前言
- 适用于MySQL的AUDIT插件*
- McAfee的MySQL插件,提供针对MySQL的审核功能,其设计重点是安全性和审核要求。该插件可以用作独立的审核解决方案,也可以配置为将数据提供给外部监视工具。
- percona,mcafee,mariadb都有提供审计插件
下载插件
解压mysql audit plugin安装包
yum instrall unzip && unzip audit-plugin-mysql-5.7-1.1.7-866-linux-x86_64.zip
查看mysql audit plugin插件安装目录
mysql> show global variables like 'plugin_dir';
+---------------+--------------------------+
| Variable_name | Value |
+---------------+--------------------------+
| plugin_dir | /usr/lib64/mysql/plugin/ |
+---------------+--------------------------+
1 row in set (0.00 sec)
拷贝目录下 libaudit_plugin.so到/usr/lib64/mysql/plugin/,赋予权
cp -rf /audit-plugin-mysql-5.7-1.1.7-866/lib/libaudit_plugin.so /usr/lib64/mysql/plugin/ && chmod +x /usr/lib64/mysql/plugin/libaudit_plugin.so
获取mysql audit plugin值,赋予权限,执行获取
cd /audit-plugin-mysql-5.7-1.1.7-866/utils && chmod +x /audit-plugin-mysql-5.7-1.1.7-866/utils/offset-extract.sh
[root@web utils]# ./offset-extract.sh /usr/sbin/mysqld
//offsets for: /usr/sbin/mysqld (5.7.25)
{"5.7.25","a54988b2de26ea37c2601aa40ae478bb", 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13472, 148, 672},
配置mysql 配置文件
-
vim /etc/my.cnf
audit_offsets=7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13472, 148, 672
plugin-load=AUDIT=libaudit_plugin.so
audit_json_file=on
audit_record_cmds='insert,delete,update,create,drop,alter,grant,truncate'
general_log=ON
查看mysql audit plugin插件安装是否完成
mysql> show plugins;
| ngram | ACTIVE | FTPARSER | NULL | GPL |
| AUDIT | ACTIVE | AUDIT | libaudit_plugin.so | GPL |
查看mysql audit plugin可以配置的一些参数
mysql> SHOW GLOBAL VARIABLES LIKE '%audi%';
查看mysql audit plugin审计功能是否开启
mysql> Show variables like "audit_json_file";
+-----------------+-------+
| Variable_name | Value |
+-----------------+-------+
| audit_json_file | ON |
+-----------------+-------+
1 row in set (0.00 sec)
查看数据存储目录
mysql> show global variables like 'datadir';
+---------------+-----------------+
| Variable_name | Value |
+---------------+-----------------+
| datadir | /var/lib/mysql/ |
+---------------+-----------------+
1 row in set (0.00 sec)
查看审计日志
tail -f /var/lib/mysql/mysql-audit.json
审计命令种类
mysql> show global variables like 'audit_record_cmds';
+-------------------+-------------------------------------------------------+
| Variable_name | Value |
+-------------------+-------------------------------------------------------+
| audit_record_cmds | insert,delete,update,create,drop,alter,grant,truncate |
+-------------------+-------------------------------------------------------+
1 row in set (0.00 sec)