dev-sec / ansible-collection-hardening

This Ansible collection provides battle tested hardening for Linux, SSH, nginx, MySQL
http://dev-sec.io/
Apache License 2.0
4.08k stars 732 forks source link

Percona hardening #328

Open BarbzYHOOL opened 6 years ago

BarbzYHOOL commented 6 years ago

Hello,

I use Percona and tried this role. It creates a hardening file in conf.d but in Percona we also use /etc/mysql/percona.conf.d/ and I'm wondering in which order the files are read.

Because if some setting overrides the hardening, it might be a bit of an issue

rndmh3ro commented 6 years ago

From the docs:

MySQL makes no guarantee about the order in which option files in the directory will be read.

https://dev.mysql.com/doc/refman/5.7/en/option-files.html

So basically you have no way of knowing if some settings gets overridden. So this role should probably check if Percona is installed and then use the correct directories.

BarbzYHOOL commented 6 years ago

that quote is funny

hmm maybe i'll add it if I remember about the issue