Mysql漏洞处理之升级版本到5.7.42/5.7.43过程指导手册

一、背景

某次安全漏扫，发现MySQL大量漏洞，基于Mysql之用于内网，且版本确实有点旧，考虑升级，综合漏洞分析，只能升级到最新版5.7.42和8.0.33，现场环境：Mysql 5.7.28、5.7.20和mysql：8.0.21

附录：[mysql5.7和mysql8.0区别(https://www.cnblogs.com/harda/p/16497988.html)、mysql 8手册、版本说明、mysql5.7手册

二、升级处理

1）升级方式选择，Mysql的两种升级方式：

就地升级（In-place Upgrade）
关闭旧版本mysql，用新的替换旧的二进制文件或软件包，在现有数据目录上重启数据库，执行mysql_upgrade
特点：不改变数据文件，升级速度快；但，不可以跨操作系统，不可以跨大版本（5.5—>5.7）.

2、逻辑升级（Logical Upgrade）
使用备份或导出实用程序（如mysqldump，Xtrabackup）从旧mysql实例导出SQL ，安装新的mysql数据库版本，再将SQL应用于新的mysql实例。
特点：可以跨操作系统，跨大版本；但，升级速度慢，容易出现乱码等兼容性问题。

本案中采用方法1升级替换，更多参考：Mysql 5.7 二进制方式安装

2）升级前准备

参考文档：Mysql8升级前准备、Mysql5.7升级、介质。

#rpm包方式：官方推荐解压后yum安装：yum install mysql-community-{server,client,common,libs}-*wget --no-check-certificate https://cdn.mysql.com//Downloads/MySQL-5.7/mysql-5.7.42-1.el7.x86_64.rpm-bundle.tar#二进制包方式：因我们本次采用源码包编译安装后替代二进制文件方式，旧的版本也是基于glibc2.12的wget --no-check-certificate https://cdn.mysql.com//Downloads/MySQL-5.7/mysql-57.42-linux-glibc2.12-x86 64.tar.gz#合法性验证md5sum mysql-5.7.42-1.el7.x86_64.rpm-bundle.tar //输出ea9b44d306dcf6e74a4b4832a0a700e3md5sum mysql-57.42-linux-glibc2.12-x86 64.tar.gz//输出c00530249e4bf6899d1fbf6d3fed4897 #备份tar -czf mysql_all.20230621.tar.gz ./mysql./mysql/bin/mysqldump -u root -p dbname > /opt/mysql_db_bak/mysql_`date +%Y%m%d`.sql

3）关闭mysql，替换二进制进行就地升级（不涉及跨大版本问题）

systemctl status mysqld● mysqld.service - LSB: start and stop MySQL   Loaded: loaded (/etc/rc.d/init.d/mysqld; bad; vendor preset: disabled)   Active: active (running) since Wed 2023-04-19 23:25:30 CST; 2 months 2 days ago     Docs: man:systemd-sysv-generator(8)  Process: 2751 ExecStart=/etc/rc.d/init.d/mysqld start (code=exited, status=0/SUCCESS)   CGroup: /system.slice/mysqld.service           ├─2764 /bin/sh /usr/local/mysql/bin/mysqld_safe --datadir=/usr/local/mysql/data --pid-file=/var/run/mysqld/mysqld.pid           └─3108 /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --plugin-dir=/usr/local/mysql/lib/plugin ...Apr 19 23:25:29 zq-mysql-master systemd[1]: Starting LSB: start and stop MySQL...Apr 19 23:25:30 zq-mysql-master mysqld[2751]: Starting MySQL. SUCCESS!Apr 19 23:25:30 zq-mysql-master systemd[1]: Started LSB: start and stop MySQL.#如果没有创建服务，可登录后配置MySQL缓慢关停mysql -u root -pmysql> select @@innodb_fast_shutdown;mysql> SET GLOBAL innodb_fast_shutdown=0;#或直接，缓慢关闭服务的作用：关闭时，InnoDB会在关闭前执行完全purge和变化的缓冲区合并，以确保在版本之间出现文件格式差异时，data files已做好准备。mysql -u root -p --execute="SET GLOBAL innodb_fast_shutdown=0"mysqladmin -u root -p shutdown#或者重新创建个cp /usr/local/mysql/support-files/mysql.server /etc/rc.d/init.d/chmod +x /etc/init.d/mysql.serverchkconfig --add mysql.serverchkconfig --listsystemctl stop mysqldsystemctl status mysqld   #验证● mysqld.service - LSB: start and stop MySQL   Loaded: loaded (/etc/rc.d/init.d/mysqld; bad; vendor preset: disabled)   Active: inactive (dead) since Thu 2023-06-22 12:06:28 CST; 1min 17s ago     Docs: man:systemd-sysv-generator(8)  Process: 23685 ExecStop=/etc/rc.d/init.d/mysqld stop (code=exited, status=0/SUCCESS)  Process: 2751 ExecStart=/etc/rc.d/init.d/mysqld start (code=exited, status=0/SUCCESS)Apr 19 23:25:29 zq-mysql-master systemd[1]: Starting LSB: start and stop MySQL...Apr 19 23:25:30 zq-mysql-master mysqld[2751]: Starting MySQL. SUCCESS!Apr 19 23:25:30 zq-mysql-master systemd[1]: Started LSB: start and stop MySQL.Jun 22 12:06:16 zq-mysql-master systemd[1]: Stopping LSB: start and stop MySQL...Jun 22 12:06:28 zq-mysql-master mysqld[23685]: Shutting down MySQL............ SUCCESS!Jun 22 12:06:28 zq-mysql-master systemd[1]: Stopped LSB: start and stop MySQL.ps aux|grep mysql#解压二进制包替换旧mysqltar -xzf mysql-57.42-linux-glibc2.12-x86 64.tar.gzmv mysql-5.7.42-linux-glibc2.12-x86_64 mysql-5.7.42cd mysql-5.7.42ls  //bin  docs  include  lib  LICENSE  man  README  share  support-files#迁移mysql 5.7.42 到原mysql安装目录，比较权限root@zq-mysql-master local]# ll ./mysql_old/total 56drwxr-x---  2 mysql mysql  4096 Sep 18  2019 bin-rw-r--r--  1 mysql mysql 17987 Sep 13  2017 COPYINGdrwxr-x--- 10 mysql mysql  4096 Jun 22 12:06 datadrwxr-x---  2 mysql mysql  4096 Sep 18  2019 docsdrwxr-x---  3 mysql mysql  4096 Sep 18  2019 includedrwxr-x---  5 mysql mysql  4096 Sep 18  2019 libdrwxr-x---  4 mysql mysql  4096 Sep 18  2019 man-rw-r--r--  1 mysql mysql  2478 Sep 13  2017 READMEdrwxr-x--- 28 mysql mysql  4096 Sep 18  2019 sharedrwxr-x---  2 mysql mysql  4096 Sep 18  2019 support-files[root@zq-mysql-master local]# ll ./mysql-5.7.42/total 284drwxr-xr-x  2 root root    4096 Jun 22 12:10 bindrwxr-xr-x  2 root root    4096 Jun 22 12:10 docsdrwxr-xr-x  3 root root    4096 Jun 22 12:10 includedrwxr-xr-x  5 root root    4096 Jun 22 12:10 lib-rw-r--r--  1 7161 31415 255738 Mar 16 23:25 LICENSEdrwxr-xr-x  4 root root    4096 Jun 22 12:10 man-rw-r--r--  1 7161 31415    566 Mar 16 23:25 READMEdrwxr-xr-x 28 root root    4096 Jun 22 12:10 sharedrwxr-xr-x  2 root root    4096 Jun 22 12:10 support-files#授权后迁移data过去到新目录chown mysql.mysql -R ./mysql-5.7.42/cp -pr ./mysql_old/data ./mysql-5.7.42/ll ./mysql-5.7.42/total 288drwxr-xr-x  2 mysql mysql   4096 Jun 22 12:10 bindrwxr-x--- 10 mysql mysql   4096 Jun 22 12:06 datadrwxr-xr-x  2 mysql mysql   4096 Jun 22 12:10 docsdrwxr-xr-x  3 mysql mysql   4096 Jun 22 12:10 includedrwxr-xr-x  5 mysql mysql   4096 Jun 22 12:10 lib-rw-r--r--  1 mysql mysql 255738 Mar 16 23:25 LICENSEdrwxr-xr-x  4 mysql mysql   4096 Jun 22 12:10 man-rw-r--r--  1 mysql mysql    566 Mar 16 23:25 READMEdrwxr-xr-x 28 mysql mysql   4096 Jun 22 12:10 sharedrwxr-xr-x  2 mysql mysql   4096 Jun 22 12:10 support-files#重新启动mysqlsystemctl start mysqldsystemctl status mysqld  //报错如下● mysqld.service - LSB: start and stop MySQL   Loaded: loaded (/etc/rc.d/init.d/mysqld; bad; vendor preset: disabled)   Active: active (exited) since Thu 2023-06-22 12:20:11 CST; 31s ago     Docs: man:systemd-sysv-generator(8)  Process: 23685 ExecStop=/etc/rc.d/init.d/mysqld stop (code=exited, status=0/SUCCESS)  Process: 24001 ExecStart=/etc/rc.d/init.d/mysqld start (code=exited, status=0/SUCCESS)Jun 22 12:20:11 zq-mysql-master systemd[1

来源地址：https://blog.csdn.net/ximenjianxue/article/details/131301015