new Asynchronous Database Access API by Kuassi M...
Oracle Developers
 
MySQL no Paypal Tesla e Uber
MySQL no Paypal Tesla e UberMySQL no Paypal Tesla e Uber
MySQL no Paypal Tesla e Uber
MySQL Brasil
 
MySQL InnoDB Cluster and Group Replication in a Nutshell
MySQL InnoDB Cluster and Group Replication in a NutshellMySQL InnoDB Cluster and Group Replication in a Nutshell
MySQL InnoDB Cluster and Group Replication in a Nutshell
Frederic Descamps
 
What's new in Oracle Trace File Analyzer 12.2.1.3.0
What's new in Oracle Trace File Analyzer 12.2.1.3.0What's new in Oracle Trace File Analyzer 12.2.1.3.0
What's new in Oracle Trace File Analyzer 12.2.1.3.0
Gareth Chapman
 

Similar to Fosdem17 honeypot your database server (20)

MySQL Quick Dive
MySQL Quick DiveMySQL Quick Dive
MySQL Quick Dive
 
20190615 hkos-mysql-troubleshootingandperformancev2
20190615 hkos-mysql-troubleshootingandperformancev220190615 hkos-mysql-troubleshootingandperformancev2
20190615 hkos-mysql-troubleshootingandperformancev2
 
Rootconf admin101
Rootconf admin101Rootconf admin101
Rootconf admin101
 
MySQL JSON Functions
MySQL JSON FunctionsMySQL JSON Functions
MySQL JSON Functions
 
MySQL 8.0.1 DMR
MySQL 8.0.1 DMRMySQL 8.0.1 DMR
MySQL 8.0.1 DMR
 
FOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptxFOISDBA-Ver1.1.pptx
FOISDBA-Ver1.1.pptx
 
Oracle OpenWorld 2013 - HOL9737 MySQL Replication Best Practices
Oracle OpenWorld 2013 - HOL9737 MySQL Replication Best PracticesOracle OpenWorld 2013 - HOL9737 MySQL Replication Best Practices
Oracle OpenWorld 2013 - HOL9737 MySQL Replication Best Practices
 
Con4445 jesus
Con4445 jesusCon4445 jesus
Con4445 jesus
 
Taming Big Data with Big SQL 3.0
Taming Big Data with Big SQL 3.0Taming Big Data with Big SQL 3.0
Taming Big Data with Big SQL 3.0
 
Python and the MySQL Document Store
Python and the MySQL Document StorePython and the MySQL Document Store
Python and the MySQL Document Store
 
Marcin Szałowicz - MySQL Workbench
Marcin Szałowicz - MySQL WorkbenchMarcin Szałowicz - MySQL Workbench
Marcin Szałowicz - MySQL Workbench
 
Get the most out of Oracle Data Guard - POUG version
Get the most out of Oracle Data Guard - POUG versionGet the most out of Oracle Data Guard - POUG version
Get the most out of Oracle Data Guard - POUG version
 
6 Tips to MySQL Performance Tuning
6 Tips to MySQL Performance Tuning6 Tips to MySQL Performance Tuning
6 Tips to MySQL Performance Tuning
 
Microsoft R - ScaleR Overview
Microsoft R - ScaleR OverviewMicrosoft R - ScaleR Overview
Microsoft R - ScaleR Overview
 
Postgres Vienna DB Meetup 2014
Postgres Vienna DB Meetup 2014Postgres Vienna DB Meetup 2014
Postgres Vienna DB Meetup 2014
 
Reactive Java Programming: A new Asynchronous Database Access API by Kuassi M...
Reactive Java Programming: A new Asynchronous Database Access API by Kuassi M...Reactive Java Programming: A new Asynchronous Database Access API by Kuassi M...
Reactive Java Programming: A new Asynchronous Database Access API by Kuassi M...
 
MySQL no Paypal Tesla e Uber
MySQL no Paypal Tesla e UberMySQL no Paypal Tesla e Uber
MySQL no Paypal Tesla e Uber
 
MySQL InnoDB Cluster and Group Replication in a Nutshell
MySQL InnoDB Cluster and Group Replication in a NutshellMySQL InnoDB Cluster and Group Replication in a Nutshell
MySQL InnoDB Cluster and Group Replication in a Nutshell
 
What's new in Oracle Trace File Analyzer 12.2.1.3.0
What's new in Oracle Trace File Analyzer 12.2.1.3.0What's new in Oracle Trace File Analyzer 12.2.1.3.0
What's new in Oracle Trace File Analyzer 12.2.1.3.0
 
MySQL NoSQL APIs
MySQL NoSQL APIsMySQL NoSQL APIs
MySQL NoSQL APIs
 

More from Georgi Kodinov

2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
Georgi Kodinov
 
2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx
Georgi Kodinov
 
2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx
Georgi Kodinov
 
OpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL CloneOpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL Clone
Georgi Kodinov
 
2020 pre fosdem mysql clone
2020 pre fosdem mysql clone2020 pre fosdem mysql clone
2020 pre fosdem mysql clone
Georgi Kodinov
 
2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone
Georgi Kodinov
 
PLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schemaPLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schema
Georgi Kodinov
 
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityDevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 Security
Georgi Kodinov
 
DevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking TalkDevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking Talk
Georgi Kodinov
 
FOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component InfrastructureFOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component Infrastructure
Georgi Kodinov
 
MySQL Enterprise Data Masking
MySQL Enterprise Data MaskingMySQL Enterprise Data Masking
MySQL Enterprise Data Masking
Georgi Kodinov
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityPercona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Georgi Kodinov
 
How to add stuff to MySQL
How to add stuff to MySQLHow to add stuff to MySQL
How to add stuff to MySQL
Georgi Kodinov
 
Pl18 saving bandwidth
Pl18 saving bandwidthPl18 saving bandwidth
Pl18 saving bandwidth
Georgi Kodinov
 
BGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLBGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQL
Georgi Kodinov
 
Pl17: MySQL 8.0: security
Pl17: MySQL 8.0: securityPl17: MySQL 8.0: security
Pl17: MySQL 8.0: security
Georgi Kodinov
 
BGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQLBGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQL
Georgi Kodinov
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server
Georgi Kodinov
 

More from Georgi Kodinov (18)

2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx2024 RoOUG Security model for the cloud.pptx
2024 RoOUG Security model for the cloud.pptx
 
2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx
 
2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx
 
OpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL CloneOpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL Clone
 
2020 pre fosdem mysql clone
2020 pre fosdem mysql clone2020 pre fosdem mysql clone
2020 pre fosdem mysql clone
 
2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone
 
PLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schemaPLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schema
 
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityDevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 Security
 
DevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking TalkDevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking Talk
 
FOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component InfrastructureFOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component Infrastructure
 
MySQL Enterprise Data Masking
MySQL Enterprise Data MaskingMySQL Enterprise Data Masking
MySQL Enterprise Data Masking
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityPercona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 Security
 
How to add stuff to MySQL
How to add stuff to MySQLHow to add stuff to MySQL
How to add stuff to MySQL
 
Pl18 saving bandwidth
Pl18 saving bandwidthPl18 saving bandwidth
Pl18 saving bandwidth
 
BGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLBGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQL
 
Pl17: MySQL 8.0: security
Pl17: MySQL 8.0: securityPl17: MySQL 8.0: security
Pl17: MySQL 8.0: security
 
BGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQLBGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQL
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server
 

Recently uploaded

Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Shahin Sheidaei
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Anthony Dahanne
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
AMB-Review
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
WSO2
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
e20449
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
vrstrong314
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
takuyayamamoto1800
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
Matt Welsh
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
XfilesPro
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
kalichargn70th171
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
Juraj Vysvader
 

Recently uploaded (20)

Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...
 
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdfDominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
Dominate Social Media with TubeTrivia AI’s Addictive Quiz Videos.pdf
 
Accelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with PlatformlessAccelerate Enterprise Software Engineering with Platformless
Accelerate Enterprise Software Engineering with Platformless
 
Prosigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns: Transforming Business with Tailored Technology Solutions
Prosigns: Transforming Business with Tailored Technology Solutions
 
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Graphic Design Crash Course for beginners
Graphic Design Crash Course for beginnersGraphic Design Crash Course for beginners
Graphic Design Crash Course for beginners
 
top nidhi software solution freedownload
top nidhi software solution freedownloadtop nidhi software solution freedownload
top nidhi software solution freedownload
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamOpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoam
 
Large Language Models and the End of Programming
Large Language Models and the End of ProgrammingLarge Language Models and the End of Programming
Large Language Models and the End of Programming
 
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, BetterWebinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
Webinar: Salesforce Document Management 2.0 - Smarter, Faster, Better
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
A Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdfA Comprehensive Look at Generative AI in Retail App Testing.pdf
A Comprehensive Look at Generative AI in Retail App Testing.pdf
 
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...
 

Fosdem17 honeypot your database server

  • 1. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Honeypot Your Database Georgi “Joro” Kodinov Copyright © 2017, Oracle and/or its affiliates. All rights reserved.
  • 2. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
  • 3. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | A honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. – Wikipedia 3
  • 4. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Honeypot Variant 1: Detect 4
  • 5. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Honeypot Variant 2: Deflect 5
  • 6. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Honeypot Variant 3: Counteract 6
  • 7. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Let’s Do Detect ! Confidential – Oracle Internal/Restricted/Highly Restricted 7
  • 8. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 8 Practicalities
  • 9. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Introducing github.com/gkodinov/audit_tripwire • An audit log plugin • Listens on table access events • If a non-DBA accesses a pre-defined “attractive” table – Logs a special message for the DBA into the server error log – Rejects all further commands until the DBA resets it • Couple of lines of code • Easily customizable 9
  • 10. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | A Taste of Code static int audit_tripwire_notify(MYSQL_THD thd, mysql_event_class_t event_class, const void *event) { /* if we're in panic mode stop all commands from non-supers */ if (panic_mode_value && !is_super(thd)) return TRUE; /* Check if the table (if specified) is accessed */ if (event_class == MYSQL_AUDIT_TABLE_ACCESS_CLASS && (audit_tripwire_table_value || audit_tripwire_db_value)) { const struct mysql_event_table_access *table_access= (const struct mysql_event_table_access *)event; if (!is_super(thd)) { /* check for a matching table name */ if (audit_tripwire_table_value && strncmp(table_access->table_name.str, audit_tripwire_table_value, table_access->table_name.length)) return FALSE; /* check for a matching database name */ if (audit_tripwire_db_value && strncmp(table_access->table_database.str, audit_tripwire_db_value, table_access->table_database.length)) return FALSE; /* table is accessed. Time to panic ! */ my_plugin_log_message(&plugin, MY_WARNING_LEVEL, "Tripwire table `%s`.`%s` accessed from " "connection id %d. Switching to panic mode",…) ); panic_mode_value= TRUE; return TRUE; } } return FALSE; } 10
  • 11. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Compile • Put the files in plugin/audit_tripwire of a source distro or a git tree • Compile the source distro • http://dev.mysql.com/doc/refman/5.7/en/compiling-plugin-libraries.html for more details 11
  • 12. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Set audit_tripwire Up • CREATE DATABASE hr; • CREATE TABLE hr.salaries(person varchar(100), salary integer); • GRANT ALL PRIVILEGES on hr.* to ''@'localhost'; • INSTALL PLUGIN audit_tripwire SONAME 'audit_tripwire.dll'; • SET GLOBAL audit_tripwire_table='salaries'; • SET GLOBAL audit_tripwire_db='hr'; 12
  • 13. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | The Lateral Movement (as haxor@localhost) mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | hr | +--------------------+ 2 rows in set (0.00 sec) 13
  • 14. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | The Lateral Movement (as haxor@localhost) mysql> use hr; Database changed mysql> show tables; +--------------+ | Tables_in_hr | +--------------+ | salaries | +--------------+ 1 row in set (0.00 sec) 14
  • 15. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | The Lateral Movement (as haxor@localhost) mysql> show create table salariesG *************************** 1. row *************************** Table: salaries Create Table: CREATE TABLE `salaries` ( `person` varchar(100) DEFAULT NULL, `salary` int(11) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 1 row in set (0.00 sec) 15
  • 16. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 16 Mmmmmmm !?!
  • 17. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | The Trespassing (as haxor@localhost) mysql> select * from salaries limit 10; ERROR 3164 (HY000): Aborted by Audit API ('MYSQL_AUDIT_TABLE_ACCESS_READ';1). mysql> select 1; ERROR 3164 (HY000): Aborted by Audit API ('MYSQL_AUDIT_COMMAND_START';1). 17 2017-01-20T15:30:31.285577Z 14 [Warning] Plugin audit_tripwire reported: 'Tripwire table `hr`.`salaries` accessed from connection id 14. Switching to panic mode' Server’s console/error log
  • 18. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | 18 Buuuuzzzzzz !
  • 19. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Defusing (as root@localhost) mysql> set global audit_tripwire_panic_mode=0; Query OK, 0 rows affected (0.00 sec) 19
  • 20. Copyright © 2017, Oracle and/or its affiliates. All rights reserved. | Questions ? 20