Audit Plugin安装使用

原文:

https://www.cnblogs.com/waynechou/p/mysql_audit.html#_label0   #有卸载方法

下载地址:

https://bintray.com/mcafee/mysql-audit-plugin/release/1.1.6-784#files

安装、配置、测试

查看mysql插件目录:

mysql> SHOW GLOBAL VARIABLES LIKE 'plugin_dir';

+---------------+------------------------+

| Variable_name | Value                  |

+---------------+------------------------+

| plugin_dir    | /opt/mysql/lib/plugin/ |

+---------------+------------------------+

 row in set (0.00 sec)

复制下载的so文件至plugin_dir,创建日志目录

cd /opt/tools/audit-plugin-mysql-5.6-1.1.-/lib

cp libaudit_plugin.so /opt/mysql/lib/plugin/

mkdir /home/mysql//audit_log/

chown mysql.mysql /home/mysql//audit_log/

下载offset脚本,根据版本计算

wget https://raw.github.com/mcafee/mysql-audit/master/offset-extract/offset-extract.sh

chmod +x offset-extract.sh

[root@docker1 /opt/tools ::&&]#./offset-extract.sh /opt/mysql/bin/mysqld

//offsets for: /opt/mysql/bin/mysqld (5.6.35)

{"5.6.35","c48fe13e444883af96c7f134cd0c952b", , , , , , , , , , , , , , , , , , , , , , , , , },

配置my.cnf,在mysqld块里面加入以下内容:

plugin-load=AUDIT=libaudit_plugin.so

audit_offsets=, , , , , , , , , , , , , , , , , , , , , , , ,

audit_json_file=ON

audit_json_log_file=/home/mysql/3306/audit_log/mysql-audit.json

audit_record_cmds=insert,delete,update,create,drop,revoke,alter,grant,set #针对这些语句来审计

重启mysql数据库

service mysql restart

验证是否生效:

SHOW GLOBAL STATUS LIKE 'AUDIT_version';   #查看版本

SHOW GLOBAL VARIABLES LIKE 'audit_json_file';  #查看是否开启
show plugins;  #查看安装的插件
重要的参数说明: 

. audit_json_file #是否开启audit功能 

. audit_json_log_file #记录文件的路径和名称信息 

. audit_record_cmds #audit记录的命令,默认为记录所有命令可以设置为任意dml、dcl、ddl的组合 如:audit_record_cmds=select,insert,delete,update 还可以在线设置set global audit_record_cmds=NULL(表示记录所有命令)

4.audit_record_objs

audit记录操作的对象,默认为记录所有对象,可以用SET GLOBAL audit_record_objs=NULL设置为默认。也可以指定为下面的格式:audit_record_objs=,test.*,mysql.*,information_schema.*。

其他配置参数参考: https://github.com/mcafee/mysql-audit/wiki/Configuration  
测试: 
CREATE TABLE `t1` ( `id` int() NOT NULL AUTO_INCREMENT, `age` tinyint() NOT NULL DEFAULT '', `name` varchar() NOT NULL DEFAULT '', PRIMARY KEY (`id`) )DEFAULT CHARSET=utf8; 
INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('', ''); 
INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('', ''); 
INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('', ''); 
INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('', ''); 
update t1 set name='' where age=''; 
delete from t1 where age=''; select * from t1; 

#查看审计日志 
[root@docker1 /opt/tools ::&&]#cat /home/mysql//audit_log/mysql-audit.json 
{"msg-type":"header","date":"","audit-version":"1.1.6-784","audit-protocol-version":"1.0","hostname":"docker1","mysql-version":"5.6.35-log","mysql-program":"/opt/mysql/bin/mysqld","mysql-socket":"/tmp/my3306.sock","mysql-port":"","server_pid":""} {"msg-type":"activity","date":"","thread-id":"","query-id":"","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"","status":"","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `t1` (`age`, `name`) VALUES ('2', '2')"} {"msg-type":"activity","date":"","thread-id":"","query-id":"","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"","status":"","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('1', '1')"} {"msg-type":"activity","date":"","thread-id":"","query-id":"","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"","status":"","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('3', '3')"} {"msg-type":"activity","date":"","thread-id":"","query-id":"","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"","status":"","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('4', '4')"} {"msg-type":"activity","date":"","thread-id":"","query-id":"","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"","status":"","cmd":"insert","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`t1` (`age`, `name`) VALUES ('5', '5')"} {"msg-type":"activity","date":"","thread-id":"","query-id":"","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"","status":"","cmd":"update","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"update t1 set name='6' where age='5'"} {"msg-type":"activity","date":"","thread-id":"","query-id":"","user":"root","priv_user":"","ip":"192.168.159.1","host":"192.168.159.1","rows":"","status":"","cmd":"delete","objects":[{"db":"test","name":"t1","obj_type":"TABLE"}],"query":"delete from t1 where age='1'"}

MariaDB server_audit 审计插件

下载:

http://ftp.kaist.ac.kr/mariadb/

原文:

https://www.cnblogs.com/waynechou/p/mysql_audit.html#_label0

安装、配置、测试

复制插件文件

cp -av /opt/tools/mariadb-5.5.-linux-glibc_214-x86_64/lib/plugin/server_audit.so /opt/mysql/lib/plugin/

chmod a+x /opt/mysql/lib/plugin/server_audit.so

安装插件

INSTALL PLUGIN server_audit SONAME 'server_audit.so';

配置my.cnf

server_audit_events='CONNECT,QUERY,TABLE,QUERY_DDL,QUERY_DML,QUERY_DCL'

server_audit_logging=on

server_audit_file_path =/home/mysql//audit_log/

server_audit_file_rotate_size=

server_audit_file_rotations=

server_audit_file_rotate_now=ON

值得注意的是,应该在server_audit插件被安装好,并且已经运行之后添加这些配置,否则过早在配置文件添加这个选项,会导致MySQL发生启动错误!

参数说明:

server_audit_output_type:指定日志输出类型,可为SYSLOG或FILE

server_audit_logging:启动或关闭审计

server_audit_events:指定记录事件的类型,可以用逗号分隔的多个值(connect,query,table),如果开启了查询缓存(query cache),查询直接从查询缓存返回数据,将没有table记录

server_audit_file_path:如server_audit_output_type为FILE,使用该变量设置存储日志的文件,可以指定目录,默认存放在数据目录的server_audit.log文件中

server_audit_file_rotate_size:限制日志文件的大小

server_audit_file_rotations:指定日志文件的数量,如果为0日志将从不轮转

server_audit_file_rotate_now:强制日志文件轮转

server_audit_incl_users:指定哪些用户的活动将记录,connect将不受此变量影响,该变量比server_audit_excl_users优先级高

server_audit_syslog_facility:默认为LOG_USER,指定facility

server_audit_syslog_ident:设置ident,作为每个syslog记录的一部分

server_audit_syslog_info:指定的info字符串将添加到syslog记录

server_audit_syslog_priority:定义记录日志的syslogd priority

server_audit_excl_users:该列表的用户行为将不记录,connect将不受该设置影响

server_audit_mode:标识版本,用于开发测试

重启mysql

/opt/mysql/scripts/my3306.sh restart

测试:

测试同Audit Plugin

卸载 server_audit

mysql> UNINSTALL PLUGIN server_audit;

mysql> show variables like '%audit%';

Empty set (0.00 sec)

防止 server_audit 插件被卸载,需要在配置文件中添加:

[mysqld]

server_audit=FORCE_PLUS_PERMANENT

重启MySQL生效

mysql审计插件的更多相关文章

  1. mysql审计插件-记录所有sql语句

    https://www.58jb.com/html/160.html https://www.jianshu.com/p/a0e0aec3cb6f MySQL审计工具Audit Plugin安装使用 ...

  2. mysql 审计插件编写

    http://bbs.chinaunix.net/forum.php?mod=viewthread&tid=1864367&page=1#pid13527550 http://blog ...

  3. mysql添加mcafee 审计插件

    插件源码地址https://github.com/mcafee/mysql-audit插件安装方法https://github.com/mcafee/mysql-audit/wiki/Installa ...

  4. MySQL Percona server 5.5 安装审计插件

    近期,公司要求对MySQL 数据库上操作进行审计:通过了解MySQL 官方企业版(付费版)本中集成了audit_log审计插件,但是社区开源版本中并不包含该插件,也没提供下载.进一步了解 MariaD ...

  5. MySQL审计工具Audit Plugin安装使用

    本实验的审计插件均是安装在 mysql-community-server-5.7.9 的服务器上. 插件安装(社区版) 插件下载地址: https://bintray.com/mcafee/mysql ...

  6. mysql审计实现方法

    Mysql版本: 5.6.24-72.2 一.通过init-connect + binlog 实现MySQL审计功能 基本原理: 由于审计的关键在于DML语句,而所有的DML语句都可以通过binlog ...

  7. 配置Mysql审计

    mysql-audit.json:Mysql审计日志 插件下载地址: https://bintray.com/mcafee/mysql-audit-plugin/release/1.1.4-725#f ...

  8. MySQL5.7 (审计)通过init_connect + binlog 实现MySQL审计功能

    转载自:https://blog.51cto.com/13941177/2173620 一.简介 1.概述 mysql本身已经提供了详细的sql执行记录–general log ,但是开启它有以下几个 ...

  9. 开启mysql审计功能

    下面方式是在线开启,重启后会失效: 1.mysql社区版没有审计插件,先获取server_audit.so文件,我是先在一台测试服务器上安装了一个mariadb数据库,然后搜索find / -name ...

随机推荐

  1. Autoencoder基本操作及其Tensorflow实现

    最近几个月一直在和几个小伙伴做Deep Learning相关的事情.除了像tensorflow,gpu这些框架或工具之外,最大的收获是思路上的,Neural Network相当富余变化,发挥所想.根据 ...

  2. (转载)STL map与Boost unordered_map的比较

    原链接:传送门 今天看到 boost::unordered_map,它与 stl::map的区别就是,stl::map是按照operator<比较判断元素是否相同,以及比较元素的大小,然后选择合 ...

  3. [Linux] 025 yum 命令

    1. 常用 yum 命令 (1) 查询 查询所有可用软件包列表 $ yum list 搜索服务器上所有和关键字相关的包 $ yum search 关键字 ps 有点像 Python 的 pip lis ...

  4. 前端最常用的跨域方式--jsonp

    jsonp通过动态创建script标签的方式来实现跨域通信.原理是浏览器允许html标签在不同的域名下加载资源. <script> var script = document.create ...

  5. P2634 [国家集训队]聪聪可可(题解)(点分治)

    P2634 [国家集训队]聪聪可可(题解)(点分治) 洛谷题目 #include<iostream> #include<cstdlib> #include<cstdio& ...

  6. Laya2.0的转变

    之前一直用Laya1.x+TypeScript了,最近项目开始使用Laya2.0+AS3了 总结一下需要注意的一些事项,算是2种开发模式的区别与过渡吧 1.AS类的访问标识 必须是public,不写会 ...

  7. Centos7.6替换自带的jre安装jdk

    Centos7.6自带jre 1.8,可以作为java运行环境.但如果要编译java程序那就需要jdk,以下介绍如何把自带的jre卸掉并安装jdk 首先要卸载自带的jre PS:由于不同版本的操作系统 ...

  8. js事件循环了解一下

    https://segmentfault.com/a/1190000019900532

  9. rabbitmq3.7集群搭建实战

    环境: 3台 centos7.4rabbitmq3.7erlang 22 1. 有几种方式安装,这里使用的yum安装(官方推荐)2. 使用rabbitmq时需要安装erlang,在各个节点上使用vim ...

  10. MySQL06-- mysql索引

    目录 一.索引介绍 1.什么是索引 2.索引类型介绍 3.索引管理 5.索引操作 6.前缀索引 7.联合索引 8.创建索引总结: 一.索引介绍 1.什么是索引 1)索引就好比一本书的目录,它能让你更快 ...