MySQL5.6 audit审计插件怎样安装
发布时间:2022-01-10 16:17:55 所属栏目:MySql教程 来源:互联网
导读:小编给大家分享一下MySQL5.6 audit审计插件如何安装,相信大部分人都还不怎么了解,因此分享这篇文章给大家参考一下,希望大家阅读完这篇文章后大有收获,下面让我们一起去了解一下吧! 查看MySQL插件目录: mysql show global variables like plugin_dir;
|
小编给大家分享一下MySQL5.6 audit审计插件如何安装,相信大部分人都还不怎么了解,因此分享这篇文章给大家参考一下,希望大家阅读完这篇文章后大有收获,下面让我们一起去了解一下吧! 查看MySQL插件目录: mysql> show global variables like 'plugin_dir'; +---------------+------------------------------+ | Variable_name | Value | +---------------+------------------------------+ | plugin_dir | /usr/local/mysql/lib/plugin/ | +---------------+------------------------------+ 1 row in set (0.00 sec) mysql> quit Bye 解压缩并cp libaudit_plugin.so到MySQL对应的插件目录: # cd /root # unzip audit-plugin-mysql-5.6-1.1.2-694-linux-x86_64.zip Archive: audit-plugin-mysql-5.6-1.1.2-694-linux-x86_64.zip creating: audit-plugin-mysql-5.6-1.1.2-694/ creating: audit-plugin-mysql-5.6-1.1.2-694/lib/ inflating: audit-plugin-mysql-5.6-1.1.2-694/lib/libaudit_plugin.so inflating: audit-plugin-mysql-5.6-1.1.2-694/COPYING inflating: audit-plugin-mysql-5.6-1.1.2-694/THIRDPARTY.txt inflating: audit-plugin-mysql-5.6-1.1.2-694/README.txt creating: audit-plugin-mysql-5.6-1.1.2-694/utils/ inflating: audit-plugin-mysql-5.6-1.1.2-694/utils/offset-extract.sh # cd /root/audit-plugin-mysql-5.6-1.1.2-694/lib # cp libaudit_plugin.so /usr/local/mysql/lib/plugin/ #cd /usr/local/mysql/lib/plugin/ # chmod +x libaudit_plugin.so 编辑/etc/my.cnf,添加如下内容: plugin-load=AUDIT=libaudit_plugin.so # service mysqld restart Shutting down MySQL..... [ OK ] Starting MySQL..... [ OK ] 或者用命令安装plugin: mysql>INSTALL PLUGIN AUDIT SONAME 'libaudit_plugin.so'; 查看安装的plugin: mysql> show plugins; +----------------------------+----------+--------------------+--------------------+---------+ | Name | Status | Type | Library | License | +----------------------------+----------+--------------------+--------------------+---------+ | binlog | ACTIVE | STORAGE ENGINE | NULL | GPL | | mysql_native_password | ACTIVE | AUTHENTICATION | NULL | GPL | | mysql_old_password | ACTIVE | AUTHENTICATION | NULL | GPL | | sha256_password | ACTIVE | AUTHENTICATION | NULL | GPL | | MyISAM | ACTIVE | STORAGE ENGINE | NULL | GPL | | MRG_MYISAM | ACTIVE | STORAGE ENGINE | NULL | GPL | | MEMORY | ACTIVE | STORAGE ENGINE | NULL | GPL | | CSV | ACTIVE | STORAGE ENGINE | NULL | GPL | | BLACKHOLE | ACTIVE | STORAGE ENGINE | NULL | GPL | | InnoDB | ACTIVE | STORAGE ENGINE | NULL | GPL | | INNODB_TRX | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_LOCKS | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_LOCK_WAITS | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_CMP | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_CMP_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_CMPMEM | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_CMPMEM_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_CMP_PER_INDEX | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_CMP_PER_INDEX_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_BUFFER_PAGE | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_BUFFER_PAGE_LRU | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_BUFFER_POOL_STATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_METRICS | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_FT_DEFAULT_STOPWORD | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_FT_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_FT_BEING_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_FT_CONFIG | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_FT_INDEX_CACHE | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_FT_INDEX_TABLE | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_TABLES | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_TABLESTATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_INDEXES | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_COLUMNS | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_FIELDS | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_FOREIGN | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_FOREIGN_COLS | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_TABLESPACES | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | INNODB_SYS_DATAFILES | ACTIVE | INFORMATION SCHEMA | NULL | GPL | | PERFORMANCE_SCHEMA | ACTIVE | STORAGE ENGINE | NULL | GPL | | FEDERATED | DISABLED | STORAGE ENGINE | NULL | GPL | | ARCHIVE | ACTIVE | STORAGE ENGINE | NULL | GPL | | partition | ACTIVE | STORAGE ENGINE | NULL | GPL | | AUDIT | ACTIVE | AUDIT | libaudit_plugin.so | GPL | +----------------------------+----------+--------------------+--------------------+---------+ 43 rows in set (0.00 sec) 可以看到最后一行有AUDIT libaudit_plugin.so的字样,说明安装成功. mysql> SHOW GLOBAL VARIABLES LIKE 'audit%'; +---------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Variable_name | Value | +---------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | audit_before_after | after | | audit_checksum | | | audit_client_capabilities | OFF | | audit_delay_cmds | | | audit_delay_ms | 0 | | audit_force_record_logins | OFF | | audit_header_msg | ON | | audit_json_file | OFF | | audit_json_file_bufsize | 1 | | audit_json_file_flush | OFF | | audit_json_file_retry | 60 | | audit_json_file_sync | 0 | | audit_json_log_file | mysql-audit.json | | audit_json_socket | OFF | | audit_json_socket_name | /var/run/db-audit/mysql.audit__usr_local_mysql_data_3306 | | audit_json_socket_retry | 10 | | audit_offsets | | | audit_offsets_by_version | ON | | audit_password_masking_cmds | CREATE_USER,GRANT,SET_OPTION,SLAVE_START,CREATE_SERVER,ALTER_SERVER,CHANGE_MASTER,UPDATE | | audit_password_masking_regex | identified(?:/*.*?*/|s)*?by(?:/*.*?*/|s)*?(?:password)?(?:/*.*?*/|s)*?['|"](?.*?)(?<!--)['|"]|password(?:/*.*?*/|s)*?((?:/*.*?*/|s)*?['|"](?.*?)(?<!--)['|"](?:/*.*?*/|s)*?)|password(?:/*.*?*/|s)*?(?:for(?:/*.*?*/|s)*?S+?)?(?:/*.*?*/|s)*?=(?:/*.*?*/|s)*?['|"](?.*?)(?<!--)['|"]|password(?:/*.*?*/|s)*?['|"](?.*?)(?<!--)['|"] |<br /--> | audit_record_cmds | | | audit_record_objs | | | audit_sess_connect_attrs | ON | | audit_socket_creds | ON | | audit_uninstall_plugin | OFF | | audit_validate_checksum | ON | | audit_validate_offsets_extended | ON | | audit_whitelist_cmds | BEGIN,COMMIT,PING | | audit_whitelist_users | | +---------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 29 rows in set (0.00 sec) audit记录的命令,默认为记录所有命令 可以设置为任意dml、dcl、ddl的组合 如:audit_record_cmds=select,insert,delete,update audit_record_objs audit记录操作的对象,默认为记录所有对象, 可以用SET GLOBAL audit_record_objs=NULL设置为默认 也可以指定为下面的格式 audit_record_objs=,test.*,mysql.*,information_schema.* 测试如下: 查看是否开启audit功能: mysql> show variables like 'audit_json_file'; +-----------------+-------+ | Variable_name | Value | +-----------------+-------+ | audit_json_file | OFF | +-----------------+-------+ 1 row in set (0.00 sec) 开启audit功能: mysql> set global audit_json_file=on; Query OK, 0 rows affected (0.00 sec) mysql> show variables like 'audit_json_file'; +-----------------+-------+ | Variable_name | Value | +-----------------+-------+ | audit_json_file | ON | +-----------------+-------+ 1 row in set (0.00 sec) 审计test库的所有对象: mysql> SET GLOBAL audit_record_objs='test.*'; Query OK, 0 rows affected (0.00 sec) 审计test库的insert,update和delete操作: mysql> set global audit_record_cmds='insert,delete,update'; Query OK, 0 rows affected (0.00 sec) 查看记录文件的路径和名称信息: mysql> show variables like 'audit_json_log_file'; +---------------------+------------------+ | Variable_name | Value | +---------------------+------------------+ | audit_json_log_file | mysql-audit.json | +---------------------+------------------+ 1 row in set (0.00 sec) 文件路径如下: mysql> system find / -name mysql-audit.json /usr/local/mysql/data/mysql-audit.json 对test库下的person表做insert,update和delete测试: mysql> insert into person values('5','liuyb','29'); Query OK, 1 row affected (0.03 sec) mysql> update person set age='55' where name='dsf'; Query OK, 2 rows affected (0.04 sec) Rows matched: 2 Changed: 2 Warnings: 0 mysql> delete from person where name='cf'; Query OK, 1 row affected (0.03 sec) mysql> select * from person; +----+----------+------+ | id | name | age | +----+----------+------+ | 2 | dsf | 55 | | 3 | dsf | 55 | | 4 | chenfeng | 38 | | 5 | liuyb | 29 | +----+----------+------+ 4 rows in set (0.00 sec) 打开/usr/local/mysql/data/mysql-audit.json文件查看审计数据: [root@localhost lib]# cat /usr/local/mysql/data/mysql-audit.json {"msg-type":"header","date":"1494389691599","audit-version":"1.1.2-694","audit-protocol-version":"1.0","hostname":"localhost","mysql-version":"5.6.27-log","mysql-program":"/usr/local/mysql/bin/mysqld","mysql-socket":"/tmp/mysql.sock","mysql-port":"3306","server_pid":"41506"} {"msg-type":"activity","date":"1494389798201","thread-id":"6","query-id":"53","user":"root","priv_user":"root","ip":"","host":"localhost","connect_attrs":{"_os":"Linux","_client_name":"libmysql","_pid":"41662","_client_version":"5.6.27","_platform":"x86_64","program_name":"mysql"},"rows":"1","cmd":"insert","objects":[{"db":"test","name":"person","obj_type":"TABLE"}],"query":"insert into person values('5','liuyb','29')"} {"msg-type":"activity","date":"1494389835611","thread-id":"6","query-id":"55","user":"root","priv_user":"root","ip":"","host":"localhost","connect_attrs":{"_os":"Linux","_client_name":"libmysql","_pid":"41662","_client_version":"5.6.27","_platform":"x86_64","program_name":"mysql"},"rows":"2","cmd":"update","objects":[{"db":"test","name":"person","obj_type":"TABLE"}],"query":"update person set age='55' where name='dsf'"} {"msg-type":"activity","date":"1494390005360","thread-id":"6","query-id":"60","user":"root","priv_user":"root","ip":"","host":"localhost","connect_attrs":{"_os":"Linux","_client_name":"libmysql","_pid":"41662","_client_version":"5.6.27","_platform":"x86_64","program_name":"mysql"},"rows":"1","cmd":"delete","objects":[{"db":"test","name":"person","obj_type":"TABLE"}],"query":"delete from person where name='cf'"} 可以看到审计结果里有对test库person表的操作记录(insert,update和delete),至此,audit插件安装成功. 以上是“MySQL5.6 audit审计插件如何安装”这篇文章的所有内容,感谢各位的阅读! (编辑:海南站长网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
站长推荐