## MySQL5.7社区版安装安全审计插件(Linux) ### auti-plugin-mysql插件下载 ```shell wget https://bintray.com/mcafee/mysql-audit-plugin/download_file?file_path=audit-plugin-mysql-5.7-1.1.7-921-linux-x86_64.zip ``` ### 查看mysql插件目录 ```shell mysql> show variables like '%plugin_dir%'; ``` ### 查看是否已经安装 ```shell mysql> show global status like '%audit%'; ``` ### 解压 ```shell unzip audit-plugin-mysql-5.7-1.1.7-921-linux-x86_64.zip cp audit-plugin-mysql-5.7-1.1.7-921/lib/libaudit_plugin.so /usr/local/mysql/lib/plugin/ chmod a+x /usr/local/mysql/lib/plugin/libaudit_plugin.so ``` ### 安装 ```shell mysql> install plugin audit soname 'libaudit_plugin.so'; ``` ### 查看插件版本 ```shell mysql> show global status like '%audit%'; ``` ### 检查插件功能是否开启 ```shell mysql> show variables like '%audit_json_file%'; ``` ### 开启插件服务 ```shell mysql> set global audit_json_file=ON; ##ON/OFF ``` ### 查看审计日志 ```shell tail -0f /data/mysqldb/mysql-audit.json ``` ### 配置开启启动生效 ```shell vim /etc/my.cnf [mysqld] audit_json_file = on plugin-load=AUDIT=libaudit_plugin.so audit_record_cmds='insert,update,delete,drop_db,create_db,alter_db,drop_table,create_table,alter_table,select,grant,truncate' #默认NULL 表示记录全部操作 audit_offsets=7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13464, 148, 672, 0 ``` ### 获取audit_offsets的偏移量 ```shell cd audit-plugin-mysql-5.7-1.1.7-921/utils/ chmod +x offset-extract.sh which mysqld ./offset-extract.sh /usr/local/mysql/bin/mysqld ``` > 提示:开启安全审计会消耗磁盘io和容量