MySQL安装开源审计插件 mysql-audit
- [MySQL 5.7.38安装审计插件 mysql-audit](#MySQL 5.7.38安装审计插件 mysql-audit)
-
- 安装MySQL
-
- 1.查看Linux服务器版本和glibc版本
- 2.根据自己的系统下载对应的MySQL版本,由于mysql-audit并不支持所有版本的MySQL,所以在确定MySQL版本之前请注意下插件支持的MySQL版本
- 3.下载MySQL
- 4.安装MySQL
-
- 1.安装之前看是否安装过MySQL数据库
- 2.查看是否有MySQL依赖
- 4.检查是否有mariadb
- 5.安装mysql依赖包
- [6.解压MySQL的tar文件 安装准备](#6.解压MySQL的tar文件 安装准备)
- 7.安装MySQL
- 8.防火墙,端口开放
- 4.安装审计插件mysql-audit
-
-
- [1.审计软件我已经下载了 ,上文有下载说明](#1.审计软件我已经下载了 ,上文有下载说明)
- 2.解压软件
- 3.登录进入MySQL,找到你的插件所在目录
- [4.我们的MySQL插件目录是 /usr/local/mysql/lib/plugin/](#4.我们的MySQL插件目录是 /usr/local/mysql/lib/plugin/)
- 5.获取偏移量信息
- 6.修改MySQL配置文件
- 7.安装mysql-audit插件
- 8.连接数据库测试
-
MySQL 5.7.38安装审计插件 mysql-audit
MySQL版本众多, 同样审计的软件众多,为什么使用 mysql-audit ,原因:老外的弄得,一直在维护,支持的MySQL版本多
安装MySQL
1.查看Linux服务器版本和glibc版本
bash
[root@localhost ~]# cat /etc/centos-release
CentOS Linux release 7.9.2009 (Core)
[root@localhost ~]# ldd --version
ldd (GNU libc) 2.17
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.2.根据自己的系统下载对应的MySQL版本,由于mysql-audit并不支持所有版本的MySQL,所以在确定MySQL版本之前请注意下插件支持的MySQL版本
mysql-audit : https://github.com/trellix-enterprise/mysql-audit/releases
显示所有可用的插件 , 比如我的系统是64为的,我要用5.7.38的MySQL,我就下载对应的插件
bash
[root@localhost ~]# cd ~/Desktop/
[root@localhost Desktop]# wget https://github.com/trellix-enterprise/mysql-audit/releases/download/v1.1.13/audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip
--2024-05-15 14:08:08-- https://github.com/trellix-enterprise/mysql-audit/releases/download/v1.1.13/audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip
Resolving github.com (github.com)... 20.205.243.166
Connecting to github.com (github.com)|20.205.243.166|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/3552521/18e50e6c-aa02-413b-a796-61cbcb3ee58a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240515%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240515T060813Z&X-Amz-Expires=300&X-Amz-Signature=6d74005dbfa59d69565d309c5d7b1ef64d62811c3b715976d9506b5108c2ee83&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=3552521&response-content-disposition=attachment%3B%20filename%3Daudit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip&response-content-type=application%2Foctet-stream [following]
--2024-05-15 14:08:13-- https://objects.githubusercontent.com/github-production-release-asset-2e65be/3552521/18e50e6c-aa02-413b-a796-61cbcb3ee58a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20240515%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240515T060813Z&X-Amz-Expires=300&X-Amz-Signature=6d74005dbfa59d69565d309c5d7b1ef64d62811c3b715976d9506b5108c2ee83&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=3552521&response-content-disposition=attachment%3B%20filename%3Daudit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip&response-content-type=application%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.109.133, 185.199.108.133, 185.199.110.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.109.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 596787 (583K) [application/octet-stream]
Saving to: 'audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip'
100%[======================================>] 596,787 1.80MB/s in 0.3s
2024-05-15 14:08:14 (1.80 MB/s) - 'audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip' saved [596787/596787]
[root@localhost Desktop]#
[root@localhost Desktop]# ls -al
total 588
drwxr-xr-x. 2 root root 65 May 15 14:08 .
dr-xr-x---. 14 root root 4096 May 11 16:13 ..
-rw-r--r--. 1 root root 596787 Oct 12 2022 audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip3.下载MySQL
MySQL下载地址: https://downloads.mysql.com/archives/community/
我的服务器版本是centos7的64位操作系统, 根据自己情况选择自己的版本 ,下载选择 tar源码包
bash
[root@localhost Desktop]# wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.38-linux-glibc2.12-x86_64.tar
--2024-05-15 14:15:02-- https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.38-linux-glibc2.12-x86_64.tar
Resolving downloads.mysql.com (downloads.mysql.com)... 23.15.136.176, 2600:140b:a00:6af::2e31, 2600:140b:a00:6b2::2e31
Connecting to downloads.mysql.com (downloads.mysql.com)|23.15.136.176|:443... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://cdn.mysql.com/archives/mysql-5.7/mysql-5.7.38-linux-glibc2.12-x86_64.tar [following]
--2024-05-15 14:15:08-- https://cdn.mysql.com/archives/mysql-5.7/mysql-5.7.38-linux-glibc2.12-x86_64.tar
Resolving cdn.mysql.com (cdn.mysql.com)... 23.77.214.217, 2600:140b:a00:6a1::1d68, 2600:140b:a00:6b7::1d68
Connecting to cdn.mysql.com (cdn.mysql.com)|23.77.214.217|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 709361152 (676M) [application/x-tar]
Saving to: 'mysql-5.7.38-linux-glibc2.12-x86_64.tar'
14% [========================> ] 105,386,474 10.9MB/s eta 55s4.安装MySQL
1.安装之前看是否安装过MySQL数据库
bash
[root@localhost Desktop]# yum remove mysql
Loaded plugins: fastestmirror, langpacks
No Match for argument: mysql
No Packages marked for removal2.查看是否有MySQL依赖
bash
[root@localhost Desktop]# rpm -qa | grep mysql
[root@localhost Desktop]#若有就卸载
bash
//普通删除模式
rpm -e xxx(mysql_libs)
//强力删除模式,如果上述命令删除时,提示有依赖其他文件,则可以用该命令对其进行强力删除
rpm -e --nodeps xxx(mysql_libs)4.检查是否有mariadb
bash
[root@localhost Desktop]# rpm -qa | grep mariadb
mariadb-libs-5.5.68-1.el7.x86_64
[root@localhost Desktop]#若有就卸载
bash
[root@localhost Desktop]# rpm -qa | grep mariadb
mariadb-libs-5.5.68-1.el7.x86_64
[root@localhost Desktop]# rpm -e --nodeps mariadb-libs
[root@localhost Desktop]# rpm -e --nodeps mariadb-libs-5.5.68-1.el7.x86_64
error: package mariadb-libs-5.5.68-1.el7.x86_64 is not installed
[root@localhost Desktop]#5.安装mysql依赖包
bash
[root@localhost Desktop]# yum install libaio
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.ustc.edu.cn
* extras: mirrors.ustc.edu.cn
* updates: mirrors.ustc.edu.cn
base | 3.6 kB 00:00
extras | 2.9 kB 00:00
updates | 2.9 kB 00:00
(1/4): base/7/x86_64/group_gz | 153 kB 00:05
(2/4): extras/7/x86_64/primary_db | 253 kB 00:05
(3/4): updates/7/x86_64/primary_db | 27 MB 00:08
(4/4): base/7/x86_64/primary_db | 6.1 MB 00:11
Package libaio-0.3.109-13.el7.x86_64 already installed and latest version
Nothing to do
[root@localhost Desktop]#6.解压MySQL的tar文件 安装准备
bash
clear
[root@localhost Desktop]# tar -xvf mysql-5.7.38-linux-glibc2.12-x86_64.tar
mysql-test-5.7.38-linux-glibc2.12-x86_64.tar.gz
mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz
[root@localhost Desktop]# tar -zxvf mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz
mysql-5.7.38-linux-glibc2.12-x86_64/bin/myisam_ftdump
mysql-5.7.38-linux-glibc2.12-x86_64/bin/myisamchk
mysql-5.7.38-linux-glibc2.12-x86_64/bin/myisamlog
mysql-5.7.38-linux-glibc2.12-x86_64/bin/myisampack
.......
mysql-5.7.38-linux-glibc2.12-x86_64/support-files/mysql.server
mysql-5.7.38-linux-glibc2.12-x86_64/docs/INFO_BIN
mysql-5.7.38-linux-glibc2.12-x86_64/docs/INFO_SRC
[root@localhost Desktop]#
修改解压后路径名称
bash
[root@localhost Desktop]# ls
audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip
mysql-5.7.38-linux-glibc2.12-x86_64
mysql-5.7.38-linux-glibc2.12-x86_64.tar
mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz
mysql-test-5.7.38-linux-glibc2.12-x86_64.tar.gz
[root@localhost Desktop]# mv mysql-5.7.38-linux-glibc2.12-x86_64 mysql
[root@localhost Desktop]#
[root@localhost Desktop]#安装习惯把MySQL 移动到 /usr/local目录
bash
[root@localhost Desktop]# ls /usr/local/
bin etc games include lib lib64 libexec sbin share src
[root@localhost Desktop]#
[root@localhost Desktop]# mv mysql /usr/local/
[root@localhost Desktop]# ls /usr/local/
bin etc games include lib lib64 libexec mysql sbin share src
[root@localhost Desktop]# ls /usr/local/mysql/
bin docs include lib LICENSE man README share support-files
[root@localhost Desktop]#切换到MySQL目录 ,创建相关用户名密码
bash
[root@localhost Desktop]# cd /usr/local/mysql/
[root@localhost mysql]# pwd
/usr/local/mysql
[root@localhost mysql]# ls
bin docs include lib LICENSE man README share support-files
[root@localhost mysql]# mkdir mysqld
[root@localhost mysql]# ls
bin docs include lib LICENSE man mysqld README share support-files
[root@localhost mysql]#mysql安装目录赋予权限
bash
[root@localhost mysql]# ls
bin docs include lib LICENSE man mysqld README share support-files
[root@localhost mysql]# chmod -R 777 /usr/local/mysql/
[root@localhost mysql]# ls -al
total 272
drwxrwxrwx. 10 root root 143 May 16 18:25 .
drwxr-xr-x. 13 root root 144 May 16 18:24 ..
drwxrwxrwx. 2 root root 4096 May 16 18:19 bin
drwxrwxrwx. 2 root root 55 May 16 18:19 docs
drwxrwxrwx. 3 root root 4096 May 16 18:19 include
drwxrwxrwx. 5 root root 230 May 16 18:19 lib
-rwxrwxrwx. 1 7161 31415 259251 Mar 22 2022 LICENSE
drwxrwxrwx. 4 root root 30 May 16 18:19 man
drwxrwxrwx. 2 root root 6 May 16 18:25 mysqld
-rwxrwxrwx. 1 7161 31415 566 Mar 22 2022 README
drwxrwxrwx. 28 root root 4096 May 16 18:19 share
drwxrwxrwx. 2 root root 90 May 16 18:19 support-files
[root@localhost mysql]# pwd
/usr/local/mysql
[root@localhost mysql]#创建mysql组和用户
创建组
bash
[root@localhost mysql]#
[root@localhost mysql]# groupadd mysql
[root@localhost mysql]#创建用户(-s /bin/false参数指定mysql用户仅拥有所有权,而没有登录权限)
bash
[root@localhost mysql]#
[root@localhost mysql]# groupadd mysql
[root@localhost mysql]# useradd -r -g mysql -s /bin/false mysql
[root@localhost mysql]#
[root@localhost mysql]#将用户添加到组中
bash
[root@localhost mysql]# clear
[root@localhost mysql]#
[root@localhost mysql]# groupadd mysql
[root@localhost mysql]# useradd -r -g mysql -s /bin/false mysql
[root@localhost mysql]#
[root@localhost mysql]# chown -R mysql:mysql ./
[root@localhost mysql]# ls -al
total 272
drwxrwxrwx. 10 mysql mysql 143 May 16 18:25 .
drwxr-xr-x. 13 root root 144 May 16 18:24 ..
drwxrwxrwx. 2 mysql mysql 4096 May 16 18:19 bin
drwxrwxrwx. 2 mysql mysql 55 May 16 18:19 docs
drwxrwxrwx. 3 mysql mysql 4096 May 16 18:19 include
drwxrwxrwx. 5 mysql mysql 230 May 16 18:19 lib
-rwxrwxrwx. 1 mysql mysql 259251 Mar 22 2022 LICENSE
drwxrwxrwx. 4 mysql mysql 30 May 16 18:19 man
drwxrwxrwx. 2 mysql mysql 6 May 16 18:25 mysqld
-rwxrwxrwx. 1 mysql mysql 566 Mar 22 2022 README
drwxrwxrwx. 28 mysql mysql 4096 May 16 18:19 share
drwxrwxrwx. 2 mysql mysql 90 May 16 18:19 support-files
[root@localhost mysql]#修改 /etc/my.cnf 文件,如果没有文件就新建
bash
[root@localhost mysql]# cd /etc/
[root@localhost etc]# ls | grep my.cnf
[root@localhost etc]#
[root@localhost etc]# pwd
/etc
[root@localhost etc]# touch my.cnf
[root@localhost etc]# ls -al | grep my.cnf
-rw-r--r--. 1 root root 0 May 16 18:54 my.cnf
[root@localhost etc]#编辑 my.cnf文件
配置如下
bash
[mysqld]
# 设置3306端口
port=3306
# 设置mysql的安装目录
basedir=/usr/local/mysql
# 设置mysql数据库的数据的存放目录
datadir=/usr/local/mysql/mysqldb
# 允许最大连接数
max_connections=10000
# 允许连接失败的次数。这是为了防止有人从该主机试图攻击数据库系统
max_connect_errors=10
# 服务端使用的字符集默认为UTF8
character-set-server=utf8
# 创建新表时将使用的默认存储引擎
default-storage-engine=INNODB
# 默认使用"mysql_native_password"插件认证
default_authentication_plugin=mysql_native_password
[mysql]
# 设置mysql客户端默认字符集
default-character-set=utf8
[client]
# 设置mysql客户端连接服务端时默认使用的端口
port=3306
default-character-set=utf87.安装MySQL
进入MySQL的bin目录
bash
[root@localhost etc]# cd /usr/local/mysql/bin/
[root@localhost bin]# pwd
/usr/local/mysql/bin安装mysql,并记住初始化随机密码
bash
[root@localhost bin]# ./mysqld --initialize --console
2024-05-16T10:57:55.645402Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2024-05-16T10:57:55.899299Z 0 [Warning] InnoDB: New log files created, LSN=45790
2024-05-16T10:57:55.934999Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2024-05-16T10:57:56.008700Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 2683643d-1373-11ef-b486-000c29193667.
2024-05-16T10:57:56.011251Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2024-05-16T10:57:56.161299Z 0 [Warning] A deprecated TLS version TLSv1 is enabled. Please use TLSv1.2 or higher.
2024-05-16T10:57:56.161325Z 0 [Warning] A deprecated TLS version TLSv1.1 is enabled. Please use TLSv1.2 or higher.
2024-05-16T10:57:56.161696Z 0 [Warning] CA certificate ca.pem is self signed.
2024-05-16T10:57:56.192763Z 1 [Note] A temporary password is generated for root@localhost: ..g0Xl1wB8u.
[root@localhost bin]#注意这一行
bash
[Note] A temporary password is generated for root@localhost: ..g0Xl1wB8u. 说明我的默认密码是 ,注意是 localhost冒号后面的
...g0Xl1wB8u.
启动mysql服务,切换目录,给权限
bash
[root@localhost bin]# cd /usr/local/mysql/support-files
[root@localhost support-files]# chmod -R 777 /usr/local/mysql
[root@localhost support-files]#
[root@localhost support-files]#启动MySQL
bash
[root@localhost bin]# cd /usr/local/mysql/support-files
[root@localhost support-files]# chmod -R 777 /usr/local/mysql
[root@localhost support-files]#
[root@localhost support-files]# ./mysql.server start
Starting MySQL.Logging to '/usr/local/mysql/mysqldb/localhost.localdomain.err'.
SUCCESS!
[root@localhost support-files]#将mysql添加到系统进程中, 就可以使用服务进程操作mysql了
bash
[root@localhost support-files]# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[root@localhost support-files]#设置mysql自启动
bash
[root@localhost support-files]# chmod +x /etc/init.d/mysqld
[root@localhost support-files]# systemctl enable mysqld
mysqld.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig mysqld on
[root@localhost support-files]#修改root用户登录密码,密码就是上面的随机字符串 ,我的是 ...g0Xl1wB8u. 每个人随机的都不一样
bash
[root@localhost bin]# pwd
/usr/local/mysql/bin
[root@localhost bin]# ./mysql -u root -p
[root@localhost bin]# ./mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.38
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>修改密码为123456
bash
mysql> alter user 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '123456';
Query OK, 0 rows affected (0.00 sec)
mysql>
mysql>允许远程登录 ,并 刷新
bash
mysql>
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'IDENTIFIED BY '123456' WITH GRANT OPTION;
Query OK, 0 rows affected, 1 warning (0.01 sec)
mysql>
mysql> FLUSH PRIVILEGES ;
Query OK, 0 rows affected (0.01 sec)
mysql>
mysql> quit
Bye
[root@localhost bin]#
[root@localhost bin]#重启服务且测试
命令1:systemctl restart mysql
命令2: service mysql restart
两条命令都可以重启MySQL
bash
[root@localhost bin]#
[root@localhost bin]# service mysql restart
Redirecting to /bin/systemctl restart mysql.service
[root@localhost bin]#查看MySQL启动状态
bash
[root@localhost bin]#
[root@localhost bin]# cd ~/Desktop/
[root@localhost Desktop]# systemctl status mysql
● mysqld.service - LSB: start and stop MySQL
Loaded: loaded (/etc/rc.d/init.d/mysqld; bad; vendor preset: disabled)
Active: active (exited) since Thu 2024-05-16 19:11:41 CST; 1min 55s ago
Docs: man:systemd-sysv-generator(8)
Process: 4310 ExecStart=/etc/rc.d/init.d/mysqld start (code=exited, status=0/SUCCESS)
May 16 19:11:41 localhost.localdomain systemd[1]: Starting LSB: start and stop MySQL...
May 16 19:11:41 localhost.localdomain mysqld[4310]: Starting MySQL SUCCESS!
May 16 19:11:41 localhost.localdomain systemd[1]: Started LSB: start and stop MySQL.
May 16 19:11:42 localhost.localdomain mysqld[4310]: 2024-05-16T11:11:42.026045Z mysqld_safe A mysqld process already exists
[root@localhost Desktop]#
8.防火墙,端口开放
查看所有端口
bash
[root@localhost Desktop]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
[root@localhost Desktop]#开放3306端口 , --permanent 永久生效
bash
[root@localhost Desktop]# firewall-cmd --zone=public --add-port=3306/tcp --permanent
success
[root@localhost Desktop]#
[root@localhost Desktop]# firewall-cmd --reload
success看下自己的IP,连接测试
bash
[root@localhost Desktop]# ifconfig | grep 192
inet 192.168.1.106 netmask 255.255.255.0 broadcast 192.168.1.255
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
4.安装审计插件mysql-audit
1.审计软件我已经下载了 ,上文有下载说明
bash
[root@localhost Desktop]# ls -l | grep aud
-rw-r--r--. 1 root root 596787 Oct 12 2022 audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip
[root@localhost Desktop]#
[root@localhost Desktop]#
[root@localhost Desktop]# pwd
/root/Desktop2.解压软件
bash
[root@localhost Desktop]# unzip audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip
Archive: audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip
creating: audit-plugin-mysql-5.7-1.1.13-1008/
creating: audit-plugin-mysql-5.7-1.1.13-1008/lib/
inflating: audit-plugin-mysql-5.7-1.1.13-1008/lib/libaudit_plugin.so
inflating: audit-plugin-mysql-5.7-1.1.13-1008/COPYING
inflating: audit-plugin-mysql-5.7-1.1.13-1008/THIRDPARTY.txt
inflating: audit-plugin-mysql-5.7-1.1.13-1008/README.txt
inflating: audit-plugin-mysql-5.7-1.1.13-1008/plugin-name.txt
creating: audit-plugin-mysql-5.7-1.1.13-1008/utils/
inflating: audit-plugin-mysql-5.7-1.1.13-1008/utils/offset-extract.sh
[root@localhost Desktop]#3.登录进入MySQL,找到你的插件所在目录
bash
[root@localhost Desktop]# pwd
/root/Desktop
[root@localhost Desktop]# cd /usr/local/mysql/bin/
[root@localhost bin]# ./mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.38 MySQL Community Server (GPL)
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
mysql> show global variables like 'plugin_dir';
+---------------+------------------------------+
| Variable_name | Value |
+---------------+------------------------------+
| plugin_dir | /usr/local/mysql/lib/plugin/ |
+---------------+------------------------------+
1 row in set (0.01 sec)
mysql>4.我们的MySQL插件目录是 /usr/local/mysql/lib/plugin/
把插件复制到MySQL的插件目录,并修改权限和所有者
bash
mysql>
mysql> quit
Bye
[root@localhost bin]# cd ~/Desktop/audit-plugin-mysql-5.7-1.1.13-1008/lib/
[root@localhost lib]#
[root@localhost lib]# cp libaudit_plugin.so /usr/local/mysql/lib/plugin/
[root@localhost lib]# chmod +x /usr/local/mysql/lib/plugin/libaudit_plugin.so
[root@localhost lib]# chown mysql:mysql /usr/local/mysql/lib/plugin/libaudit_plugin.so
[root@localhost lib]#
[root@localhost lib]#5.获取偏移量信息
找到自己的mysqld 文件,可使用 whereis mysqld
但是我们是源码包安装的 mysqld 位置 : /usr/local/mysql/bin/
bash
[root@localhost Desktop]# pwd
/root/Desktop
[root@localhost Desktop]# ls /usr/local/mysql/bin/ | grep mysqld
mysqld
mysqld-debug
mysqld_multi
mysqld_safe
mysqldump
mysqldumpslow
[root@localhost Desktop]#进入插件的解压目录 ,添加权限,然后获取数值
bash
[root@localhost Desktop]# cd audit-plugin-mysql-5.7-1.1.13-1008/utils/
[root@localhost utils]# ls -al
total 8
drwxr-xr-x. 2 root root 31 Sep 6 2022 .
drwxr-xr-x. 4 root root 108 Sep 6 2022 ..
-rw-r--r--. 1 root root 4726 Sep 6 2022 offset-extract.sh
[root@localhost utils]# chmod +x offset-extract.sh
[root@localhost utils]#
[root@localhost utils]# ls -al
total 8
drwxr-xr-x. 2 root root 31 Sep 6 2022 .
drwxr-xr-x. 4 root root 108 Sep 6 2022 ..
-rwxr-xr-x. 1 root root 4726 Sep 6 2022 offset-extract.sh
[root@localhost utils]# ./offset-extract.sh /usr/local/mysql/bin/mysqld
//offsets for: /usr/local/mysql/bin/mysqld (5.7.38)
{"5.7.38","adf0327064da666263ab1ba6b3cf55bb", 7832, 7880, 3640, 4800, 456, 360, 0, 32, 64, 160, 544, 7996, 4368, 3648, 3656, 3660, 6080, 2072, 8, 7064, 7104, 7088, 13480, 148, 672, 0},
[root@localhost utils]#6.修改MySQL配置文件
bash
[root@localhost utils]# cd /etc/
[root@localhost etc]# vim my.cnf
这是我的my.cnf完整配置
bash
[root@localhost etc]# cat my.cnf
[mysqld]
# 设置3306端口
port=3306
# 设置mysql的安装目录
basedir=/usr/local/mysql
# 设置mysql数据库的数据的存放目录
datadir=/usr/local/mysql/mysqldb
# 允许最大连接数
max_connections=10000
# 允许连接失败的次数。这是为了防止有人从该主机试图攻击数据库系统
max_connect_errors=10
# 服务端使用的字符集默认为UTF8
character-set-server=utf8
# 创建新表时将使用的默认存储引擎
default-storage-engine=INNODB
# 默认使用"mysql_native_password"插件认证
default_authentication_plugin=mysql_native_password
#审计offsets 不要乱配置
audit_offsets=7832, 7880, 3640, 4800, 456, 360, 0, 32, 64, 160, 544, 7996, 4368, 3648, 3656, 3660, 6080, 2072, 8, 7064, 7104, 7088, 13480, 148, 672, 0
#审计操作命令
# 如果不指定audit_record_cmds,所有DDL,DML全记录
audit_record_cmds='select,insert,delete,update,create,drop,alter,grant,truncate'
#审计开关
audit_json_file=on
#加载审计第三方库
plugin-load=AUDIT=libaudit_plugin.so
#审计日志路径
audit_json_log_file=/var/log/mysql_audit.json
[mysql]
# 设置mysql客户端默认字符集
default-character-set=utf8
[client]
# 设置mysql客户端连接服务端时默认使用的端口
port=3306
default-character-set=utf8
[root@localhost etc]#7.安装mysql-audit插件
连接MySQL数据库 ,并查看安装的所有插件
bash
[root@localhost log]# cd ~/Desktop/
[root@localhost Desktop]# cd /usr/local/mysql/bin/
[root@localhost bin]# ./mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.38 MySQL Community Server (GPL)
Copyright (c) 2000, 2022, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show plugins;
+----------------------------+----------+--------------------+---------+---------+
| Name | Status | Type | Library | License |
+----------------------------+----------+--------------------+---------+---------+
| binlog | ACTIVE | STORAGE ENGINE | NULL | GPL |
| mysql_native_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| sha256_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| MRG_MYISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| CSV | ACTIVE | STORAGE ENGINE | NULL | GPL |
| InnoDB | ACTIVE | STORAGE ENGINE | NULL | GPL |
| INNODB_TRX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCKS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCK_WAITS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE_LRU | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_POOL_STATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_TEMP_TABLE_INFO | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_METRICS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DEFAULT_STOPWORD | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_BEING_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_CONFIG | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_CACHE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_TABLE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESTATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_INDEXES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_COLUMNS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FIELDS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN_COLS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESPACES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_DATAFILES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_VIRTUAL | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| MyISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| PERFORMANCE_SCHEMA | ACTIVE | STORAGE ENGINE | NULL | GPL |
| MEMORY | ACTIVE | STORAGE ENGINE | NULL | GPL |
| FEDERATED | DISABLED | STORAGE ENGINE | NULL | GPL |
| BLACKHOLE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| partition | ACTIVE | STORAGE ENGINE | NULL | GPL |
| ARCHIVE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| ngram | ACTIVE | FTPARSER | NULL | GPL |
+----------------------------+----------+--------------------+---------+---------+
44 rows in set (0.00 sec)
mysql>安装mysql-audit
bash
mysql> install plugin audit soname 'libaudit_plugin.so';
Query OK, 0 rows affected (0.36 sec)
mysql>
mysql> show plugins;
+----------------------------+----------+--------------------+--------------------+---------+
| Name | Status | Type | Library | License |
+----------------------------+----------+--------------------+--------------------+---------+
| binlog | ACTIVE | STORAGE ENGINE | NULL | GPL |
| mysql_native_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| sha256_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| MRG_MYISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| CSV | ACTIVE | STORAGE ENGINE | NULL | GPL |
| InnoDB | ACTIVE | STORAGE ENGINE | NULL | GPL |
| INNODB_TRX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCKS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCK_WAITS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE_LRU | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_POOL_STATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_TEMP_TABLE_INFO | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_METRICS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DEFAULT_STOPWORD | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_BEING_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_CONFIG | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_CACHE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_TABLE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESTATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_INDEXES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_COLUMNS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FIELDS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN_COLS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESPACES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_DATAFILES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_VIRTUAL | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| MyISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| PERFORMANCE_SCHEMA | ACTIVE | STORAGE ENGINE | NULL | GPL |
| MEMORY | ACTIVE | STORAGE ENGINE | NULL | GPL |
| FEDERATED | DISABLED | STORAGE ENGINE | NULL | GPL |
| BLACKHOLE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| partition | ACTIVE | STORAGE ENGINE | NULL | GPL |
| ARCHIVE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| ngram | ACTIVE | FTPARSER | NULL | GPL |
| AUDIT | ACTIVE | AUDIT | libaudit_plugin.so | GPL |
+----------------------------+----------+--------------------+--------------------+---------+
45 rows in set (0.01 sec)
mysql>我们发现插件已经成功安装
bash
| AUDIT | ACTIVE | AUDIT | libaudit_plugin.so | GPL |开启audit功能
bash
mysql> SET GLOBAL audit_json_file=ON;
Query OK, 0 rows affected (0.00 sec)
mysql>查看audit配置,包括mysql_audit.json存储路径
bash
mysql> show variables like '%audit%'\G;
*************************** 1. row ***************************
Variable_name: audit_before_after
Value: after
*************************** 2. row ***************************
Variable_name: audit_checksum
Value:
*************************** 3. row ***************************
Variable_name: audit_client_capabilities
Value: OFF
*************************** 4. row ***************************
Variable_name: audit_delay_cmds
Value:
*************************** 5. row ***************************
Variable_name: audit_delay_ms
Value: 0
*************************** 6. row ***************************
Variable_name: audit_force_record_logins
Value: OFF
*************************** 7. row ***************************
Variable_name: audit_header_msg
Value: ON
*************************** 8. row ***************************
Variable_name: audit_json_file
Value: ON
*************************** 9. row ***************************
Variable_name: audit_json_file_bufsize
Value: 1
*************************** 10. row ***************************
Variable_name: audit_json_file_flush
Value: OFF
*************************** 11. row ***************************
Variable_name: audit_json_file_retry
Value: 60
*************************** 12. row ***************************
Variable_name: audit_json_file_sync
Value: 0
*************************** 13. row ***************************
Variable_name: audit_json_log_file
Value: /var/log/mysql_audit.json
*************************** 14. row ***************************
Variable_name: audit_json_socket
Value: OFF
*************************** 15. row ***************************
Variable_name: audit_json_socket_name
Value: /var/run/db-audit/mysql.audit__usr_local_mysql_mysqldb_3306
*************************** 16. row ***************************
Variable_name: audit_json_socket_retry
Value: 10
*************************** 17. row ***************************
Variable_name: audit_json_socket_write_timeout
Value: 1000
*************************** 18. row ***************************
Variable_name: audit_offsets
Value: 7832, 7880, 3640, 4800, 456, 360, 0, 32, 64, 160, 544, 7996, 4368, 3648, 3656, 3660, 6080, 2072, 8, 7064, 7104, 7088, 13480, 148, 672, 0
*************************** 19. row ***************************
Variable_name: audit_offsets_by_version
Value: ON
*************************** 20. row ***************************
Variable_name: audit_password_masking_cmds
Value: CREATE_USER,GRANT,SET_OPTION,SLAVE_START,CREATE_SERVER,ALTER_SERVER,CHANGE_MASTER,UPDATE
*************************** 21. row ***************************
Variable_name: audit_password_masking_regex
Value: identified(?:/\*.*?\*/|\s)*?by(?:/\*.*?\*/|\s)*?(?:password)?(?:/\*.*?\*/|\s)*?['|"](?<psw>.*?)(?<!\\)['|"]|password(?:/\*.*?\*/|\s)*?\((?:/\*.*?\*/|\s)*?['|"](?<psw>.*?)(?<!\\)['|"](?:/\*.*?\*/|\s)*?\)|password(?:/\*.*?\*/|\s)*?(?:for(?:/\*.*?\*/|\s)*?\S+?)?(?:/\*.*?\*/|\s)*?=(?:/\*.*?\*/|\s)*?['|"](?<psw>.*?)(?<!\\)['|"]|password(?:/\*.*?\*/|\s)*?['|"](?<psw>.*?)(?<!\\)['|"]
*************************** 22. row ***************************
Variable_name: audit_record_cmds
Value: select,insert,delete,update,create,drop,alter,grant,truncate
*************************** 23. row ***************************
Variable_name: audit_record_objs
Value:
*************************** 24. row ***************************
Variable_name: audit_sess_connect_attrs
Value: ON
*************************** 25. row ***************************
Variable_name: audit_socket_creds
Value: ON
*************************** 26. row ***************************
Variable_name: audit_uninstall_plugin
Value: OFF
*************************** 27. row ***************************
Variable_name: audit_validate_checksum
Value: ON
*************************** 28. row ***************************
Variable_name: audit_validate_offsets_extended
Value: ON
*************************** 29. row ***************************
Variable_name: audit_whitelist_cmds
Value: BEGIN,COMMIT,PING
*************************** 30. row ***************************
Variable_name: audit_whitelist_users
Value:
30 rows in set (0.01 sec)
ERROR:
No query specified
mysql>安装完成后,重启MySQL服务器
bash
ERROR:
No query specified
mysql> quit
Bye
[root@localhost bin]# service mysqld restart
Shutting down MySQL.. SUCCESS!
Starting MySQL.. SUCCESS!
[root@localhost bin]#
8.连接数据库测试
我在这里添加了两条数据
bash
[root@localhost Desktop]# cd /var/log/
[root@localhost log]# ls | grep mysql_audit.json
[root@localhost log]#
[root@localhost log]# ls | grep mysql_audit.json
[root@localhost log]#
[root@localhost log]#
[root@localhost log]#
[root@localhost log]#但是我到这个目录下,找不到 mysql_audit.json
我们只需要把这个文件创建出来,然后修改所有者和所属组就可以了
bash
[root@localhost log]# ls | grep mysql_audit.json
[root@localhost log]#
[root@localhost log]#
[root@localhost log]# touch mysql_audit.json
[root@localhost log]#
[root@localhost log]# chown mysql:mysql mysql_audit.json
[root@localhost log]# tail -f mysql_audit.json
{"msg-type":"header","date":"1715911942350","audit-version":"1.1.13-1008","audit-protocol-version":"1.0","hostname":"localhost.localdomain","mysql-version":"5.7.38","mysql-program":"/usr/local/mysql/bin/mysqld","mysql-socket":"/tmp/mysql.sock","mysql-port":"3306","server_pid":"5528"}
{"msg-type":"activity","date":"1715911942350","thread-id":"3","query-id":"75","user":"root","priv_user":"root","ip":"192.168.1.104","host":"192.168.1.104","_os":"Windows","_client_name":"libmariadb","_pid":"14792","_thread":"15300","_platform":"AMD64","_client_version":"3.2.3","_server_host":"192.168.1.106","rows":"1","status":"0","cmd":"insert","objects":[{"db":"test","name":"tb_test_h1","obj_type":"TABLE"}],"query":"INSERT INTO `test`.`tb_test_h1` (`id`, `name`, `value`, `age`, `leven`) VALUES (3, 'teww', 'fwer', 23, 'fafaw')"}
{"msg-type":"activity","date":"1715911942351","thread-id":"3","query-id":"76","user":"root","priv_user":"root","ip":"192.168.1.104","host":"192.168.1.104","_os":"Windows","_client_name":"libmariadb","_pid":"14792","_thread":"15300","_platform":"AMD64","_client_version":"3.2.3","_server_host":"192.168.1.106","rows":"1","status":"0","cmd":"select","objects":[{"db":"test","name":"tb_test_h1","obj_type":"TABLE"}],"query":"SELECT * FROM `test`.`tb_test_h1` WHERE `id` = 3"}