Mysql审计
audit-plugin-for-mysql 编译安装指南(CentOS 7)
1. 安装必要的开发工具和依赖库
yum group install "Development Tools" -yyum -y install ncurses ncurses-devel openssl-devel bison gcc gcc-c++ make cmake boost2. 下载并解压 MySQL 5.7 源码
wget https://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-boost-5.7.44.tar.gztar xvzf mysql-boost-5.7.44.tar.gz3. 克隆审计插件源码并复制到 MySQL 源码目录
git clone -b mysql-5.7 https://github.com/aws/audit-plugin-for-mysql --depth=1cp -a audit-plugin-for-mysql/plugin/server_audit mysql-5.7.44/plugin/4. 进入 MySQL 源码目录并进行 CMake 配置
cd mysql-5.7.44cmake . \-DWITH_BOOST=boost/boost_1_59_0/ \-DCMAKE_INSTALL_PREFIX=/usr/local/mysql \-DSYSCONFDIR=/etc \-DMYSQL_DATADIR=/usr/local/mysql/data \-DINSTALL_MANDIR=/usr/share/man \-DMYSQL_TCP_PORT=3306 \-DMYSQL_UNIX_ADDR=/tmp/mysql.sock \-DDEFAULT_CHARSET=utf8 \-DEXTRA_CHARSETS=all \-DDEFAULT_COLLATION=utf8_general_ci \-DWITH_READLINE=1 \-DWITH_SSL=system \-DWITH_EMBEDDED_SERVER=1 \-DENABLED_LOCAL_INFILE=1 \-DWITH_INNOBASE_STORAGE_ENGINE=15. 编译审计插件
cd plugin/server_auditmake6. 复制编译好的插件文件到 MySQL 插件目录
# 查看 MySQL 插件目录mysqlsh -uadmin2 -pL4bAWUye2A4JNN! -h localhost --sqlSHOW VARIABLES LIKE 'plugin_dir';
# 复制到插件目录chmod 755 /usr/lib64/mysql/plugin/server_audit.so7. 安装审计插件
mysqlsh -uadmin2 -pL4bAWUye2A4JNN! -h localhost --sqlINSTALL PLUGIN server_audit SONAME 'server_audit.so';8. 插件配置
相关配置参考文档:
- https://mariadb.com/kb/en/mariadb-audit-plugin-options-and-system-variables/
- https://mariadb.com/kb/en/mariadb-audit-plugin-status-variables/
- https://mariadb.com/kb/en/mariadb-audit-plugin-log-settings/
-- 查看审计插件相关全局变量SHOW GLOBAL VARIABLES LIKE '%server_audit%';
-- 开启审计日志记录SET GLOBAL server_audit_logging=on;
-- 设置审计日志文件轮转大小为 1GBSET GLOBAL server_audit_file_rotate_size=1024*1024*1024;
-- 设置审计查询日志的最大长度SET GLOBAL server_audit_query_log_limit=2048;
-- 设置审计事件类型为查询 DML 语句和连接事件SET GLOBAL server_audit_events='query_dml,connect';
-- 重新设置审计事件类型为仅连接事件SET GLOBAL server_audit_events='connect';
-- 设置审计日志文件路径SET GLOBAL server_audit_file_path='/data/mysql/logs/server_audit.log';9. 查看审计插件状态
SHOW STATUS LIKE 'server_audit%';10. 设置包含和排除的用户
-- 设置包含的用户SET GLOBAL server_audit_incl_users='user_foo, user_bar';
-- 设置排除的用户SET GLOBAL server_audit_excl_users='user_foo, user_bar';11. 删除审计插件
UNINSTALL PLUGIN server_audit;show plugins;通过以上步骤,你可以在 CentOS 7 系统上完成 audit-plugin-for-mysql 插件的编译、安装、配置和管理。