订阅号怎么做免费的视频网站,ps做图下载网站有哪些,wordpress根据文章id显示内容,软件科技开发公司MySQL安装开源审计插件 mysql-audit MySQL 5.7.38安装审计插件 mysql-audit安装MySQL1.查看Linux服务器版本和glibc版本2.根据自己的系统下载对应的MySQL版本#xff0c;由于mysql-audit并不支持所有版本的MySQL#xff0c;所以在确定MySQL版本之前请注意下插件支持的MySQL版… MySQL安装开源审计插件 mysql-audit MySQL 5.7.38安装审计插件 mysql-audit安装MySQL1.查看Linux服务器版本和glibc版本2.根据自己的系统下载对应的MySQL版本由于mysql-audit并不支持所有版本的MySQL所以在确定MySQL版本之前请注意下插件支持的MySQL版本3.下载MySQL4.安装MySQL1.安装之前看是否安装过MySQL数据库2.查看是否有MySQL依赖4.检查是否有mariadb5.安装mysql依赖包6.解压MySQL的tar文件 安装准备7.安装MySQL8.防火墙端口开放 4.安装审计插件mysql-audit1.审计软件我已经下载了 上文有下载说明2.解压软件3.登录进入MySQL找到你的插件所在目录4.我们的MySQL插件目录是 /usr/local/mysql/lib/plugin/5.获取偏移量信息6.修改MySQL配置文件7.安装mysql-audit插件8.连接数据库测试 MySQL 5.7.38安装审计插件 mysql-audit
MySQL版本众多 同样审计的软件众多为什么使用 mysql-audit 原因老外的弄得一直在维护支持的MySQL版本多
安装MySQL
1.查看Linux服务器版本和glibc版本
[rootlocalhost ~]# cat /etc/centos-release
CentOS Linux release 7.9.2009 (Core)[rootlocalhost ~]# ldd --version
ldd (GNU libc) 2.17
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.
2.根据自己的系统下载对应的MySQL版本由于mysql-audit并不支持所有版本的MySQL所以在确定MySQL版本之前请注意下插件支持的MySQL版本
mysql-audit https://github.com/trellix-enterprise/mysql-audit/releases 显示所有可用的插件 比如我的系统是64为的我要用5.7.38的MySQL我就下载对应的插件 [rootlocalhost ~]# cd ~/Desktop/
[rootlocalhost Desktop]# wget https://github.com/trellix-enterprise/mysql-audit/releases/download/v1.1.13/audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip
--2024-05-15 14:08:08-- https://github.com/trellix-enterprise/mysql-audit/releases/download/v1.1.13/audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip
Resolving github.com (github.com)... 20.205.243.166
Connecting to github.com (github.com)|20.205.243.166|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/3552521/18e50e6c-aa02-413b-a796-61cbcb3ee58a?X-Amz-AlgorithmAWS4-HMAC-SHA256X-Amz-Credentialreleaseassetproduction%2F20240515%2Fus-east-1%2Fs3%2Faws4_requestX-Amz-Date20240515T060813ZX-Amz-Expires300X-Amz-Signature6d74005dbfa59d69565d309c5d7b1ef64d62811c3b715976d9506b5108c2ee83X-Amz-SignedHeadershostactor_id0key_id0repo_id3552521response-content-dispositionattachment%3B%20filename%3Daudit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zipresponse-content-typeapplication%2Foctet-stream [following]
--2024-05-15 14:08:13-- https://objects.githubusercontent.com/github-production-release-asset-2e65be/3552521/18e50e6c-aa02-413b-a796-61cbcb3ee58a?X-Amz-AlgorithmAWS4-HMAC-SHA256X-Amz-Credentialreleaseassetproduction%2F20240515%2Fus-east-1%2Fs3%2Faws4_requestX-Amz-Date20240515T060813ZX-Amz-Expires300X-Amz-Signature6d74005dbfa59d69565d309c5d7b1ef64d62811c3b715976d9506b5108c2ee83X-Amz-SignedHeadershostactor_id0key_id0repo_id3552521response-content-dispositionattachment%3B%20filename%3Daudit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zipresponse-content-typeapplication%2Foctet-stream
Resolving objects.githubusercontent.com (objects.githubusercontent.com)... 185.199.109.133, 185.199.108.133, 185.199.110.133, ...
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.109.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 596787 (583K) [application/octet-stream]
Saving to: ‘audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip’100%[] 596,787 1.80MB/s in 0.3s2024-05-15 14:08:14 (1.80 MB/s) - ‘audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip’ saved [596787/596787][rootlocalhost Desktop]#[rootlocalhost Desktop]# ls -al
total 588
drwxr-xr-x. 2 root root 65 May 15 14:08 .
dr-xr-x---. 14 root root 4096 May 11 16:13 ..
-rw-r--r--. 1 root root 596787 Oct 12 2022 audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip
3.下载MySQL
MySQL下载地址 https://downloads.mysql.com/archives/community/ 我的服务器版本是centos7的64位操作系统 根据自己情况选择自己的版本 下载选择 tar源码包 [rootlocalhost Desktop]# wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.38-linux-glibc2.12-x86_64.tar
--2024-05-15 14:15:02-- https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.38-linux-glibc2.12-x86_64.tar
Resolving downloads.mysql.com (downloads.mysql.com)... 23.15.136.176, 2600:140b:a00:6af::2e31, 2600:140b:a00:6b2::2e31
Connecting to downloads.mysql.com (downloads.mysql.com)|23.15.136.176|:443... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://cdn.mysql.com/archives/mysql-5.7/mysql-5.7.38-linux-glibc2.12-x86_64.tar [following]
--2024-05-15 14:15:08-- https://cdn.mysql.com/archives/mysql-5.7/mysql-5.7.38-linux-glibc2.12-x86_64.tar
Resolving cdn.mysql.com (cdn.mysql.com)... 23.77.214.217, 2600:140b:a00:6a1::1d68, 2600:140b:a00:6b7::1d68
Connecting to cdn.mysql.com (cdn.mysql.com)|23.77.214.217|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 709361152 (676M) [application/x-tar]
Saving to: ‘mysql-5.7.38-linux-glibc2.12-x86_64.tar’14% [ ] 105,386,474 10.9MB/s eta 55s
4.安装MySQL
1.安装之前看是否安装过MySQL数据库
[rootlocalhost Desktop]# yum remove mysql
Loaded plugins: fastestmirror, langpacks
No Match for argument: mysql
No Packages marked for removal
2.查看是否有MySQL依赖 [rootlocalhost Desktop]# rpm -qa | grep mysql
[rootlocalhost Desktop]#
若有就卸载
//普通删除模式
rpm -e xxx(mysql_libs)
//强力删除模式,如果上述命令删除时提示有依赖其他文件则可以用该命令对其进行强力删除
rpm -e --nodeps xxx(mysql_libs)
4.检查是否有mariadb [rootlocalhost Desktop]# rpm -qa | grep mariadb
mariadb-libs-5.5.68-1.el7.x86_64
[rootlocalhost Desktop]#
若有就卸载 [rootlocalhost Desktop]# rpm -qa | grep mariadb
mariadb-libs-5.5.68-1.el7.x86_64
[rootlocalhost Desktop]# rpm -e --nodeps mariadb-libs
[rootlocalhost Desktop]# rpm -e --nodeps mariadb-libs-5.5.68-1.el7.x86_64
error: package mariadb-libs-5.5.68-1.el7.x86_64 is not installed
[rootlocalhost Desktop]#
5.安装mysql依赖包 [rootlocalhost Desktop]# yum install libaio
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile* base: mirrors.ustc.edu.cn* extras: mirrors.ustc.edu.cn* updates: mirrors.ustc.edu.cn
base | 3.6 kB 00:00
extras | 2.9 kB 00:00
updates | 2.9 kB 00:00
(1/4): base/7/x86_64/group_gz | 153 kB 00:05
(2/4): extras/7/x86_64/primary_db | 253 kB 00:05
(3/4): updates/7/x86_64/primary_db | 27 MB 00:08
(4/4): base/7/x86_64/primary_db | 6.1 MB 00:11
Package libaio-0.3.109-13.el7.x86_64 already installed and latest version
Nothing to do
[rootlocalhost Desktop]#
6.解压MySQL的tar文件 安装准备 clear
[rootlocalhost Desktop]# tar -xvf mysql-5.7.38-linux-glibc2.12-x86_64.tar
mysql-test-5.7.38-linux-glibc2.12-x86_64.tar.gz
mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz
[rootlocalhost Desktop]# tar -zxvf mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz
mysql-5.7.38-linux-glibc2.12-x86_64/bin/myisam_ftdump
mysql-5.7.38-linux-glibc2.12-x86_64/bin/myisamchk
mysql-5.7.38-linux-glibc2.12-x86_64/bin/myisamlog
mysql-5.7.38-linux-glibc2.12-x86_64/bin/myisampack....... mysql-5.7.38-linux-glibc2.12-x86_64/support-files/mysql.server
mysql-5.7.38-linux-glibc2.12-x86_64/docs/INFO_BIN
mysql-5.7.38-linux-glibc2.12-x86_64/docs/INFO_SRC
[rootlocalhost Desktop]#
修改解压后路径名称 [rootlocalhost Desktop]# ls
audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip
mysql-5.7.38-linux-glibc2.12-x86_64
mysql-5.7.38-linux-glibc2.12-x86_64.tar
mysql-5.7.38-linux-glibc2.12-x86_64.tar.gz
mysql-test-5.7.38-linux-glibc2.12-x86_64.tar.gz
[rootlocalhost Desktop]# mv mysql-5.7.38-linux-glibc2.12-x86_64 mysql
[rootlocalhost Desktop]#
[rootlocalhost Desktop]#
安装习惯把MySQL 移动到 /usr/local目录 [rootlocalhost Desktop]# ls /usr/local/
bin etc games include lib lib64 libexec sbin share src
[rootlocalhost Desktop]#[rootlocalhost Desktop]# mv mysql /usr/local/
[rootlocalhost Desktop]# ls /usr/local/
bin etc games include lib lib64 libexec mysql sbin share src
[rootlocalhost Desktop]# ls /usr/local/mysql/
bin docs include lib LICENSE man README share support-files
[rootlocalhost Desktop]#
切换到MySQL目录 创建相关用户名密码 [rootlocalhost Desktop]# cd /usr/local/mysql/
[rootlocalhost mysql]# pwd
/usr/local/mysql
[rootlocalhost mysql]# ls
bin docs include lib LICENSE man README share support-files
[rootlocalhost mysql]# mkdir mysqld
[rootlocalhost mysql]# ls
bin docs include lib LICENSE man mysqld README share support-files
[rootlocalhost mysql]#
mysql安装目录赋予权限
[rootlocalhost mysql]# ls
bin docs include lib LICENSE man mysqld README share support-files
[rootlocalhost mysql]# chmod -R 777 /usr/local/mysql/
[rootlocalhost mysql]# ls -al
total 272
drwxrwxrwx. 10 root root 143 May 16 18:25 .
drwxr-xr-x. 13 root root 144 May 16 18:24 ..
drwxrwxrwx. 2 root root 4096 May 16 18:19 bin
drwxrwxrwx. 2 root root 55 May 16 18:19 docs
drwxrwxrwx. 3 root root 4096 May 16 18:19 include
drwxrwxrwx. 5 root root 230 May 16 18:19 lib
-rwxrwxrwx. 1 7161 31415 259251 Mar 22 2022 LICENSE
drwxrwxrwx. 4 root root 30 May 16 18:19 man
drwxrwxrwx. 2 root root 6 May 16 18:25 mysqld
-rwxrwxrwx. 1 7161 31415 566 Mar 22 2022 README
drwxrwxrwx. 28 root root 4096 May 16 18:19 share
drwxrwxrwx. 2 root root 90 May 16 18:19 support-files
[rootlocalhost mysql]# pwd
/usr/local/mysql
[rootlocalhost mysql]#
创建mysql组和用户 创建组
[rootlocalhost mysql]#
[rootlocalhost mysql]# groupadd mysql
[rootlocalhost mysql]#
创建用户(-s /bin/false参数指定mysql用户仅拥有所有权而没有登录权限)
[rootlocalhost mysql]#
[rootlocalhost mysql]# groupadd mysql
[rootlocalhost mysql]# useradd -r -g mysql -s /bin/false mysql
[rootlocalhost mysql]#
[rootlocalhost mysql]#
将用户添加到组中
[rootlocalhost mysql]# clear
[rootlocalhost mysql]#
[rootlocalhost mysql]# groupadd mysql
[rootlocalhost mysql]# useradd -r -g mysql -s /bin/false mysql
[rootlocalhost mysql]#
[rootlocalhost mysql]# chown -R mysql:mysql ./
[rootlocalhost mysql]# ls -al
total 272
drwxrwxrwx. 10 mysql mysql 143 May 16 18:25 .
drwxr-xr-x. 13 root root 144 May 16 18:24 ..
drwxrwxrwx. 2 mysql mysql 4096 May 16 18:19 bin
drwxrwxrwx. 2 mysql mysql 55 May 16 18:19 docs
drwxrwxrwx. 3 mysql mysql 4096 May 16 18:19 include
drwxrwxrwx. 5 mysql mysql 230 May 16 18:19 lib
-rwxrwxrwx. 1 mysql mysql 259251 Mar 22 2022 LICENSE
drwxrwxrwx. 4 mysql mysql 30 May 16 18:19 man
drwxrwxrwx. 2 mysql mysql 6 May 16 18:25 mysqld
-rwxrwxrwx. 1 mysql mysql 566 Mar 22 2022 README
drwxrwxrwx. 28 mysql mysql 4096 May 16 18:19 share
drwxrwxrwx. 2 mysql mysql 90 May 16 18:19 support-files
[rootlocalhost mysql]#
修改 /etc/my.cnf 文件如果没有文件就新建
[rootlocalhost mysql]# cd /etc/
[rootlocalhost etc]# ls | grep my.cnf
[rootlocalhost etc]#
[rootlocalhost etc]# pwd
/etc
[rootlocalhost etc]# touch my.cnf
[rootlocalhost etc]# ls -al | grep my.cnf
-rw-r--r--. 1 root root 0 May 16 18:54 my.cnf
[rootlocalhost etc]#
编辑 my.cnf文件 配置如下
[mysqld]
# 设置3306端口
port3306
# 设置mysql的安装目录
basedir/usr/local/mysql
# 设置mysql数据库的数据的存放目录
datadir/usr/local/mysql/mysqldb
# 允许最大连接数
max_connections10000
# 允许连接失败的次数。这是为了防止有人从该主机试图攻击数据库系统
max_connect_errors10
# 服务端使用的字符集默认为UTF8
character-set-serverutf8
# 创建新表时将使用的默认存储引擎
default-storage-engineINNODB
# 默认使用“mysql_native_password”插件认证
default_authentication_pluginmysql_native_password
[mysql]
# 设置mysql客户端默认字符集
default-character-setutf8
[client]
# 设置mysql客户端连接服务端时默认使用的端口
port3306
default-character-setutf87.安装MySQL
进入MySQL的bin目录
[rootlocalhost etc]# cd /usr/local/mysql/bin/
[rootlocalhost bin]# pwd
/usr/local/mysql/bin
安装mysql并记住初始化随机密码
[rootlocalhost bin]# ./mysqld --initialize --console
2024-05-16T10:57:55.645402Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2024-05-16T10:57:55.899299Z 0 [Warning] InnoDB: New log files created, LSN45790
2024-05-16T10:57:55.934999Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2024-05-16T10:57:56.008700Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 2683643d-1373-11ef-b486-000c29193667.
2024-05-16T10:57:56.011251Z 0 [Warning] Gtid table is not ready to be used. Table mysql.gtid_executed cannot be opened.
2024-05-16T10:57:56.161299Z 0 [Warning] A deprecated TLS version TLSv1 is enabled. Please use TLSv1.2 or higher.
2024-05-16T10:57:56.161325Z 0 [Warning] A deprecated TLS version TLSv1.1 is enabled. Please use TLSv1.2 or higher.
2024-05-16T10:57:56.161696Z 0 [Warning] CA certificate ca.pem is self signed.
2024-05-16T10:57:56.192763Z 1 [Note] A temporary password is generated for rootlocalhost: ..g0Xl1wB8u.
[rootlocalhost bin]#
注意这一行 [Note] A temporary password is generated for rootlocalhost: ..g0Xl1wB8u. 说明我的默认密码是 注意是 localhost冒号后面的
…g0Xl1wB8u.
启动mysql服务切换目录给权限
[rootlocalhost bin]# cd /usr/local/mysql/support-files
[rootlocalhost support-files]# chmod -R 777 /usr/local/mysql
[rootlocalhost support-files]#
[rootlocalhost support-files]#
启动MySQL
[rootlocalhost bin]# cd /usr/local/mysql/support-files
[rootlocalhost support-files]# chmod -R 777 /usr/local/mysql
[rootlocalhost support-files]#
[rootlocalhost support-files]# ./mysql.server start
Starting MySQL.Logging to /usr/local/mysql/mysqldb/localhost.localdomain.err.SUCCESS!
[rootlocalhost support-files]#
将mysql添加到系统进程中 就可以使用服务进程操作mysql了
[rootlocalhost support-files]# cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysqld
[rootlocalhost support-files]#
设置mysql自启动
[rootlocalhost support-files]# chmod x /etc/init.d/mysqld
[rootlocalhost support-files]# systemctl enable mysqld
mysqld.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig mysqld on
[rootlocalhost support-files]#
修改root用户登录密码密码就是上面的随机字符串 我的是 …g0Xl1wB8u. 每个人随机的都不一样
[rootlocalhost bin]# pwd
/usr/local/mysql/bin
[rootlocalhost bin]# ./mysql -u root -p[rootlocalhost bin]# ./mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.38Copyright (c) 2000, 2022, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type help; or \h for help. Type \c to clear the current input statement.mysql
修改密码为123456
mysql alter user rootlocalhost IDENTIFIED WITH mysql_native_password BY 123456;
Query OK, 0 rows affected (0.00 sec)mysql
mysql
允许远程登录 并 刷新
mysql
mysql GRANT ALL PRIVILEGES ON *.* TO root%IDENTIFIED BY 123456 WITH GRANT OPTION;
Query OK, 0 rows affected, 1 warning (0.01 sec)mysqlmysql FLUSH PRIVILEGES ;
Query OK, 0 rows affected (0.01 sec)mysqlmysql quit
Bye
[rootlocalhost bin]#
[rootlocalhost bin]#
重启服务且测试 命令1systemctl restart mysql 命令2 service mysql restart 两条命令都可以重启MySQL
[rootlocalhost bin]#
[rootlocalhost bin]# service mysql restart
Redirecting to /bin/systemctl restart mysql.service
[rootlocalhost bin]#
查看MySQL启动状态
[rootlocalhost bin]#
[rootlocalhost bin]# cd ~/Desktop/
[rootlocalhost Desktop]# systemctl status mysql
● mysqld.service - LSB: start and stop MySQLLoaded: loaded (/etc/rc.d/init.d/mysqld; bad; vendor preset: disabled)Active: active (exited) since Thu 2024-05-16 19:11:41 CST; 1min 55s agoDocs: man:systemd-sysv-generator(8)Process: 4310 ExecStart/etc/rc.d/init.d/mysqld start (codeexited, status0/SUCCESS)May 16 19:11:41 localhost.localdomain systemd[1]: Starting LSB: start and stop MySQL...
May 16 19:11:41 localhost.localdomain mysqld[4310]: Starting MySQL SUCCESS!
May 16 19:11:41 localhost.localdomain systemd[1]: Started LSB: start and stop MySQL.
May 16 19:11:42 localhost.localdomain mysqld[4310]: 2024-05-16T11:11:42.026045Z mysqld_safe A mysqld process already exists
[rootlocalhost Desktop]# 8.防火墙端口开放
查看所有端口
[rootlocalhost Desktop]# firewall-cmd --list-all
public (active)target: defaulticmp-block-inversion: nointerfaces: ens33sources:services: dhcpv6-client sshports:protocols:masquerade: noforward-ports:source-ports:icmp-blocks:rich rules:[rootlocalhost Desktop]#
开放3306端口 , --permanent 永久生效
[rootlocalhost Desktop]# firewall-cmd --zonepublic --add-port3306/tcp --permanent
success
[rootlocalhost Desktop]#
[rootlocalhost Desktop]# firewall-cmd --reload
success
看下自己的IP连接测试
[rootlocalhost Desktop]# ifconfig | grep 192inet 192.168.1.106 netmask 255.255.255.0 broadcast 192.168.1.255inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 4.安装审计插件mysql-audit
1.审计软件我已经下载了 上文有下载说明
[rootlocalhost Desktop]# ls -l | grep aud
-rw-r--r--. 1 root root 596787 Oct 12 2022 audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip
[rootlocalhost Desktop]#
[rootlocalhost Desktop]#
[rootlocalhost Desktop]# pwd
/root/Desktop
2.解压软件
[rootlocalhost Desktop]# unzip audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zip
Archive: audit-plugin-mysql-5.7-1.1.13-1008-linux-x86_64.zipcreating: audit-plugin-mysql-5.7-1.1.13-1008/creating: audit-plugin-mysql-5.7-1.1.13-1008/lib/inflating: audit-plugin-mysql-5.7-1.1.13-1008/lib/libaudit_plugin.soinflating: audit-plugin-mysql-5.7-1.1.13-1008/COPYINGinflating: audit-plugin-mysql-5.7-1.1.13-1008/THIRDPARTY.txtinflating: audit-plugin-mysql-5.7-1.1.13-1008/README.txtinflating: audit-plugin-mysql-5.7-1.1.13-1008/plugin-name.txtcreating: audit-plugin-mysql-5.7-1.1.13-1008/utils/inflating: audit-plugin-mysql-5.7-1.1.13-1008/utils/offset-extract.sh
[rootlocalhost Desktop]#
3.登录进入MySQL找到你的插件所在目录
[rootlocalhost Desktop]# pwd
/root/Desktop
[rootlocalhost Desktop]# cd /usr/local/mysql/bin/
[rootlocalhost bin]# ./mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.38 MySQL Community Server (GPL)Copyright (c) 2000, 2022, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type help; or \h for help. Type \c to clear the current input statement.mysqlmysql show global variables like plugin_dir;
---------------------------------------------
| Variable_name | Value |
---------------------------------------------
| plugin_dir | /usr/local/mysql/lib/plugin/ |
---------------------------------------------
1 row in set (0.01 sec)mysql
4.我们的MySQL插件目录是 /usr/local/mysql/lib/plugin/
把插件复制到MySQL的插件目录并修改权限和所有者
mysql
mysql quit
Bye
[rootlocalhost bin]# cd ~/Desktop/audit-plugin-mysql-5.7-1.1.13-1008/lib/
[rootlocalhost lib]#
[rootlocalhost lib]# cp libaudit_plugin.so /usr/local/mysql/lib/plugin/
[rootlocalhost lib]# chmod x /usr/local/mysql/lib/plugin/libaudit_plugin.so
[rootlocalhost lib]# chown mysql:mysql /usr/local/mysql/lib/plugin/libaudit_plugin.so
[rootlocalhost lib]#
[rootlocalhost lib]#
5.获取偏移量信息
找到自己的mysqld 文件可使用 whereis mysqld 但是我们是源码包安装的 mysqld 位置 : /usr/local/mysql/bin/
[rootlocalhost Desktop]# pwd
/root/Desktop
[rootlocalhost Desktop]# ls /usr/local/mysql/bin/ | grep mysqld
mysqld
mysqld-debug
mysqld_multi
mysqld_safe
mysqldump
mysqldumpslow
[rootlocalhost Desktop]#
进入插件的解压目录 ,添加权限然后获取数值
[rootlocalhost Desktop]# cd audit-plugin-mysql-5.7-1.1.13-1008/utils/
[rootlocalhost utils]# ls -al
total 8
drwxr-xr-x. 2 root root 31 Sep 6 2022 .
drwxr-xr-x. 4 root root 108 Sep 6 2022 ..
-rw-r--r--. 1 root root 4726 Sep 6 2022 offset-extract.sh
[rootlocalhost utils]# chmod x offset-extract.sh
[rootlocalhost utils]#
[rootlocalhost utils]# ls -al
total 8
drwxr-xr-x. 2 root root 31 Sep 6 2022 .
drwxr-xr-x. 4 root root 108 Sep 6 2022 ..
-rwxr-xr-x. 1 root root 4726 Sep 6 2022 offset-extract.sh
[rootlocalhost utils]# ./offset-extract.sh /usr/local/mysql/bin/mysqld
//offsets for: /usr/local/mysql/bin/mysqld (5.7.38)
{5.7.38,adf0327064da666263ab1ba6b3cf55bb, 7832, 7880, 3640, 4800, 456, 360, 0, 32, 64, 160, 544, 7996, 4368, 3648, 3656, 3660, 6080, 2072, 8, 7064, 7104, 7088, 13480, 148, 672, 0},
[rootlocalhost utils]#
6.修改MySQL配置文件
[rootlocalhost utils]# cd /etc/
[rootlocalhost etc]# vim my.cnf 这是我的my.cnf完整配置
[rootlocalhost etc]# cat my.cnf
[mysqld]
# 设置3306端口
port3306
# 设置mysql的安装目录
basedir/usr/local/mysql
# 设置mysql数据库的数据的存放目录
datadir/usr/local/mysql/mysqldb
# 允许最大连接数
max_connections10000
# 允许连接失败的次数。这是为了防止有人从该主机试图攻击数据库系统
max_connect_errors10
# 服务端使用的字符集默认为UTF8
character-set-serverutf8
# 创建新表时将使用的默认存储引擎
default-storage-engineINNODB
# 默认使用“mysql_native_password”插件认证
default_authentication_pluginmysql_native_password#审计offsets 不要乱配置
audit_offsets7832, 7880, 3640, 4800, 456, 360, 0, 32, 64, 160, 544, 7996, 4368, 3648, 3656, 3660, 6080, 2072, 8, 7064, 7104, 7088, 13480, 148, 672, 0
#审计操作命令
# 如果不指定audit_record_cmds所有DDLDML全记录
audit_record_cmdsselect,insert,delete,update,create,drop,alter,grant,truncate
#审计开关
audit_json_fileon
#加载审计第三方库
plugin-loadAUDITlibaudit_plugin.so
#审计日志路径
audit_json_log_file/var/log/mysql_audit.json[mysql]
# 设置mysql客户端默认字符集
default-character-setutf8
[client]
# 设置mysql客户端连接服务端时默认使用的端口
port3306
default-character-setutf8
[rootlocalhost etc]#7.安装mysql-audit插件
连接MySQL数据库 并查看安装的所有插件
[rootlocalhost log]# cd ~/Desktop/
[rootlocalhost Desktop]# cd /usr/local/mysql/bin/
[rootlocalhost bin]# ./mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.38 MySQL Community Server (GPL)Copyright (c) 2000, 2022, Oracle and/or its affiliates.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type help; or \h for help. Type \c to clear the current input statement.mysql show plugins;
----------------------------------------------------------------------------
| Name | Status | Type | Library | License |
----------------------------------------------------------------------------
| binlog | ACTIVE | STORAGE ENGINE | NULL | GPL |
| mysql_native_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| sha256_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| MRG_MYISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| CSV | ACTIVE | STORAGE ENGINE | NULL | GPL |
| InnoDB | ACTIVE | STORAGE ENGINE | NULL | GPL |
| INNODB_TRX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCKS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCK_WAITS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE_LRU | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_POOL_STATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_TEMP_TABLE_INFO | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_METRICS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DEFAULT_STOPWORD | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_BEING_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_CONFIG | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_CACHE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_TABLE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESTATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_INDEXES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_COLUMNS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FIELDS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN_COLS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESPACES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_DATAFILES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_VIRTUAL | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| MyISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| PERFORMANCE_SCHEMA | ACTIVE | STORAGE ENGINE | NULL | GPL |
| MEMORY | ACTIVE | STORAGE ENGINE | NULL | GPL |
| FEDERATED | DISABLED | STORAGE ENGINE | NULL | GPL |
| BLACKHOLE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| partition | ACTIVE | STORAGE ENGINE | NULL | GPL |
| ARCHIVE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| ngram | ACTIVE | FTPARSER | NULL | GPL |
----------------------------------------------------------------------------
44 rows in set (0.00 sec)mysql
安装mysql-audit
mysql install plugin audit soname libaudit_plugin.so;
Query OK, 0 rows affected (0.36 sec)mysql
mysql show plugins;
---------------------------------------------------------------------------------------
| Name | Status | Type | Library | License |
---------------------------------------------------------------------------------------
| binlog | ACTIVE | STORAGE ENGINE | NULL | GPL |
| mysql_native_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| sha256_password | ACTIVE | AUTHENTICATION | NULL | GPL |
| MRG_MYISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| CSV | ACTIVE | STORAGE ENGINE | NULL | GPL |
| InnoDB | ACTIVE | STORAGE ENGINE | NULL | GPL |
| INNODB_TRX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCKS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_LOCK_WAITS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMPMEM_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_CMP_PER_INDEX_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_PAGE_LRU | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_BUFFER_POOL_STATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_TEMP_TABLE_INFO | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_METRICS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DEFAULT_STOPWORD | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_BEING_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_CONFIG | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_CACHE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_FT_INDEX_TABLE | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESTATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_INDEXES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_COLUMNS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FIELDS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_FOREIGN_COLS | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_TABLESPACES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_DATAFILES | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| INNODB_SYS_VIRTUAL | ACTIVE | INFORMATION SCHEMA | NULL | GPL |
| MyISAM | ACTIVE | STORAGE ENGINE | NULL | GPL |
| PERFORMANCE_SCHEMA | ACTIVE | STORAGE ENGINE | NULL | GPL |
| MEMORY | ACTIVE | STORAGE ENGINE | NULL | GPL |
| FEDERATED | DISABLED | STORAGE ENGINE | NULL | GPL |
| BLACKHOLE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| partition | ACTIVE | STORAGE ENGINE | NULL | GPL |
| ARCHIVE | ACTIVE | STORAGE ENGINE | NULL | GPL |
| ngram | ACTIVE | FTPARSER | NULL | GPL |
| AUDIT | ACTIVE | AUDIT | libaudit_plugin.so | GPL |
---------------------------------------------------------------------------------------
45 rows in set (0.01 sec)mysql
我们发现插件已经成功安装
| AUDIT | ACTIVE | AUDIT | libaudit_plugin.so | GPL |
开启audit功能
mysql SET GLOBAL audit_json_fileON;
Query OK, 0 rows affected (0.00 sec)mysql
查看audit配置包括mysql_audit.json存储路径
mysql show variables like %audit%\G;
*************************** 1. row ***************************
Variable_name: audit_before_afterValue: after
*************************** 2. row ***************************
Variable_name: audit_checksumValue:
*************************** 3. row ***************************
Variable_name: audit_client_capabilitiesValue: OFF
*************************** 4. row ***************************
Variable_name: audit_delay_cmdsValue:
*************************** 5. row ***************************
Variable_name: audit_delay_msValue: 0
*************************** 6. row ***************************
Variable_name: audit_force_record_loginsValue: OFF
*************************** 7. row ***************************
Variable_name: audit_header_msgValue: ON
*************************** 8. row ***************************
Variable_name: audit_json_fileValue: ON
*************************** 9. row ***************************
Variable_name: audit_json_file_bufsizeValue: 1
*************************** 10. row ***************************
Variable_name: audit_json_file_flushValue: OFF
*************************** 11. row ***************************
Variable_name: audit_json_file_retryValue: 60
*************************** 12. row ***************************
Variable_name: audit_json_file_syncValue: 0
*************************** 13. row ***************************
Variable_name: audit_json_log_fileValue: /var/log/mysql_audit.json
*************************** 14. row ***************************
Variable_name: audit_json_socketValue: OFF
*************************** 15. row ***************************
Variable_name: audit_json_socket_nameValue: /var/run/db-audit/mysql.audit__usr_local_mysql_mysqldb_3306
*************************** 16. row ***************************
Variable_name: audit_json_socket_retryValue: 10
*************************** 17. row ***************************
Variable_name: audit_json_socket_write_timeoutValue: 1000
*************************** 18. row ***************************
Variable_name: audit_offsetsValue: 7832, 7880, 3640, 4800, 456, 360, 0, 32, 64, 160, 544, 7996, 4368, 3648, 3656, 3660, 6080, 2072, 8, 7064, 7104, 7088, 13480, 148, 672, 0
*************************** 19. row ***************************
Variable_name: audit_offsets_by_versionValue: ON
*************************** 20. row ***************************
Variable_name: audit_password_masking_cmdsValue: CREATE_USER,GRANT,SET_OPTION,SLAVE_START,CREATE_SERVER,ALTER_SERVER,CHANGE_MASTER,UPDATE
*************************** 21. row ***************************
Variable_name: audit_password_masking_regexValue: identified(?:/\*.*?\*/|\s)*?by(?:/\*.*?\*/|\s)*?(?:password)?(?:/\*.*?\*/|\s)*?[|](?psw.*?)(?!\\)[|]|password(?:/\*.*?\*/|\s)*?\((?:/\*.*?\*/|\s)*?[|](?psw.*?)(?!\\)[|](?:/\*.*?\*/|\s)*?\)|password(?:/\*.*?\*/|\s)*?(?:for(?:/\*.*?\*/|\s)*?\S?)?(?:/\*.*?\*/|\s)*?(?:/\*.*?\*/|\s)*?[|](?psw.*?)(?!\\)[|]|password(?:/\*.*?\*/|\s)*?[|](?psw.*?)(?!\\)[|]
*************************** 22. row ***************************
Variable_name: audit_record_cmdsValue: select,insert,delete,update,create,drop,alter,grant,truncate
*************************** 23. row ***************************
Variable_name: audit_record_objsValue:
*************************** 24. row ***************************
Variable_name: audit_sess_connect_attrsValue: ON
*************************** 25. row ***************************
Variable_name: audit_socket_credsValue: ON
*************************** 26. row ***************************
Variable_name: audit_uninstall_pluginValue: OFF
*************************** 27. row ***************************
Variable_name: audit_validate_checksumValue: ON
*************************** 28. row ***************************
Variable_name: audit_validate_offsets_extendedValue: ON
*************************** 29. row ***************************
Variable_name: audit_whitelist_cmdsValue: BEGIN,COMMIT,PING
*************************** 30. row ***************************
Variable_name: audit_whitelist_usersValue:
30 rows in set (0.01 sec)ERROR:
No query specifiedmysql
安装完成后重启MySQL服务器
ERROR:
No query specifiedmysql quit
Bye
[rootlocalhost bin]# service mysqld restart
Shutting down MySQL.. SUCCESS!
Starting MySQL.. SUCCESS!
[rootlocalhost bin]# 8.连接数据库测试 我在这里添加了两条数据
[rootlocalhost Desktop]# cd /var/log/
[rootlocalhost log]# ls | grep mysql_audit.json
[rootlocalhost log]#
[rootlocalhost log]# ls | grep mysql_audit.json
[rootlocalhost log]#
[rootlocalhost log]#
[rootlocalhost log]#
[rootlocalhost log]#
但是我到这个目录下找不到 mysql_audit.json 我们只需要把这个文件创建出来然后修改所有者和所属组就可以了
[rootlocalhost log]# ls | grep mysql_audit.json
[rootlocalhost log]#
[rootlocalhost log]#
[rootlocalhost log]# touch mysql_audit.json
[rootlocalhost log]#
[rootlocalhost log]# chown mysql:mysql mysql_audit.json
[rootlocalhost log]# tail -f mysql_audit.json
{msg-type:header,date:1715911942350,audit-version:1.1.13-1008,audit-protocol-version:1.0,hostname:localhost.localdomain,mysql-version:5.7.38,mysql-program:/usr/local/mysql/bin/mysqld,mysql-socket:/tmp/mysql.sock,mysql-port:3306,server_pid:5528}
{msg-type:activity,date:1715911942350,thread-id:3,query-id:75,user:root,priv_user:root,ip:192.168.1.104,host:192.168.1.104,_os:Windows,_client_name:libmariadb,_pid:14792,_thread:15300,_platform:AMD64,_client_version:3.2.3,_server_host:192.168.1.106,rows:1,status:0,cmd:insert,objects:[{db:test,name:tb_test_h1,obj_type:TABLE}],query:INSERT INTO test.tb_test_h1 (id, name, value, age, leven) VALUES (3, teww, fwer, 23, fafaw)}
{msg-type:activity,date:1715911942351,thread-id:3,query-id:76,user:root,priv_user:root,ip:192.168.1.104,host:192.168.1.104,_os:Windows,_client_name:libmariadb,_pid:14792,_thread:15300,_platform:AMD64,_client_version:3.2.3,_server_host:192.168.1.106,rows:1,status:0,cmd:select,objects:[{db:test,name:tb_test_h1,obj_type:TABLE}],query:SELECT * FROM test.tb_test_h1 WHERE id 3}
