56,873
社区成员
发帖
与我相关
我的任务
分享mysql审计,可以了解用户对mysql的操作
今天找到了一个mysql审计插件,试过挺不错的
根据业务需求精心编写的,审计粒度很细,具体用户的具体表的具体操作,操作影响的行数都可以审计,确保数据库安全透明的运行,运维DBA再也不用背锅了。
测试版本链接http://pan.baidu.com/s/1ntH0FTR
一、查找插件所在位置
mysql> show variables like '%plugin_dir%';
+---------------+------------------------------+
| Variable_name | Value |
+---------------+------------------------------+
| plugin_dir | /usr/local/mysql/lib/plugin/ |
+---------------+------------------------------+
1 row in set (0.00 sec)
二、将audit_null.so插件放到plugin_dir位置下
三、加载插件
mysql>install plugin audit_sql SONAME 'audit_null.so';
四、卸载插件
mysql>uninstall plugin audit_sql;
使用插件
mysql> show variables like '%audit%';
+------------------------+--------------------+
| Variable_name | Value |
+------------------------+--------------------+
| audit_sql_audit_sql | select;show;insert |
| audit_sql_audit_switch | ON |
| audit_sql_audit_user | user2;user3 |
| audit_sql_loglevel | /tmp/audit_log.txt |
| audit_sql_num | 40 |
+------------------------+--------------------+
set global audit_sql_audit_sql='delete;select;drop'; -----这些审计关键字用;分开
set global audit_sql_audit_user='user2;user3'; ----审计用户用;隔开
set global audit_sql_num =40; ----审计sql影响的最少行数
set global audit_sql_audit_switch=on|off|ON|OFF; -----开启关闭审计
具体操作步骤
mysql> use test
Database changed
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| t008 |
+----------------+
1 row in set (0.00 sec)
mysql> truncate table t008;
Query OK, 0 rows affected (0.03 sec)
mysql> insert into t008 values(3);
Query OK, 1 row affected (0.01 sec)
mysql> select * from t008;
+------+
| id |
+------+
| 3 |
+------+
1 row in set (0.00 sec)
mysql> drop table t008;
Query OK, 0 rows affected (0.00 sec)
mysql>
查看日志linux下
root@db_143 ~]# tailf /tmp/audit_log.txt
root[root] @ localhost [],[2015-08-18 16:58:24],truncate table t008,0
root[root] @ localhost [],[2015-08-18 16:59:9],drop table t008,0
转载http://www.oschina.net/question/2380600_247160
根据业务需求精心编写的,审计粒度很细,具体用户的具体表的具体操作,操作影响的行数都可以审计,确保数据库安全透明的运行,运维DBA再也不用背锅了。
测试版本链接http://pan.baidu.com/s/1ntH0FTR
一、查找插件所在位置
mysql> show variables like '%plugin_dir%';
+---------------+------------------------------+
| Variable_name | Value |
+---------------+------------------------------+
| plugin_dir | /usr/local/mysql/lib/plugin/ |
+---------------+------------------------------+
1 row in set (0.00 sec)
二、将audit_null.so插件放到plugin_dir位置下
三、加载插件
mysql>install plugin audit_sql SONAME 'audit_null.so';
四、卸载插件
mysql>uninstall plugin audit_sql;
使用插件
mysql> show variables like '%audit%';
+------------------------+--------------------+
| Variable_name | Value |
+------------------------+--------------------+
| audit_sql_audit_sql | select;show;insert |
| audit_sql_audit_switch | ON |
| audit_sql_audit_user | user2;user3 |
| audit_sql_loglevel | /tmp/audit_log.txt |
| audit_sql_num | 40 |
+------------------------+--------------------+
set global audit_sql_audit_sql='delete;select;drop'; -----这些审计关键字用;分开
set global audit_sql_audit_user='user2;user3'; ----审计用户用;隔开
set global audit_sql_num =40; ----审计sql影响的最少行数
set global audit_sql_audit_switch=on|off|ON|OFF; -----开启关闭审计
具体操作步骤
mysql> use test
Database changed
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| t008 |
+----------------+
1 row in set (0.00 sec)
mysql> truncate table t008;
Query OK, 0 rows affected (0.03 sec)
mysql> insert into t008 values(3);
Query OK, 1 row affected (0.01 sec)
mysql> select * from t008;
+------+
| id |
+------+
| 3 |
+------+
1 row in set (0.00 sec)
mysql> drop table t008;
Query OK, 0 rows affected (0.00 sec)
mysql>
查看日志linux下
root@db_143 ~]# tailf /tmp/audit_log.txt
root[root] @ localhost [],[2015-08-18 16:58:24],truncate table t008,0
root[root] @ localhost [],[2015-08-18 16:59:9],drop table t008,0
转载http://www.oschina.net/question/2380600_247160
...全文
请发表友善的回复…
发表回复
wandier 2017-12-25
- 打赏
- 举报
楼主,这个插件会不会影响数据库性能?
weixin_41509350 2017-12-23
- 打赏
- 举报
楼主在不,分享过期了,想用您这个插件,能不能重新分享下
rucypli 2015-09-02
- 打赏
- 举报
推荐percona的audit plugin
rick-he 2015-09-02
- 打赏
- 举报
互相学习分享
LongRui888 2015-09-02
- 打赏
- 举报
谢谢分享 
rick-he 2015-09-02
- 打赏
- 举报
这是一个朋友写了,audit plugin可以提供相应的链接吗?
