1. 查看 MYSQL 版本并找出审计对应版本:
[root@dbus1 ~]# mysqld -V
mysqld Ver 5.7.39 for Linux on x86_64 (MySQL Community Server (GPL))
[root@dbus1 ~]#
2. 查看审计日志对应版本:
打开地址: https://github.com/trellix-enterprise/mysql-audit/releases
v1.1.13 Latest
Added support for:
MySQL 64-bit 8.0.30
MySQL 64-bit 5.7.39, 5.7.38
MySQL 32-bit 5.7.39, 5.7.38
MariaDB 64-bit 10.7.5, 10.7.4, 10.7.3, 10.5.16, 10.2.44
MariaDB 32-bit 10.2.44
v1.1.12
Added support for:
MySQL 64-bit 8.0.28, 8.0.27, 8.0.26
MySQL 64-bit 5.7.37
MySQL 32-bit 5.7.37
MariaDB 64-bit 10.6.7, 10.6.5, 10.6.4, 10.6.3
MariaDB 64-bit 10.5.15, 10.4.24, 10.2.43
MariaDB 32-bit 10.2.43
3. 下载对应版本:
wget https://github.com/trellix-enterprise/mysql-audit/releases/download/v1.1.13/audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip
4. 解压 文件:
[root@dbus1 ~]# cd /home/mysql
[root@dbus1 mysql]# unzip audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip
[root@dbus1 mysql]# cd audit-plugin-mysql-5.7-1.1.13-1008
[root@dbus1 audit-plugin-mysql-5.7-1.1.13-1008]# ls
COPYING lib plugin-name.txt README.txt THIRDPARTY.txt utils
[root@dbus1 audit-plugin-mysql-5.7-1.1.13-1008]#
5. 查看 插件目录:
mysql> show variables like 'plugin_dir';
+---------------+--------------------------+
| Variable_name | Value |
+---------------+--------------------------+
| plugin_dir | /usr/lib64/mysql/plugin/ |
+---------------+--------------------------+
1 row in set (0.07 sec)
mysql>
6. 复制插件到MYSQL插件目录 并赋权:
[root@dbus1 ~]# cp /home/mysql/audit-plugin-mysql-5.7-1.1.13-1008/lib/libaudit_plugin.so /usr/lib64/mysql/plugin/
[root@dbus1 ~]# chown -R mysql:mysql /home/mysql/audit-mysql
7. 创建文件目录及审计文件:
/home/mysql/audit-mysql/mysql-audit.log
[root@dbus1 ~]# chown -R mysql:mysql /home/mysql/audit-mysql
8. 安装插件:
mysql> INSTALL PLUGIN audit SONAME 'libaudit_plugin.so';
9. 设置参数:
mysql> set global audit_json_file=1;
Query OK, 0 rows affected (0.00 sec)
mysql> set global audit_json_log_file='/home/mysql/audit-mysql/mysql-audit.log';
Query OK, 0 rows affected (0.00 sec)
mysql> set global audit_json_file_flush=on;
Query OK,