1.1 介質准備
mysql-5.7.33-linux-glibc2.12-x86_64.tar.gz
該介質可以從官網上進行下載
1.1 創建mysql用戶和用戶組
#groupadd mysql
#useradd -g mysql mysql
#passwd mysql
1.1 下載解壓二進制文件,解壓,進入解壓出來的文件
[root@localhost soft]# tar -xvf mysql-5.7.33-linux-glibc2.12-x86_64.tar.gz
[root@localhost soft]# mv mysql-5.7.33-linux-glibc2.12-x86_64 /opt/mysql5733
[root@localhost soft]# cd /opt/mysql5733
[root@localhost mysql5733]# ls
bin docs include lib LICENSE man README share support-files
1.1 在mysql主目錄下建立相應的目錄
data目錄存放數據文件,conf目錄存放配置文件
[root@localhost mysql5733]#cd /opt/mysql5733
[root@localhost mysql5733]#mkdir data ##數據文件目錄
[root@localhost mysql5733]#mkdir conf ## 配置文件目錄
[root@localhost mysql5733]#mkdir -p mysqllog/relaylog ##主從環境relaylog
[root@localhost mysql5733]#mkdir -p mysqllog/logfile ##錯誤日志文件
[root@localhost mysql5733]#mkdir -p mysqllog/binlog ##binlog文件
[root@localhost mysql5733]#mkdir -p secure_file ##secure_file_priv參數指定路
[root@localhost mysql5733]#mkdir redolog ##redo日志文件
1.1 在conf目錄下創建配置文件my.cnf,配置文件內容如下(直接復制粘貼不要用系統的復制功能)
[mysqld] port=13306 server-id=1 basedir=/opt/mysql5733 datadir=/opt/mysql5733/data socket=/opt/mysql5733/mysql.sock max_connections = 16000 character_set_server=utf8mb4 collation-server=utf8mb4_general_ci init_connect='SET collation_connection = utf8mb4_general_ci' init_connect='SET NAMES utf8mb4' interactive_timeout=86400 wait_timeout=86400 skip-external-locking key_buffer_size= 128M max_allowed_packet=32M query_cache_size=32M read_buffer_size=2M sort_buffer_size=128M join_buffer_size= 128M innodb_file_per_table= 1 innodb_open_files= 5000 innodb_buffer_pool_size= 100G ##物理內存的80% innodb_write_io_threads= 16 innodb_read_io_threads= 16 innodb_thread_concurrency = 0 innodb_purge_threads= 1 innodb_flush_log_at_trx_commit= 2 innodb_log_buffer_size=16M innodb_log_file_size=512M innodb_log_files_in_group= 5 innodb_max_dirty_pages_pct= 90 innodb_lock_wait_timeout= 120 bulk_insert_buffer_size= 64M myisam_sort_buffer_size=64M myisam_max_sort_file_size= 10G myisam_repair_threads= 1 log_bin_trust_function_creators=1 event_scheduler=1 max_binlog_size=100M binlog_format=row log-bin=/opt/mysql5733/mysqllog/binlog/binlog.bin slow_query_log=on slow_query_log_file=/opt/mysql5733/mysqllog/logfile/slow-query.log long_query_time=1
log_queries_not_using_indexes=on log-error=/opt/mysql5733/mysqllog/logfile/mysql-err.log binlog_cache_size=4MB skip-host-cache skip-name-resolve expire_logs_days=15 skip-slave-start relay-log-index=/opt/mysql5733/mysqllog/relaylog/slave-relay-bin.index relay-log=/opt/mysql5733/mysqllog/relaylog/relaylog-binlog replicate-ignore-db=information_schema,performance_schema,sys slave_net_timeout=60 language=/opt/mysql5733/share/english early-plugin-load="" explicit_defaults_for_timestamp=true log_slave_updates=1 gtid_mode=ON enforce_gtid_consistency = ON lower_case_table_names=1 sql_mode='STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' ##secure_file_priv參數 secure_file_priv=/opt/mysql5733/secure_file
##審計,需要安裝審計插件才可用
server_audit_logging=on
server_audit_file_path =/opt/mysql5733/audit
server_audit_file_rotate_size=524288000
server_audit_file_rotations=256
server_audit_file_rotate_now=ON
server_audit_events='connect,table,query_ddl,query_dcl,query_dml_no_select';
[client] port = 13306 socket=/opt/mysql5733/mysql.sock default-character-set = utf8mb4 [mysqldump] quick max_allowed_packet = 32M [myisamchk] key_buffer_size = 8M sort_buffer_size = 8M read_buffer = 4M write_buffer = 4M
1.1 修改mysql目錄權限
[root@localhost opt]# chown -R mysql:mysql ./mysql5733
1.1 初始化數據庫
root@localhost bin]# ./mysqld --initialize --user=mysql --basedir=/opt/mysql5733 --datadir=/opt/mysql5733/data --lc_messages_dir=/opt/mysql5733/share --lc_messages=en_US 2021-04-08T06:52:15.255824Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). 2021-04-08T06:52:27.425045Z 0 [Warning] InnoDB: New log files created, LSN=45790
2021-04-08T06:52:28.498904Z 0 [Warning] InnoDB: Creating foreign key constraint system tables. 2021-04-08T06:52:28.793787Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: fbf83c6c-9836-11eb-8ec4-52540051cd25. 2021-04-08T06:52:28.941653Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened. 2021-04-08T06:52:30.136173Z 0 [Warning] CA certificate ca.pem is self signed. 2021-04-08T06:52:30.491597Z 1 [Note] A temporary password is generated for root@localhost: Z>YSOb#if5H)
紅色為臨時密碼
1.1 啟動(mysql下啟動)
su - mysql
[mysql@localhost bin]$cd /opt/mysql5733/bin
[mysql@localhost bin]$ ./mysqld_safe --defaults-file=/opt/mysql5733/conf/my.cnf --user=mysql &
1.1 登陸mysql並修改密碼
[mysql@localhost bin]$ ./mysql -h localhost -uroot -P13306 -p -S /opt/mysql5733/mysql.sock
Enter password:
這里輸入初始化的密碼
修改密碼
mysql> set password=password('mysql');
Query OK, 0 rows affected, 1 warning (0.10 sec)
或者
update mysql.user set authentication_string=password('mysql') where user='root' and host = 'localhost';
flush privileges;
刪除系統自帶用戶(看實際情況需要)
mysql> delete from mysql.user where user='mysql.session';
Query OK, 1 row affected (0.06 sec)
mysql> delete from mysql.user where user='mysql.sys';
Query OK, 1 row affected (0.06 sec)
1.1 開啟所有日志(看情況需要)
set global general_log=on;
set global log_output='TABLE'
永久生效的話可以將如下配置寫到配置文件
[mysqld]
general_log = 1
log_output=TABLE
同時也可以寫入到文件(默認是寫入到文件的)
[mysqld]
general_log = 1
general_log_file = /opt/mysql5733/all.log
log_output=FILE,TABLE
開啟后所有的日志會記錄到mysql. general_log
mysql> select * from general_log;
+----------------------------+---------------------------+-----------+-----------+--------------+----------------------------+
| event_time | user_host | thread_id | server_id | command_type | argument |
+----------------------------+---------------------------+-----------+-----------+--------------+----------------------------+
| 2021-04-08 15:24:25.563842 | root[root] @ localhost [] | 5 | 1 | Query | show databases |
| 2021-04-08 15:24:30.730637 | root[root] @ localhost [] | 5 | 1 | Query | SELECT DATABASE() |
| 2021-04-08 15:24:30.730893 | root[root] @ localhost [] | 5 | 1 | Init DB | mysql |
| 2021-04-08 15:24:30.732618 | root[root] @ localhost [] | 5 | 1 | Query | show databases |
1.1 開啟審計
1.1.1 找到安全審計插件
可以下載mariadb后,解壓找到server_audit.so
我這里下載的mariadb版本是10.4,將該文件上傳到服務器的tmp目錄
1.1.1 將server_audit.so 拷貝到mysql插件的路徑下
mysql賬號下操作
[mysql@localhost plugin]$ cp /tmp/server_audit.so /opt/mysql5733/lib/plugin/
注意權限,若不是mysql權限的話需要修改下權限
cd /opt/mysql5733/lib/plugin
chown mysql:mysql ./server_audit.so
1.1.1 安裝審計插件
[mysql@localhost bin]$ ./mysql -h localhost -uroot -S /opt/mysql5733/mysql.sock -pmysql
INSTALL PLUGIN server_audit SONAME 'server_audit.so';
1.1.1 開啟審計功能
先創建審計存儲目錄
[root@localhost mysql57]#mkdir -p /opt/mysql5733/audit
[root@localhost mysql57]#chown -R mysql:mysql ./audit/
開啟審計
mysql>set global server_audit_logging=on;
mysql>set global server_audit_file_path='/opt/mysql5733/audit';
mysql>set global server_audit_file_rotate_size=524288000;
mysql>set global server_audit_file_rotations=256;
mysql>set global server_audit_file_rotate_now=ON;
mysql>set global server_audit_events='connect,table,query_ddl,query_dcl,query_dml_no_select';
將如下配置添加到初始化文件,避免重啟失效(需要重啟動)
server_audit_logging=on
server_audit_file_path =/opt/mysql5733/audit
server_audit_file_rotate_size=524288000
server_audit_file_rotations=256
server_audit_file_rotate_now=ON
server_audit_events='connect,table,query_ddl,query_dcl,query_dml_no_select';
1.1.1 驗證
客戶端寫入數據到表
insert into tb_test01 values(100,'name1');
查看審計日志文件
[mysql@localhost audit]$ more server_audit.log
可以發現有記錄如下的信息
20210408 16:46:59,localhost.localdomain,hxl,192.168.2.84,13,145,QUERY,db_hxl,'insert into tb_test01 values(100,\'name1\')',0
1.1.1 關閉審計
set global server_audit_logging=off;