MySQL 安装审计插件audit_plugin.so

下载地址：

https://bintray.com/mcafee/mysql-audit-plugin/release/1.1.4-725#files
https://bintray.com/version/files/mcafee/mysql-audit-plugin/release/1.1.7-805

下载解压：

wget https://bintray.com/mcafee/mysql-audit-plugin/download_file?file_path=audit-plugin-mysql-5.7-1.1.7-805-linux-x86_64.zip

一些设置：

chmod 777 audit-plugin-mysql-5.7-1.1.7-805/utils/offset-extract.sh
cd audit-plugin-mysql-5.7-1.1.7-805/utils/
./offset-extract.sh /usr/sbin/mysqld
mv libaudit_plugin.so /usr/lib64/mysql/plugin/libaudit_plugin.so

添加配置到my.cnf中：

plugin-load=AUDIT=libaudit_plugin.so
audit_offsets = 7824, 7872, 3632, 4792, 456, 360, 0, 32, 64, 160, 536, 7988, 4360, 3648, 3656, 3660, 6072, 2072, 8, 7056, 7096, 7080, 13472, 148, 672

启动服务：

systemctl restart mysqld

安装插件：

mysql -uroot -p123456
INSTALL PLUGIN AUDIT SONAME 'libaudit_plugin.so';
mysql> show plugins;
mysql> show global status like 'AUDIT_version';

开启审计：

mysql> SET GLOBAL audit_json_file=ON;
Query OK, 0 rows affected (0.01 sec)

查看审计日志：到mysql的数据目录可以看到 mysql-audit.json 文件，即为审计文件。

tail -f mysql-audit.json
{"msg-type":"activity","date":"1599029951856","thread-id":"3","query-id":"133","user":"root","priv_user":"root","ip":"","host":"localhost","connect_attrs":{"_os":"Linux","_client_name":"libmysql","_pid":"1421","_client_version":"5.7.31","_platform":"x86_64","program_name":"mysql"},"pid":"1421","os_user":"root","appname":"mysql","rows":"2","status":"0","cmd":"show_variables","objects":[{"db":"","obj_type":"TABLE"},{"db":"performance_schema","name":"session_variables","obj_type":"TABLE"}],"query":"show variables like '%general_log%'"}

更多插件参数配置详见：

https://github.com/mcafee/mysql-audit/wiki/Configuration