PMM Advisors MySQL Security Checks

Hi everyone,

I’m interested in the PMM Advisors module (ex Security Threat tool). As stated here Advisor checks for PMM - Percona Platform the PMM is capable of executing security checks and, in particular for MySQL, I would like to know which types of checks it carries out. Is there available a list of all MySQL security checks?
In addition, are the check queries heavy? I’m afraid they can slow down the DBs.

Thank you

1 Like

@ttemployee,
On the page you listed, there is literally a long table listing out all the security checks. The queries are not heavy at all. They will not slow down the database in any way.

1 Like

@matthewb

Thank you for the reply. However, IMHO, the page is not so detailed. For example MySQL User Check and MySQL Security Check report the same description, i.e. “Runs a detailed check on user setup”. What are these “checks”?
In addition, is the Advisors module capable of altering you if suspicious queries are being executed?

1 Like

The checks are looking for duplicate users, duplicate passwords, users without passwords, etc. The checks are simple SQL against the users table.

No, the advisors are not watching any SQL from your application.

1 Like

@matthewb

I’ve just received an email from Percona, stating:

The Security Threat Tool helps:

  • Reduce possible data exposures with Query Analytics to examine all of the queries hitting your database, helping you to quickly identify unexpected queries to determine if they are valid or malicious requests (who is asking and what data they are trying to get)
  • Increase database security by quickly identifying and mitigating common database security risks for all of your open source databases (MySQL, PostgreSQL, MongoDB, MariaDB), helping you to save time and reduce potential risks
  • Ensure compliance with the ability to run regular security checks for all of your open source databases, get alerts when databases do not pass, and audit your security check history, enabling you to show that all databases are up to date with details on any remediation actions taken

Isn’t the first point, “Query Analytics to examine all of the queries”, in contradiction with what you said (“No, the advisors are not watching any SQL from your application”)?

No, because the tool is not analyzing the contents of the SQL itself. The Query ANalytics tool only gathers statistics information about the execution of your queries. It does not perform any “security” checks on the content of the queries themselves. Because the QAN has stats/records of all queries executed, you can search for queries that might be malicious, thus allowing you to reduce any possible data exposures.

1 Like