mysql 5.7添加server_audit 安全审计功能
source link: http://www.cnblogs.com/shanfenglang/p/14020160.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
一、根据链接下载插件
参考链接下载 http://blog.itpub.net/31441024/viewspace-2213103
liunx执行
wget https://mirrors.tuna.tsinghua.edu.cn/mariadb//mariadb-10.5.3/bintar-linux-x86_64/mariadb-10.5.3-linux-x86_64.tar.gz (附件1)
二、根据链接执行命令 第1-5步
https://blog.csdn.net/skygm/article/details/90288734
6 脚本需要翻墙,翻墙后复制到本地另存为offest-extract.sh 上传到数据库服务器,执行 sed -i 's/\r$//' offest-extract.sh (附件2)
不执行会报错。原因:文件在Windows 下编辑过,在Windows下每一行结尾是\n\r,而Linux下则是\n,会有多出来的\r。
加上可执行权限: chmod a+x offset-extract.sh
执行: offset-extract.sh /usr/sbin/mysqld
执行报错:linux gdb command not found 错误 解决方法:yum -y install gdb
执行成功后会出现如下信息:
{"5.7.24","ae633eb887552a3bbb5db3a1eea73d48", 76992, 7040, 4000, 4520, 72, 2704, 96, 0, 32, 104, 136, 7128, 4392, 2800, 2808, 2812, 536, 0, 0, 6360, 6384, 6368, 13048, 548, 516},
然后在配置文件 /etc/my.cnf 中添加:
audit_offsets=6992, 7040, 4000, 4520, 72, 2704, 96, 0, 32, 104, 136, 7128, 4392, 2800, 2808, 2812, 536, 0, 0, 6360, 6384, 6368, 13048, 548, 516(除了开头的7不对应,其他数字都是一样的)
重启mysql服务 service mysqld restart
验证插件是否安装成功
show plugins;
三、根据链接最后的推荐设置在/etc/my.cfg 上配置
audit_json_file=on :保证mysql重启后自动启动插件
plugin-load=AUDIT=libaudit_plugin.so :防止删除了插件,重启后又会加载
audit_record_cmds='insert,delete,update,create,drop,alter,grant,truncate' :要记录哪些命令语句,默认记录所有操作;
四 验证
附件1 https://wws.lanzous.com/iT0hxinkh5i
附件2 https://wws.lanzous.com/iRgfDinki7g 重命名文件名去掉rar
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK