auti-plugin-mysql插件下载

wget https://bintray.com/mcafee/mysql-audit-plugin/download_file?file_path=audit-plugin-mysql-5.7-1.1.7-921-linux-x86_64.zip

查看mysql插件目录

mysql> show variables like ‘%plugin_dir%‘;

查看是否已经安装

mysql> show global status like ‘%audit%‘;

解压

unzip audit-plugin-mysql-5.7-1.1.7-921-linux-x86_64.zip 
cp   audit-plugin-mysql-5.7-1.1.7-921/lib/libaudit_plugin.so  /usr/local/mysql/lib/plugin/
chmod a+x /usr/local/mysql/lib/plugin/libaudit_plugin.so 

安装

mysql> install plugin audit soname ‘libaudit_plugin.so‘;

查看插件版本

mysql> show global status like ‘%audit%‘;

检查插件功能是否开启

mysql> show variables like ‘%audit_json_file%‘;

开启插件服务

mysql> set global audit_json_file=ON;  ##ON/OFF

查看审计日志

tail -0f /data/mysqldb/mysql-audit.json

配置开启启动生效

vim /etc/my.cnf
[mysqld]
audit_json_file = on
plugin-load=AUDIT=libaudit_plugin.so
audit_record_cmds=‘insert,update,delete,drop_db,create_db,alter_db,drop_table,create_table,alter_table,select,grant,truncate‘ #默认NULL 表示记录全部操作
audit_offsets=7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13464, 148, 672, 0

获取audit_offsets的偏移量

cd audit-plugin-mysql-5.7-1.1.7-921/utils/
chmod +x offset-extract.sh 
which mysqld
./offset-extract.sh /usr/local/mysql/bin/mysqld

提示：开启安全审计会消耗磁盘io和容量

MySQL5.7社区版安装安全审计插件2021