碼上快樂

相關內容    簡體    繁體

等保審核 --- MySQL操作審計記錄

本文轉載自   查看原文   2020-09-02 13:35   520    運維安全

環境介紹

系統版本: Centos 7

MySQL版本: 5.7.19

架構: 主從架構

審計插件: audit-plugin-mysql-5.7-1.1.6-784-linux-x86_64.zip 

 

操作過程:

1). 安裝MySQL 5.7.19與線上版本同步;

2). 安裝Audit審計插件;

3). 開啟Audit審計插件功能;

4). 配置就算重啟數據庫后依然會自動開啟Audit;

 

配置說明:

1). /usr/local/mysql/data/mysql-audit.json為數據庫的數據存儲(data)目錄,名稱默認為此;

 

一、安裝數據庫
過程省略

二、安裝Audit審計插件;

mysql> show variables like 'plugin_dir'
+---------------+------------------------------+
| Variable_name | Value |
+---------------+------------------------------+
| plugin_dir | /usr/local/mysql/lib/plugin/ |
+---------------+------------------------------+
~]# unzip audit-plugin-mysql-5.7-1.1.6-784-linux-x86_64.zip
~]# cd audit-plugin-mysql-5.7-1.1.6-784-linux-x86_64/lib
lib]# cp libaudit_plugin.so /usr/local/mysql/lib/plugin/
lib]# cd /usr/local/mysql/lib/plugin/
lib]# chmod 755 libaudit_plugin.so
mysql> install plugin AUDIT soname 'libaudit_plugin.so';
mysql> show plugins;
....
AUDIT | ACTIVE | AUDIT | libaudit_plugin.so | GPL
....

# 查看插件版本
mysql> show global status like '%audit%';
+------------------------+-----------+
| Variable_name | Value |
+------------------------+-----------+
| Audit_protocol_version | 1.0 |
| Audit_version | 1.1.6-784 |
+------------------------+-----------+

 

三、 開啟Audit審計插件功能;

# 檢查插件功能是否開啟
mysql> show variables like '%audit_json_file%';
+-------------------------+-------+
| Variable_name | Value |
+-------------------------+-------+
| audit_json_file | OFF |
| audit_json_file_bufsize | 1 |
| audit_json_file_flush | OFF |
| audit_json_file_retry | 60 |
| audit_json_file_sync | 0 |
+-------------------------+-------+

# 開啟插件服務
mysql> set global audit_json_file=1;

# 再次檢查
mysql> show variables like '%audit_json_file%';
+-------------------------+-------+
| Variable_name | Value |
+-------------------------+-------+
| audit_json_file | ON |
| audit_json_file_bufsize | 1 |
| audit_json_file_flush | OFF |
| audit_json_file_retry | 60 |
| audit_json_file_sync | 0 |
+-------------------------+-------+

# 執行些SQL檢查是否會記錄;
mysql> show databases;
+--------------------+
| information_schema |
| menagerie |
| mysql |
| performance_schema |
| sys |
+--------------------+

# 查看日志是否有所記錄
~]#    cat /usr/local/mysql/data/mysql-audit.json
{
"msg-type": "activity",
"date": "1598594856485",
"thread-id": "5",
"query-id": "37",
"user": "root",
"priv_user": "root",
"ip": "",
"host": "localhost",
"connect_attrs": {
"_os": "linux -
glibc2 .12 ","
_client_name ":"
libmysql ","
_pid ":"
21846 ","
_client_version ":"
5.7 .19 ","
_platform ":"
x86_64 ","
program_name ":"
mysql "},"
pid ":"
21846 ","
os_user ":"
root ","
appname ":". / mysql ","
rows ":"
5 ","
status ":"
0 ","
cmd ":"
show_databases ","
objects ":[{"
db ":"
information_schema ","
name ":" / tmp / #sql_47c4_0 ","
obj_type ":"
TABLE "}],"
query ":"
show databases "}

 

四、 配置就算重啟數據庫后依然會自動開啟Audit;

~]# vim /etc/my.cnf
audit_json_file = on
plugin-load=AUDIT=libaudit_plugin.so

 

五、 配置審計指定命令

~]# cd /app/audit-plugin-mysql-5.7-1.1.6-784/utils
utils]# chmod +x offset-extract.sh
# 執行計算偏移量的腳本前需安裝此服務;
utils]# yum -y install gdb
# 計算偏移量;
utils]# ./offset-extract.sh /usr/local/mysql/bin/mysqld
~]# vim /etc/my.cnf
# 支持審計的SQL查看'http://bazaar.launchpad.net/~mysql/mysql-server/5.6/view/head:/sql/mysqld.cc#L3424'
audit_record_cmds='insert,update,delete,drop_db,create_db,alter_db,grant,truncate'
audit_offsets=7800, 7848, 3624, 4776, 456, 360, 0, 32, 64, 160, 536, 7964, 4352, 3648, 3656, 3660, 6048, 2072, 8, 7032, 7072, 7056, 13432, 148, 672


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 37-SQLServer的審核/審計功能介紹 mysql操作記錄 MySQL的操作日志記錄 Mysql等保部分加固 PG-日志記錄與審計 mysql審計插件 MySQL 添加審計功能 什么是等保 利用SHELL的PROMPT_COMMAND添加日志審計功能,實時記錄任何用戶的操作到日志文件中 MySQL學習記錄--操作時間數據
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM