Mysql配置数据库审计 1 背景2 环境3 准备工作4 安装审计4.1 解压审计包4.2 查看数据库插件目录4.3 安装数据库审计插件4.3.1 复制到插件目录4.3.2 修改插件权限4.3.3 设置审计参数4.3.4 修改数据库
项目接近尾声,验收是项目收尾的一个必不可少的环境,验收需要用到两个重要的凭证,国家信息安全等级保护三级认证(以下简称“等保”)和密码应用安全性评估(以下简称“密评”),其中等保里面对数据库进行了核查工作,针对数据库提到了两块内容,1、当前版本5.7.31存在漏洞,需要升级至5.7.34及以上版本,升级步骤参考《项目进行时-安全整改-docker中的mysql升级》2、数据库审计功能开具,本篇以此展开。
软件项目 | 版本 |
---|---|
操作系统 | Centos linux release 7.6.1810 (Core) |
mysql | Mysql CommUnity Server 5.7.39 |
audit | audit-5.7-1.1.12 |
工欲善其事必先利其器,针对这个审计功能,开始是从官网上下载当前5.7最新的版本5.7.40的版本,安装完毕后,审计插件尝试安了3个不同版本,都没有安装成功,然后各种尝试。各种撞墙。mysql官网下载最新版本,mariadb数据库下载最新版本,然后从mariadb目录中提取audit_service.so插件,各种安装各种失败。撞了三天墙,终于有点眉目了。逐项抛开云雾,终见明了。
1、安装mysql
安装mysql不是本篇重点,在本篇介绍,如需了解参考《Linux操作系统安装MySQL(rpm安装)》
2、下载审计插件
由于使用的是社区版MySql,没有内置审计,使用的McAfee的插件
MySQL5.7.39 审计日志插件安装mcafee日志插件
下面利用第三方开源审计插件 libaudit_plugin.so 在 MySQL 5.7.39上完成审计工作。
审计插件包下载
在线下载
wget https://GitHub.com/mcafee-enterprise/mysql-audit/releases/download/v1.1.12/audit-plugin-mysql-5.7-1.1.12-999-linux-x86_64.zip
将下载的审计包上传至指定目录
unzip audit-plugin-mysql-5.7-1.1.12-999-linux-x86_64.zip
登录mysql数据库,查询MySQL插件目录
mysql> SHOW GLOBAL VARIABLES LIKE '%plugin_dir%';+---------------+--------------------------+| Variable_name | Value |+---------------+--------------------------+| plugin_dir | /usr/lib64/mysql/plugin/ |+---------------+--------------------------+1 row in set (0.00 sec)
cp /home/mysql/audit-plugin-mysql-5.7-1.1.12-999/lib/libaudit_plugin.so /usr/lib64/mysql/plugin/
chmod a+x /usr/lib64/mysql/plugin/libaudit_plugin.so
查看mysql目录
whereis mysqldmysqld: /usr/sbin/mysqld /usr/share/man/man8/mysqld.8.gz
执行初始配置
cd /home/mysql/audit-plugin-mysql-5.7-1.1.12-999/utilschmod a+x offset-extract.sh./offset-extract.sh /usr/sbin/mysqld//offsets for: /usr/sbin/mysqld (5.7.39){"5.7.39","b57179ad7574dba5b56dcaff83a37c22", 7832, 7880, 3640, 4800, 456, 360, 0, 32, 64, 160, 544, 7996, 4368, 3656, 3664, 3668, 6080, 2072, 8, 7064, 7104, 7088, 13480, 148, 672, 0},
vi /etc/my.cnf
添加如下配置
[mysqld]plugin-load=AUDIT=libaudit_plugin.soaudit_offsets=7832, 7880, 3640, 4800, 456, 360, 0, 32, 64, 160, 544, 7996, 4368, 3648, 3656, 3660, 6080, 2072, 8, 7064, 7104, 7088, 13480, 148, 672, 0audit_JSON_file = onaudit_record_cmds = 'insert,delete,update,create,drop,alter,grant,truncate'
syetemctl restart mysqld
登录mysql,安装插件
mysql> install plugin audit soname 'libaudit_plugin.so';
mysql> show plugins;+----------------------------+----------+--------------------+--------------------+---------+| Name | Status | Type | Library | License |+----------------------------+----------+--------------------+--------------------+---------+| binlog | ACTIVE | STORAGE ENGINE | NULL | GPL || mysql_native_passWord | ACTIVE | AUTHENTICATioN | NULL | GPL || sha256_password | ACTIVE | AUTHENTICATION | NULL | GPL || CSV | ACTIVE | STORAGE ENGINE | NULL | GPL || MEMORY | ACTIVE | STORAGE ENGINE | NULL | GPL || InnoDB | ACTIVE | STORAGE ENGINE | NULL | GPL || INNODB_TRX | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_LOCKS | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_LOCK_WaiTS | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_CMP | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_CMP_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_CMPMEM | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_CMPMEM_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_CMP_PER_INDEX | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_CMP_PER_INDEX_RESET | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_BUFFER_PAGE | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_BUFFER_PAGE_LRU | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_BUFFER_POOL_STATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_TEMP_TABLE_INFO | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_METRICS | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_FT_DEFAULT_STOPWORD | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_FT_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_FT_BEING_DELETED | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_FT_CONFIG | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_FT_INDEX_CACHE | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_FT_INDEX_TABLE | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_SYS_TABLES | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_SYS_TABLESTATS | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_SYS_INDEXES | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_SYS_COLUMNS | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_SYS_FIELDS | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_SYS_FOREIGN | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_SYS_FOREIGN_COLS | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_SYS_TABLESPACES | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_SYS_DATAFILES | ACTIVE | INFORMATION SCHEMA | NULL | GPL || INNODB_SYS_VIRTUAL | ACTIVE | INFORMATION SCHEMA | NULL | GPL || MyISAM | ACTIVE | STORAGE ENGINE | NULL | GPL || MRG_MYISAM | ACTIVE | STORAGE ENGINE | NULL | GPL || PERFORMANCE_SCHEMA | ACTIVE | STORAGE ENGINE | NULL | GPL || ARCHive | ACTIVE | STORAGE ENGINE | NULL | GPL || BLACKHOLE | ACTIVE | STORAGE ENGINE | NULL | GPL || FEDERATED | DISABLED | STORAGE ENGINE | NULL | GPL || partition | ACTIVE | STORAGE ENGINE | NULL | GPL || ngram | ACTIVE | FTPARSER | NULL | GPL || AUDIT | ACTIVE | AUDIT | libaudit_plugin.so | GPL |+----------------------------+----------+--------------------+--------------------+---------+45 rows in set (0.00 sec)
mysql> show global status like 'AUDIT_version'; +---------------+------------+| Variable_name | Value |+---------------+------------+| Audit_version | 1.1.12-999 |+---------------+------------+1 row in set (0.00 sec)
审计日志存在于mysql-audit.json,查看文件路径
find / -name mysql-audit.json
查看日志
tail -f /var/lib/mysql/mysql-audit.json{"msg-type":"header","date":"1677578116432","audit-version":"1.1.12-999","audit-protocol-version":"1.0","hostname":"ecs-f50a-1025352","mysql-version":"5.7.39","mysql-program":"/usr/sbin/mysqld","mysql-Socket":"/var/lib/mysql/mysql.sock","mysql-port":"0","server_pid":"16123"}
以上为MySQL的数据库审计功能的安装步骤。
来源地址:https://blog.csdn.net/shallow72/article/details/129272023
--结束END--
本文标题: MySQL配置数据库审计
本文链接: https://www.lsjlt.com/news/373364.html(转载时请注明来源链接)
有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
下载Word文档到电脑,方便收藏和打印~
2024-05-03
2024-05-03
2024-05-03
2024-05-03
2024-05-03
2024-05-03
2024-05-03
2024-05-03
2024-05-03
2024-05-03
回答
回答
回答
回答
回答
回答
回答
回答
回答
回答
0