记录mysql的具体操作明细
分类: MySQL
前言:
测试环境莫名其妙有几条重要数据被删除了,由于在binlog里面只看到是公用账号删除的,无法查询是那个谁在那个时间段登录的,就考虑怎么记录每一个MYSQL账号的登录信息,在MYSQL中,每个连接都会先执行init-connect,进行连接的初始化,我们可以在这里获取用户的登录名称和thread的ID值。然后配合binlog,就可以追踪到每个操作语句的操作时间,操作人以及客户端的连接进程信息等。实现审计。
1,在mysql服务器db中建立单独的记录访问信息的库
set names utf8;
create database access_log;
CREATE TABLE `access_log`
(
`id` int(11) NOT NULL AUTO_INCREMENT,
`thread_id` int(11) DEFAULT NULL, -- 线程ID,这个值很重要
`log_time` timestamp NOT NULL DEF AULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, -- 登录时间
`localname` varchar(30) DEFAULT NULL, -- 登录名称
`matchname` varchar(30) DEFAULT NULL, -- 登录用户
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8 comment '录入用户登录信息';
2,在配置文件中配置init-connect参数。登录时插入日志表。如果这个参数是个错误的SQL语句,登录就会失败。
vim /usr/local/mysql/my.cnf
init-connect='INSERT INTO access_log.access_log VALUES(NULL,CONNECTION_ID(),NOW(),USER(),CURRENT_USER());'
然后重启数据库
3,创建普通用户,不能有super权限,而且用户必须有对access_log库的access_log表的insert权限,否则会登录失败。
给登录用户赋予insert权限,但是不赋予access_log的insert、select权限,
GRANT INSERT,DELETE,UPDATE,SELECT ON test.* TO audit_user@'%' IDENTIFIED BY 'cacti_user1603';
mysql> GRANT CREATE,DROP,ALTER,INSERT,DELETE,UPDATE,SELECT ON test.* TO audit_user@'%' IDENTIFIED BY 'cacti_user1603';
Query OK, 0 rows affected (0.00 sec)
mysql> exit
然后去用新的audit_user登录操作
[root@db_server ~]# /usr/local/mysql/bin/mysql -uaudit_user -p -S /usr/local/mysql/mysql.sock
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 25
Server version: 5.6.12-log
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> lect * from access_log.access_log;
ERROR 2006 (HY000): MySQL server has gone away
No connection. Trying to reconnect...
Connection id: 26
Current database: *** NONE ***
ERROR 1184 (08S01): Aborted connection 26 to db: 'unconnected' user: 'audit_user' host: 'localhost' (init_connect command failed)
mysql>
看到报错信息 (init_connect command failed),再去错误日志error log验证一下:
tail -fn 5 /usr/local/mysql/mysqld.log
2014-07-28 16:03:31 23743 [Warning] Aborted connection 25 to db: 'unconnected' user: 'audit_user' host: 'localhost' (init_connect command failed)
2014-07-28 16:03:31 23743 [Warning] INSERT command denied to user ''@'localhost' for table 'access_log'
2014-07-28 16:04:04 23743 [Warning] Aborted connection 26 to db: 'unconnected' user: 'audit_user' host: 'localhost' (init_connect command failed)
2014-07-28 16:04:04 23743 [Warning] INSERT command denied to user ''@'localhost' for table 'access_log'
看到必须要有对access_log库的access_log表的insert权限才行。
4,赋予用户access_log的insert、select权限,然后重新赋予权限:
GRANT SELECT,INSERT ON access_log.* TO audit_user@'%';
mysql>
mysql> GRANT SELECT,INSERT ON access_log.* TO audit_user@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
再登录,报错如下:
[root@db_server ~]# /usr/local/mysql/bin/mysql -uaudit_user -p -S /usr/local/mysql/mysql.sock
Enter password:
ERROR 1045 (28000): Access denied for user 'audit_user'@'localhost' (using password: YES)
[root@db_server ~]#
去查看error日志:
2014-07-28 16:15:29 23743 [Warning] INSERT command denied to user ''@'localhost' for table 'access_log'
2014-07-28 16:15:41 23743 [Warning] Aborted connection 37 to db: 'unconnected' user: 'audit_user' host: 'localhost' (init_connect command failed)
2014-07-28 16:15:41 23743 [Warning] INSERT command denied to user ''@'localhost' for table 'access_log'
2014-07-28 16:15:50 23743 [Warning] Aborted connection 38 to db: 'unconnected' user: 'audit_user' host: 'localhost' (init_connect command failed)
2014-07-28 16:15:50 23743 [Warning] INSERT command denied to user ''@'localhost' for table 'access_log'
需要用root用户登录进去,清空掉用户为''的用户记录。
mysql> select user,host,password from mysql.user;
+----------------+-----------+-------------------------------------------+
| user | host | password |
+----------------+-----------+-------------------------------------------+
| root | localhost | |
| root | db_server | |
| root | 127.0.0.1 | |
| root | ::1 | |
| | localhost | |
| | db_server | |
| cacti_user | % | *EB9E3195E443D577879101A35EF64A701B35F949 |
| cacti_user | 1 | *D5FF9B53A78232DA13D3643965A5961449B387DB |
| cacti_user | 2 | *D5FF9B53A78232DA13D3643965A5961449B387DB |
| test_user | 192.% | *8A447777509932F0ED07ADB033562027D95A0F17 |
| test_user | 1 | *8A447777509932F0ED07ADB033562027D95A0F17 |
| weakpwd_user_1 | 10.% | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| weakpwd_user_2 | 10.% | *B1461C9C68AFA1129A5F968C343636192A084ADB |
| weakpwd_user_3 | 10.% | *DCB7DF5FFC82C441503300FFF165257BC551A598 |
| audit_user | % | *AEAB1915B137FAFDE9B949D67A9A42DDB68DD8A2 |
+----------------+-----------+-------------------------------------------+
15 rows in set (0.00 sec)
mysql> drop user ''@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> drop user ''@'db_server';
Query OK, 0 rows affected (0.00 sec)
mysql>
再用已经分配了access_log表的Insert权限的audit_user登录
mysql> select * from access_log.access_log;
+----+-----------+---------------------+---------------------------+--------------+
| id | thread_id | log_time | localname | matchname |
+----+-----------+---------------------+---------------------------+--------------+
| 4 | 41 | 2014-07-28 16:19:37 | audit_user@localhost | audit_user@% |
| 5 | 42 | 2014-07-28 16:20:32 | audit_user@localhost | audit_user@% |
| 6 | 45 | 2014-07-28 16:21:11 | audit_user@localhost | audit_user@% |
+----+-----------+---------------------+---------------------------+--------------+
6 rows in set (0.00 sec)
mysql> show full processlist;
+----+------------+-----------+------+---------+------+-------+-----------------------+
| Id | User | Host | db | Command | Time | State | Info |
+----+------------+-----------+------+---------+------+-------+-----------------------+
| 45 | audit_user | localhost | NULL | Query | 0 | init | show full processlist |
+----+------------+-----------+------+---------+------+-------+-----------------------+
1 row in set (0.00 sec)
mysql>
5,再用另外一个用户登录建表,录入测试数据。
建表录入数据记录
mysql> use test;
Database changed
mysql> create table t1 select 1 as a, 'wa' as b;
Query OK, 1 row affected (0.01 sec)
Records: 1 Duplicates: 0 Warnings: 0
查看跟踪用户行为记录。
mysql> select * from access_log.access_log;
+----+-----------+---------------------+---------------------------+--------------+
| id | thread_id | log_time | localname | matchname |
+----+-----------+---------------------+---------------------------+--------------+
| 4 | 41 | 2014-07-28 16:19:37 | audit_user@localhost | audit_user@% |
| 5 | 42 | 2014-07-28 16:20:32 | audit_user@localhost | audit_user@% |
| 6 | 45 | 2014-07-28 16:21:11 | audit_user@localhost | audit_user@% |
| 7 | 48 | 2014-07-28 16:30:42 | audit_user@192.168.3.62 | audit_user@% |
| 8 | 50 | 2014-07-28 16:46:11 | audit_user@192.168.3.62 | audit_user@% |
+----+-----------+---------------------+---------------------------+--------------+
8 rows in set (0.00 sec)
去mysql db服务器上查看binlog 内容,解析完后,没有insert语句,怎么回事,去看my.cnf
#binlog-ignore-db=mysql # No sync databases
#binlog-ignore-db=test # No sync databases
#binlog-ignore-db=information_schema # No sync databases
#binlog-ignore-db=performance_schema
原来是对test库有binlog过滤设置,全部注释掉。重启mysql库,重新来一遍,可以在看到binlog
在MySQL客户端上重新执行。
mysql> use test;
Database changed
mysql> insert into test.t1 select 5,'t5';
Query OK, 1 row affected (0.00 sec)
Records: 1 Duplicates: 0 Warnings: 0
mysql> select * from access_log.access_log;
+----+-----------+---------------------+---------------------------+--------------+
| id | thread_id | log_time | localname | matchname |
+----+-----------+---------------------+---------------------------+--------------+
| 1 | 17 | 2014-07-28 15:41:04 | cacti_user@192.168.171.71 | cacti_user@% |
| 2 | 18 | 2014-07-28 15:41:05 | cacti_user@192.168.171.71 | cacti_user@% |
| 3 | 19 | 2014-07-28 15:41:05 | cacti_user@192.168.171.71 | cacti_user@% |
| 4 | 41 | 2014-07-28 16:19:37 | audit_user@localhost | audit_user@% |
| 5 | 42 | 2014-07-28 16:20:32 | audit_user@localhost | audit_user@% |
| 6 | 45 | 2014-07-28 16:21:11 | audit_user@localhost | audit_user@% |
| 7 | 48 | 2014-07-28 16:30:42 | audit_user@192.168.3.62 | audit_user@% |
| 8 | 50 | 2014-07-28 16:46:11 | audit_user@192.168.3.62 | audit_user@% |
| 9 | 56 | 2014-07-28 19:32:12 | audit_user@192.168.1.12 | audit_user@% |
| 10 | 1 | 2014-07-28 20:02:56 | audit_user@192.168.3.62 | audit_user@% |
+----+-----------+---------------------+---------------------------+--------------+
10 rows in set (0.00 sec)
看到thread_id为1
6,如何查看何跟踪用户行为记录。
去mysql数据库服务器上查看binlog,应该thread_id=1的binlog记录。
[root@db_server binlog]# /usr/local/mysql/bin/mysqlbinlog --base64-output=DECODE-ROWS mysql-bin.000018 -v>3.log
[root@db_server binlog]# vim 3.log
# at 1103
#140728 20:12:48 server id 72 end_log_pos 1175 CRC32 0xa323c00e Query thread_id=1 exec_time=0 error_code=0
SET TIMESTAMP=1406549568/*!*/;
BEGIN
/*!*/;
# at 1175
#140728 20:12:48 server id 72 end_log_pos 1229 CRC32 0xbb8ca914 Table_map: `access_log`.`t1` mapped to number 72
# at 1229
#140728 20:12:48 server id 72 end_log_pos 1272 CRC32 0x8eed1450 Write_rows: table id 72 flags: STMT_END_F
### INSERT INTO `access_log`.`t1`
### SET
### @1=10
### @2='w0'
# at 1272
#140728 20:12:48 server id 72 end_log_pos 1303 CRC32 0x72b26336 Xid = 14
COMMIT/*!*/;
看到thread_id=1,然后,就可以根据thread_id=1来判断执行这条insert命令的来源,还可以在mysql服务器上执行show full processlist;来得到MySQL客户端的请求端口,
mysql> show full processlist;
+----+------------+-------------------+------+---------+------+-------+-----------------------+
| Id | User | Host | db | Command | Time | State | Info |
+----+------------+-------------------+------+---------+------+-------+-----------------------+
| 1 | audit_user | 192.168.3.62:44657 | test | Sleep | 162 | | NULL |
| 3 | root | localhost | NULL | Query | 0 | init | show full processlist |
+----+------------+-------------------+------+---------+------+-------+-----------------------+
2 rows in set (0.00 sec)
mysql>
看到Id为1的线程,端口是44657。
我们切换回mysql客户端,去查看端口是44657的是什么进程,如下所示:
[tim@db_client ~]$ netstat -antlp |grep 44657
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 192.168.3.62:44657 192.168.1.12:3307 ESTABLISHED 6335/mysql
[tim@db_client ~]$
获取到该进程的PID 6335,再通过ps -eaf得到该进程所执行的命令,如下所示:
[tim@db_client ~]$ ps -eaf|grep 6335
tim 6335 25497 0 19:59 pts/1 00:00:00 mysql -uaudit_user -p -h 192.168.1.12 -P3307
tim 6993 6906 0 20:16 pts/2 00:00:00 grep 6335
[tim@db_client ~]$
最后查到是通过mysql客户端登陆连接的。加入这个6335是某个web工程的,那么,也可以根据ps -eaf命令查询得到web工程的进程信息。
http://blog.chinaunix.net/uid-24086995-id-168445.html
http://blog.itpub.net/26230597/viewspace-1240386
记录mysql的具体操作明细的更多相关文章
- windows下cmd记录MYSQL操作
我们在cmd下操作MYSQL,当需要复制某条命令的时候,需要右键标记,然后选取,然后......各种不方便! 有没有比较方便的方式,可以将我们的操作记录自动的实时保存下来,当我们需要操作的时候,可以高 ...
- 记录MySQL的一些基础操作
MySQL建表操作 root@localhost 08:05:22> create table stu( -> id int(4) not null, -> name char(20 ...
- DBA必备:MySQL数据库常用操作和技巧
DBA必备:MySQL数据库常用操作和技巧 2011-02-25 15:31 kaduo it168 字号:T | T MySQL数据库可以说是DBA们最常见和常用的数据库之一,为了方便大家使用,老M ...
- 一次插入多条记录 [mysql]
调用多次INSERT语句不就可以插入多条记录了吗?但使用这种方法要增加服务器的负荷,因为,执行每一次SQL服务器都要同样对SQL进行分析.优化等操作.幸好MySQL提供了另一种解决方案,就是使用一条I ...
- mysql 命令行操作
1.连接Mysql 格式: mysql -h主机地址 -u用户名 -p用户密码 1.连接到本机上的MYSQL.首先打开DOS窗口,然后进入目录mysql\bin,再键入命令mysql -u root ...
- MySQL查询in操作 查询结果按in集合顺序显示(转)
MySQL 查询in操作,查询结果按in集合顺序显示的实现代码,需要的朋友可以参考下. MySQL 查询in操作,查询结果按in集合顺序显示 复制代码代码如下: select * from test ...
- php笔记08:数据库编程---使用php的MySQL扩展库操作MySQL数据库
1.使用php的MySQL扩展库操作MySQL数据库: php有3种方式操作MySQL数据库 (1)mysql扩展库 (2)mysqli扩展库 (3)pdo mysql扩展库与mysql数据库 ...
- MySQL数据库 常用操作
1:使用SHOW语句找出在服务器上当前存在什么数据库: mysql> SHOW DATABASES; 2:创建一个数据库MYSQLDATA mysql> CREATE DATABASE M ...
- mysql的常用操作的封装
1.概述: 为了把繁琐的操作简化成简单的类,设计了2个类用来封装了mysql的常用操作,以便使用者可以方便地使用. 2.组成 1)数据库操作类CDatabaseConnect 2)SQL对象类CSql ...
随机推荐
- SharePoint 向多行文本类型字段插入特殊类型链接
1.在测试列表中插入一个多行文本字段,名字叫做Content,如下图: 2.在Content字段里,添加一个Link,如下图: 3.尝试输入Notes格式的Link,如下图: 4.点击OK的时候,弹出 ...
- 图文详细解说DevExpress 2015新版亮点【附文档下载】
历时两个月,翻译自官网的更新说明文档,最后整理成册,文末附PDF地址. DevExpress 在今年6月份发布了正式的2015版本,2015在旧版基础上有明显的升级改进,尤其是DevExtreme.W ...
- 【IOS】ios中NSUserDefault与android中的SharedPreference用法简单对比
以下内容为原创,欢迎转载,转载请注明 来自天天博客:http://www.cnblogs.com/tiantianbyconan/p/3405308.html 有Android开发经验的朋友对Shar ...
- Xcode 7中http通信出现如下错误:Application Transport Security has blocked a cleartext HTTP (http://) resource load since it is insecure. Temporary exceptions can be configured via your app's Info.plist file.
原因 在iOS9 beta1中,苹果将原http协议改成了https协议,使用 TLS1.2 SSL加密请求数据. 解决方法 编辑 info.plist,加入如下设置: <plist> & ...
- android关于线程的那些事
今天发现之前自己一直有个误区,new Runnable(run()方法){}原来它不是一定创建一个线程 如果用主线程的handler去post(Runnable),他就不会创建子线程,而是在主线程上执 ...
- 你真的了解UIButton、UILabel 吗?
一:首先查看一下关于UIButton的定义 @class UIImage, UIFont, UIColor, UIImageView, UILabel; //设置UIButton的样式 typedef ...
- 【读书笔记】iOS网络-异步请求与运行循环
异步请求需要运行循环.当数据传递到服务器或是被客户端接收时,运行循环用于实现事件与委托对象之间的通信.异步请求在发出时,会在当前线程的运行循环上操作,这个实现细节是很重要的,因为在GCD块中或者是通过 ...
- iOS--(UITableViewCell)、(UITableViewController)微信个人主页
本文主要实现了微信的个人主页的设置: 目录文件如下: 实现代码如下: RootTableViewController.h #import <UIKit/UIKit.h> @interfac ...
- iOS开发之多线程技术
本篇争取一篇讲清讲透,依然将通过四大方面清晰的对iOS开发中多线程的用法进行详尽的讲解: 一.什么是多线程 1)多线程执行原理 2)线程与进程 3)多线程的优缺点 二.我们为什么要用多线程编程技术 三 ...
- C#程序猿电脑重装记录
最近比较空了,闲的手痒,将自己的笔记本进行了重装,之前每次重装都没有记录,这次将本次重装过程记录下来,以便下次参考 1 首先不用说了WIN7旗舰版装好,驱动装好 2 开启Administrator用户 ...