I want to install the CONNECTION_CONTROL and CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS plugins for my Amazon Relational Database Service (Amazon RDS) for MySQL database.
Resolution
Note: The following steps apply only to Amazon RDS for MySQL. They don't apply to Amazon Aurora MySQL-Compatible Edition.
The CONNECTION_CONTROL plugin
CONNECTION_CONTROL (from the MySQL website) checks incoming connection attempts and adds a delay to server responses as necessary. This plugin also reveals system variables that allow for its configuration and a status variable that provides rudimentary monitoring information.
CONNECTION_CONTROL doesn't come with default MySQL configurations. Therefore, you must configure the plugin after you install it.
Install CONNECTION_CONTROL
To install the CONNECTION_CONTROL plugin in MySQL, run the following commands in the MySQL Command-Line Client:
mysql
INSTALL PLUGIN CONNECTION_CONTROL
SONAME 'connection_control.so';
This returns an output that's similar to the following message:
Query OK, 0 rows affected (0.01 sec)
For more information, see Installing connection control plugins on the MySQL website.
Check the plugin's variables
You can now verify the following variables that relate to the plugin:
- connection_control_failed_connections_threshold
- connection_control_max_connection_delay
- connection_control_min_connection_delay
To check these variables, run the following commands:
mysql
SHOW VARIABLES LIKE 'connection_control%';
This returns an output that's similar to the following message:
+-------------------------------------------------+------------+
| Variable_name | Value |
+-------------------------------------------------+------------+
| connection_control_failed_connections_threshold | 3 |
| connection_control_max_connection_delay | 2147483647 |
| connection_control_min_connection_delay | 1000 |
+-------------------------------------------------+------------+
You can't modify the values of these variables, and you must use these values by default. For more information, see Connection-control system and status variables on the MySQL website.
The CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS plugin
CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS implements an INFORMATION_SCHEMA table that reveals more detailed monitoring information for failed connection attempts.
Install CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS
To install the CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS plugin in MySQL, run the following commands:
mysql
INSTALL PLUGIN CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS
SONAME 'connection_control.so';
This returns an output that's similar to the following message:
Query OK, 0 rows affected (0.00 sec)
View the plugins' status
To view the status of these plugins, run the following commands:
mysql
SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE 'connection%'; command.
This returns an output that's similar to the following message:
+------------------------------------------+---------------+
| PLUGIN_NAME | PLUGIN_STATUS |
+------------------------------------------+---------------+
| CONNECTION_CONTROL | ACTIVE |
| CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS | ACTIVE |
+------------------------------------------+---------------+
This confirms that the status of the plugins is ACTIVE. You can now learn about any failed login attempts, compare those failures with your third-party assessment tools, and post the assessment.
Related information
UNINSTALL PLUGIN statement (MySQL website)