我是靠谱客的博主 斯文小松鼠,最近开发中收集的这篇文章主要介绍mysql审计插件安装_MYSQL - 安装审计插件,觉得挺不错的,现在分享给大家,希望可以做个参考。

概述

48304ba5e6f9fe08f3fa1abda7d326ab.png

查看mysql插件目录:

mysql> SHOW GLOBAL VARIABLES LIKE 'plugin_dir';

+---------------+------------------------+

| Variable_name | Value |

+---------------+------------------------+

| plugin_dir | /opt/mysql/lib/plugin/ |

+---------------+------------------------+

1 row in set (0.00 sec)

复制下载的so文件至plugin_dir,创建日志目录

cd /opt/tools/audit-plugin-mysql-5.6-1.1.6-784/lib

cp libaudit_plugin.so /opt/mysql/lib/plugin/

mkdir /home/mysql/3306/audit_log/

chown mysql.mysql /home/mysql/3306/audit_log/

下载offset脚本,根据版本计算

wget https://raw.github.com/mcafee/mysql-audit/master/offset-extract/offset-extract.sh

chmod +x offset-extract.sh

[root@docker1 /opt/tools 19:42:56&&11]#./offset-extract.sh /opt/mysql/bin/mysqld

//offsets for: /opt/mysql/bin/mysqld (5.6.35)

{"5.6.35","c48fe13e444883af96c7f134cd0c952b", 6992, 7040, 4000, 4520, 72, 2704, 96, 0, 32, 104, 136, 7128, 4392, 2800, 2808, 2812, 536, 0, 0, 6360, 6384, 6368, 13048, 548, 516},

配置my.cnf,在mysqld块里面加入以下内容:

plugin-load=AUDIT=libaudit_plugin.so

audit_offsets=6992, 7040, 4000, 4520, 72, 2704, 96, 0, 32, 104, 136, 7128, 4392, 2800, 2808, 2812, 536, 0, 0, 6360, 6384, 6368, 13048, 548, 516

audit_json_file=ON

audit_json_log_file=/home/mysql/3306/audit_log/mysql-audit.json

audit_record_cmds=insert,delete,update,create,drop,revoke,alter,grant,set #针对这些语句来审计

重启mysql数据库

service mysql restart

验证是否生效:

SHOW GLOBAL STATUS LIKE 'AUDIT_version'; #查看版本

SHOW GLOBAL VARIABLES LIKE 'audit_json_file'; #查看是否开启

show plugins; #查看安装的插件

重要的参数说明:

1. audit_json_file #是否开启audit功能

2. audit_json_log_file #记录文件的路径和名称信息

3. audit_record_cmds #audit记录的命令,默认为记录所有命令可以设置为任意dml、dcl、ddl的组合 如:audit_record_cmds=select,insert,delete,update 还可以在线设置set global audit_record_cmds=NULL(表示记录所有命令)

4.audit_record_objs

audit记录操作的对象,默认为记录所有对象,可以用SET GLOBAL audit_record_objs=NULL设置为默认。也可以指定为下面的格式:audit_record_objs=,test.*,mysql.*,information_schema.*。

其他配置参数参考: https://github.com/mcafee/mysql-audit/wiki/Configuration

测试:

CREATE TABLE `t1` ( `id` int(10) NOT NULL AUTO_INCREMENT, `age` tinyint(4) NOT NULL DEFAULT '0', `name` varchar(30) NOT NULL DEFAULT '', PRIMARY KEY (`id`) )DEFAULT CHARSET=utf8;

INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('1', '1');

INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('3', '3');

INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('4', '4');

INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('5', '5');

update t1 set name='6' where age='5';

delete from t1 where age='1'; select * from t1;

#查看审计日志

[root@docker1 /opt/tools 19:43:00&&12]#cat /home/mysql/3306/audit_log/mysql-audit.json

{"msg-type":"header","date":"1532167436580","audit-version":"1.1.6-784","audit-protocol-version":"1.0","hostname":"docker1","mysql-version":"5.6.35-log","mysql-program":"/opt/mysql/bin/mysqld","mysql-socket":"/tmp/my3306.sock","mysql-port":"3306","server_pid":"43306"} {"msg-type":"activity","date":"1532167889630","thread-id":"9","query-id":"54","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `t1` (`age`, `name`) VALUES ('2', '2')"} {"msg-type":"activity","date":"1532167962813","thread-id":"8","query-id":"68","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('1', '1')"} {"msg-type":"activity","date":"1532167962831","thread-id":"8","query-id":"69","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('3', '3')"} {"msg-type":"activity","date":"1532167962849","thread-id":"8","query-id":"70","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('4', '4')"} {"msg-type":"activity","date":"1532167962867","thread-id":"8","query-id":"71","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('5', '5')"} {"msg-type":"activity","date":"1532168079332","thread-id":"8","query-id":"87","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"update","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"update t1 set name='6' where age='5'"} {"msg-type":"activity","date":"1532168113498","thread-id":"8","query-id":"103","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"1","status":"0","cmd":"delete","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"delete from t1 where age='1'"}

48304ba5e6f9fe08f3fa1abda7d326ab.png

最后

以上就是斯文小松鼠为你收集整理的mysql审计插件安装_MYSQL - 安装审计插件的全部内容,希望文章能够帮你解决mysql审计插件安装_MYSQL - 安装审计插件所遇到的程序开发问题。

如果觉得靠谱客网站的内容还不错,欢迎将靠谱客网站推荐给程序员好友。

本图文内容来源于网友提供,作为学习参考使用,或来自网络收集整理,版权属于原作者所有。
点赞(44)

评论列表共有 0 条评论

立即
投稿
返回
顶部