MySQL

Configure a MySQL datasource on your Guardium® system.

Supported Authentication Methods

Note: For SQL statements, the Guardium appliance supports UTF8 characters of up to 3 bytes in length. UTF8 characters 4 bytes or longer are not supported and do not display correctly. This is a limitation of the Guardium appliance.
Authentication Supported
Local user Yes
LDAP No
Kerberos No
SSL Yes
Mutual SSL Yes

Parameters

Field Description
Host Name/IP Required. The hostname or IP address of the datasource.
Port number Required. Default value: 3306.
Database The name of the database.
Connection property Properties that must be included in the JDBC URL to establish a JDBC connection with the datasource. The required format is property1=value;property2=value, where each property and value pair is separated by a semicolon.
For examples, refer to the database vendor's JDBC documentation.
If the database server is in the UTC time zone and you are unable to establish a connection, use the following connection properties:
useUnicode=true;useJDBCCompliantTimezoneShift=true;useLegacyDatetimeCode=false;serverTimezone=UTC
Custom URL The connection string to the datasource. When the custom URL is not provided, the datasource connection is made by using properties such as the hostname and port number.

CAS (Configuration Auditing System) database instance

If you are a CAS user, configure the CAS database instance.

Field Description
Account The name of the account owner.
Directory The name of the installation directory.

An environment variable MYSQL_HOME may be defined.

Note: A MySQL datasource with a Unicode database name is not supported. The datasource name in MYSQL must be ASCII.

To use the following feature, you must install the latest Guardium Vulnerability Assessment patch for version 11.5:

Required environment variable:

datadir - The path to the MySQL server data directory. For MySQL Binary installation, the default path is datadir= /usr/local/mysql/data. For MySQL rpm or yum installation, the default path is datadir=/var/lib/mysql

MYSQL_HOME is an environment variable containing the path to the directory in which the server-specific my.cnf file resides.

If MYSQL_HOME is not set and you start the server using the mysqld_safe program, mysqld_safe sets it to BASEDIR, the MySQL base installation directory.

If directories are not set to default, Optional variables can be set on the datasource CAS database instance Directory:

$log_bin_basename - basename for the logbin log files with full path (for example: /var/lib/mysql/binlog, will check for all log files starting with binlog under the /var/lib/mysql directory)

$slow_query_log_file - slow query log file name with full path

$log_error - Error log file name with full path

$general_log_file - General log file name with full path

$relay_log_basename - Basename for the relay logs files with full path (for example: /var/lib/mysql/<hostname>-relay-bin.nnnnnn)

$plugin_dir - plugin dir with full path

$ssl_dir - folder path where ssl key files are in with full path

$audit_log_file - audit log file name with full path

  • Example 1 - MySQL default installation with CAS instance OS account is root:

    Account: root

    Directory: /root | datadir=/var/lib/mysql

  • Example 2 - MySQL binaries installation with CAS instance OS account is mysql8c:

    Account: mysql8c

    Directory: /home/mysql8c | datadir=/home/mysql8c/mysql/data/

  • For example3 - MySQL installation with CAS instance OS account is root and non-default directories:

    Account: root

    Directory: /root | datadir=/opt/IBM/data/mysql/ | slow_query_log_file=/opt/IBM /data/mysql/mysql-slow.log | log_error=/opt/IBM/data/mysql/mysql-error.log | general_log_file=/opt/IBM/data/mysql/localhost.log | relay_log_basename=/opt/IBM/data/mysql/localhost-relay-bin | ssl_dir=/opt/IBM/etc/keys