近期,公司要求对MySQL 数据库上操作进行审计;通过了解MySQL 官方企业版(付费版)本中集成了audit_log审计插件,
但是社区开源版本中并不包含该插件,也没提供下载。
进一步了解 MariaDB 有一个名为server_audit.so审计插件,据传以前是可以独立下载的。
但是我在官网没找到下载链接,索性下载一个MariaDB 5.5.50 的二进制安装包,解压后从中捞一个 server_audit.so 文件,
1.登录数据库,查看plugin_dir目录
mysql> SHOW GLOBAL VARIABLES LIKE ‘plugin_dir‘;
+---------------------+-----------------------------------------------------------------------------------------+
| Variable_name | Value |
+---------------------+------------------------------------------------------------------------------------------+
| plugin_dir | /usr/local/Percona-Server-5.5.33-rel31.1-566.Linux.x86_64/lib/mysql/plugin/ |
+---------------+------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
2.移动server_audit.so到plugin目录中,然后修改文件授权
mv server_audit.so /usr/local/Percona-Server-5.5.33-rel31.1-566.Linux.x86_64/lib/mysql/plugin/
chown mysql.mysql /usr/local/Percona-Server-5.5.33-rel31.1-566.Linux.x86_64/lib/mysql/plugin/server_audit.so
chmod 755 /usr/local/Percona-Server-5.5.33-rel31.1-566.Linux.x86_64/lib/mysql/plugin/server_audit.so
3、加载安装该插件
mysql> install plugin server_audit SONAME ‘server_audit.so‘;
Query OK, 0 rows affected (0.02 sec)
不需要重启MySQL服务!
mysql> select * from mysql.plugin;
+---------------+--------------------+
| name | dl |
+---------------+--------------------+
| server_audit | server_audit.so |
+---------------+--------------------+
1 row in set (0.00 sec)
另一种安装方法是修改配置,需要重启mysql服务才能生效
[mysqld]
plugin-load=server_audit=server_audit.so
重启MySQL服务!
这种安装方式不会在 mysql.plugin 生成记录
mysql> select * from mysql.plugin;
Empty set (0.00 sec)
4.查看server_audit的相关变量,并启用审计功能
mysql> show global variables like ‘%server_audit%‘;
+----------------------------------+----------------------------+
| Variable_name | Value |
+----------------------------------+----------------------------+
| server_audit_events | |
| server_audit_excl_users | |
| server_audit_file_path | server_audit.log |
| server_audit_file_rotate_now | OFF |
| server_audit_file_rotate_size | 1000000 |
| server_audit_file_rotations | 9 |
| server_audit_incl_users | |
| server_audit_loc_info | OOOOOOOOOO |
| server_audit_logging | OFF |
| server_audit_mode | 1 |
| server_audit_output_type | file |
| server_audit_query_log_limit | 1024 |
| server_audit_syslog_facility | LOG_USER |
| server_audit_syslog_ident | mysql-server_auditing |
| server_audit_syslog_info | |
| server_audit_syslog_priority | LOG_INFO |
+-------------------------------+--------------------------------+
14 rows in set (0.00 sec)
server_audit_logging定义是否开启,
server_audit_events定义了相关事件
常用审计事件有CONNECTION,QUERY,TABLE,QUERY_DDL,QUERY_DML
假设现在需要审计查询执行情况.
mysql> set global server_audit_events=‘QUERY‘;
Query OK, 0 rows affected (0.00 sec)
mysql> set global server_audit_LOGGING=‘ON‘;
Query OK, 0 rows affected (0.00 sec)
5.在数据库上执行查询操作,即可在server_audit.log 中看到详细的记录信息,server_audit.log文件默认位于datadir 目录下
20160811 16:11:40,ouzhou158,root,localhost,1872,7,QUERY,,‘SHOW GLOBAL VARIABLES LIKE \‘plugin_dir\‘‘,0
分别对应时间,服务器名,发布sql的用户名,主机,连接号,操作类型,语句文本和查询执行是否成功
关于审计相关的选项说明,可以参考下面的链接
https://mariadb.com/kb/en/mariadb/server_audit-system-variables/