centos中安装mysql插件server_audit.so
1:下载server_audit.so
cd /usr/local/src wget https://downloads.mariadb.com/MariaDB/mariadb-10.1.23/bintar-linux-x86_64/mariadb-10.1.23-linux-x86_64.tar.gz
2:移动插件并赋权
tar zxf mariadb-10.1.23-linux-x86_64.tar.gz cd mariadb-10.1.23-linux-x86_64 cp lib/plugin/server_audit.so /usr/local/mysql/lib/plugin/ cd /usr/local/mysql/lib/plugin/ chown -R mysql:mysql server_audit.so chmod 755 server_audit.so
3:安装插件
[root@centos7-1 plugin]# mysql -u root -p Enter password: .......... .......... mysql> install plugin server_audit soname 'server_audit.so'; Query OK, 0 rows affected (0.00 sec) mysql> show variables like '%audit%'; +-------------------------------+-----------------------+ | Variable_name | Value | +-------------------------------+-----------------------+ | server_audit_events | | | server_audit_excl_users | | | server_audit_file_path | server_audit.log | | server_audit_file_rotate_now | OFF | | server_audit_file_rotate_size | 1000000 | | server_audit_file_rotations | 9 | | server_audit_incl_users | | | server_audit_loc_info | | | server_audit_logging | OFF | | server_audit_mode | 1 | | server_audit_output_type | file | | server_audit_query_log_limit | 1024 | | server_audit_syslog_facility | LOG_USER | | server_audit_syslog_ident | mysql-server_auditing | | server_audit_syslog_info | | | server_audit_syslog_priority | LOG_INFO | +-------------------------------+-----------------------+ 16 rows in set (0.00 sec)
4:临时开启审计插件
mysql> set global server_audit_logging=on; Query OK, 0 rows affected (0.00 sec) mysql> set global server_audit_file_path='/usr/local/mysql/var/server_audit.log'; Query OK, 0 rows affected (0.00 sec) mysql> set GLOBAL server_audit_file_rotations=10; Query OK, 0 rows affected (0.00 sec) mysql> set GLOBAL server_audit_file_rotate_size=1073741824; Query OK, 0 rows affected (0.00 sec) mysql> show variables like '%audit%'; +-------------------------------+---------------------------------------+ | Variable_name | Value | +-------------------------------+---------------------------------------+ | server_audit_events | | | server_audit_excl_users | | | server_audit_file_path | /usr/local/mysql/var/server_audit.log | | server_audit_file_rotate_now | OFF | | server_audit_file_rotate_size | 1073741824 | | server_audit_file_rotations | 10 | | server_audit_incl_users | | | server_audit_loc_info | | | server_audit_logging | ON | | server_audit_mode | 1 | | server_audit_output_type | file | | server_audit_query_log_limit | 1024 | | server_audit_syslog_facility | LOG_USER | | server_audit_syslog_ident | mysql-server_auditing | | server_audit_syslog_info | | | server_audit_syslog_priority | LOG_INFO | +-------------------------------+---------------------------------------+ 16 rows in set (0.00 sec)
5:永久开启审计插件
[root@centos7-1 plugin]# cat /etc/my.cnf [client] #password = your_password port = 3306 socket = /tmp/mysql.sock [mysqld] ........ ........ #在[mysqld]标签下添加: server_audit_logging=ON server_audit_file_path=/usr/local/mysql/var/server_audit.log server_audit=FORCE_PLUS_PERMANENT # 防止审计插件被卸载 server_audit_file_rotate_size=1G server_audit_file_rotations=10 ......... .........
修改完成后记得要重启数据库
[root@centos7-1 plugin]# /etc/init.d/mysql restart Shutting down MySQL.. SUCCESS! Starting MySQL.. SUCCESS!
6:查看审计日志
[root@centos7-1 plugin]# cat /usr/local/mysql/var/server_audit.log 20230113 17:11:48,centos7-1,root,localhost,1,3,QUERY,,'set global server_audit_logging=on',0 20230113 17:11:48,centos7-1,root,localhost,1,4,QUERY,,'set global server_audit_file_path=\'/usr/local/mysql/var/server_audit.log\'',0 20230113 17:11:48,centos7-1,root,localhost,1,4,QUERY,,'set global server_audit_file_path=\'/usr/local/mysql/var/server_audit.log\'',0 20230113 17:11:48,centos7-1,root,localhost,1,5,QUERY,,'set GLOBAL server_audit_file_rotations=10',0 20230113 17:11:49,centos7-1,root,localhost,1,6,QUERY,,'set GLOBAL server_audit_file_rotate_size=1073741824',0 20230113 17:11:53,centos7-1,root,localhost,1,7,QUERY,,'show variables like \'%audit%\'',0 20230113 17:12:17,centos7-1,root,localhost,1,0,DISCONNECT,,,0 [root@centos7-1 plugin]# tail -f /usr/local/mysql/var/server_audit.log 20230113 17:11:48,centos7-1,root,localhost,1,3,QUERY,,'set global server_audit_logging=on',0 20230113 17:11:48,centos7-1,root,localhost,1,4,QUERY,,'set global server_audit_file_path=\'/usr/local/mysql/var/server_audit.log\'',0 20230113 17:11:48,centos7-1,root,localhost,1,4,QUERY,,'set global server_audit_file_path=\'/usr/local/mysql/var/server_audit.log\'',0 20230113 17:11:48,centos7-1,root,localhost,1,5,QUERY,,'set GLOBAL server_audit_file_rotations=10',0 20230113 17:11:49,centos7-1,root,localhost,1,6,QUERY,,'set GLOBAL server_audit_file_rotate_size=1073741824',0 20230113 17:11:53,centos7-1,root,localhost,1,7,QUERY,,'show variables like \'%audit%\'',0 20230113 17:12:17,centos7-1,root,localhost,1,0,DISCONNECT,,,0 20230113 17:15:00,centos7-1,root,localhost,1,0,CONNECT,,,0 20230113 17:15:00,centos7-1,root,localhost,1,1,QUERY,,'select @@version_comment limit 1',0 20230113 17:15:17,centos7-1,root,localhost,1,2,QUERY,,'create database test1',0 20230113 17:15:21,centos7-1,root,localhost,1,3,QUERY,,'create database test2',0 20230113 17:15:27,centos7-1,root,localhost,1,4,QUERY,,'drop database test1',0 20230113 17:15:27,centos7-1,root,localhost,1,5,QUERY,,'SELECT DATABASE()',0
至此已经安装完成了!
