mariadb 10.1.xx 自带数据库审计插件,直接上操作过程
2016-12-27 08:30
369 查看
MariaDB 10.1.20 最新版本使用自带插件
192.168.1.91 开启数据库审计
192.168.1.94 远程访问,执行ddl,dml,dcl 可以细粒度审计
大早上起早来公司做测试,数据库先装的,直接上操作过程
[root@mysql91 /]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.02 sec)
MariaDB [(none)]> use test
Database changed
MariaDB [test]> show tables;
Empty set (0.00 sec)
MariaDB [test]>
MariaDB [test]> show variables like 'plugin_dir';
+---------------+------------------------------+
| Variable_name | Value |
+---------------+------------------------------+
| plugin_dir | /usr/local/mysql/lib/plugin/ |
+---------------+------------------------------+
1 row in set (0.01 sec)
MariaDB [test]> install plugin server_audit SONAME 'server_audit.so';
Query OK, 0 rows affected (0.05 sec)
MariaDB [test]> show variables like 'server%';
+-------------------------------+-----------------------+
| Variable_name | Value |
+-------------------------------+-----------------------+
| server_audit_events | |
| server_audit_excl_users | |
| server_audit_file_path | server_audit.log |
| server_audit_file_rotate_now | OFF |
| server_audit_file_rotate_size | 1000000 |
| server_audit_file_rotations | 9 |
| server_audit_incl_users | |
| server_audit_logging | OFF |
| server_audit_mode | 0 |
| server_audit_output_type | file |
| server_audit_query_log_limit | 1024 |
| server_audit_syslog_facility | LOG_USER |
| server_audit_syslog_ident | mysql-server_auditing |
| server_audit_syslog_info | |
| server_audit_syslog_priority | LOG_INFO |
| server_id | 100 |
+-------------------------------+-----------------------+
16 rows in set (0.00 sec)
MariaDB [test]> set global server_audit_logging=on;
Query OK, 0 rows affected (0.00 sec)
MariaDB [test]> set global server_audit_events='query_ddl'; --细粒度审计OK
Query OK, 0 rows affected (0.00 sec)
MariaDB [test]> set global server_audit_events='query_dml';
Query OK, 0 rows affected (0.00 sec)
MariaDB [test]> set global server_audit_events='query_dcl';
Query OK, 0 rows affected (0.00 sec)
MariaDB [test]> grant select on *.* to roidba_r@'%' identified by 'roidba_r';
Query OK, 0 rows affected (0.00 sec)
查看日志的审计情况
[root@mysql91 mysql]# ls
aria_log.00000001 ib_buffer_pool ib_logfile1 multi-master.info mysql91.pid server_audit.log
aria_log_control ib_logfile0 ibdata1 mysql/ performance_schema/ test/
[root@mysql91 mysql]# tail -f server_audit.log
20161227 13:49:55,mysql91,root,localhost,4,12,QUERY,test,'set global server_audit_logging=on',0
20161227 13:54:37,mysql91,roidba,192.168.1.94,6,21,QUERY,test,'create table t1 (id int)',0
20161227 13:56:28,mysql91,roidba,192.168.1.94,6,25,QUERY,test,'insert into t1 values(2)',0
20161227 13:56:51,mysql91,roidba,192.168.1.94,6,26,QUERY,test,'update t1 set id=2 where id=1',0
20161227 14:16:36,mysql91,root,localhost,4,32,QUERY,test,'grant select on *.* to roidba_r@\'%\' identified by *****',0
具体的参数调整,参数含义大家需要自己上官方网站查看,
我一直坚持最好的文档就是看官方文档。
192.168.1.91 开启数据库审计
192.168.1.94 远程访问,执行ddl,dml,dcl 可以细粒度审计
大早上起早来公司做测试,数据库先装的,直接上操作过程
[root@mysql91 /]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.02 sec)
MariaDB [(none)]> use test
Database changed
MariaDB [test]> show tables;
Empty set (0.00 sec)
MariaDB [test]>
MariaDB [test]> show variables like 'plugin_dir';
+---------------+------------------------------+
| Variable_name | Value |
+---------------+------------------------------+
| plugin_dir | /usr/local/mysql/lib/plugin/ |
+---------------+------------------------------+
1 row in set (0.01 sec)
MariaDB [test]> install plugin server_audit SONAME 'server_audit.so';
Query OK, 0 rows affected (0.05 sec)
MariaDB [test]> show variables like 'server%';
+-------------------------------+-----------------------+
| Variable_name | Value |
+-------------------------------+-----------------------+
| server_audit_events | |
| server_audit_excl_users | |
| server_audit_file_path | server_audit.log |
| server_audit_file_rotate_now | OFF |
| server_audit_file_rotate_size | 1000000 |
| server_audit_file_rotations | 9 |
| server_audit_incl_users | |
| server_audit_logging | OFF |
| server_audit_mode | 0 |
| server_audit_output_type | file |
| server_audit_query_log_limit | 1024 |
| server_audit_syslog_facility | LOG_USER |
| server_audit_syslog_ident | mysql-server_auditing |
| server_audit_syslog_info | |
| server_audit_syslog_priority | LOG_INFO |
| server_id | 100 |
+-------------------------------+-----------------------+
16 rows in set (0.00 sec)
MariaDB [test]> set global server_audit_logging=on;
Query OK, 0 rows affected (0.00 sec)
MariaDB [test]> set global server_audit_events='query_ddl'; --细粒度审计OK
Query OK, 0 rows affected (0.00 sec)
MariaDB [test]> set global server_audit_events='query_dml';
Query OK, 0 rows affected (0.00 sec)
MariaDB [test]> set global server_audit_events='query_dcl';
Query OK, 0 rows affected (0.00 sec)
MariaDB [test]> grant select on *.* to roidba_r@'%' identified by 'roidba_r';
Query OK, 0 rows affected (0.00 sec)
查看日志的审计情况
[root@mysql91 mysql]# ls
aria_log.00000001 ib_buffer_pool ib_logfile1 multi-master.info mysql91.pid server_audit.log
aria_log_control ib_logfile0 ibdata1 mysql/ performance_schema/ test/
[root@mysql91 mysql]# tail -f server_audit.log
20161227 13:49:55,mysql91,root,localhost,4,12,QUERY,test,'set global server_audit_logging=on',0
20161227 13:54:37,mysql91,roidba,192.168.1.94,6,21,QUERY,test,'create table t1 (id int)',0
20161227 13:56:28,mysql91,roidba,192.168.1.94,6,25,QUERY,test,'insert into t1 values(2)',0
20161227 13:56:51,mysql91,roidba,192.168.1.94,6,26,QUERY,test,'update t1 set id=2 where id=1',0
20161227 14:16:36,mysql91,root,localhost,4,32,QUERY,test,'grant select on *.* to roidba_r@\'%\' identified by *****',0
具体的参数调整,参数含义大家需要自己上官方网站查看,
我一直坚持最好的文档就是看官方文档。
相关文章推荐
- SQLServer2000存储过程中通过数据库链接操作Oracle数据库
- 存储过程跨系统跨数据库操作
- 利用Java存储过程简化数据库操作
- NUnit单元测试整理高级篇之测试数据库操作以及VS插件TestDriven的使用
- magento -- 在magento下如何直接操作数据库
- JSP数据库操作例程 - 存储过程 - JDBC-ODBC - SQL Server - 1.1版本
- magento -- 在magento下如何直接操作数据库
- 利用Java存储过程简化数据库操作
- 不用JDBC:ODBC bridge直接操作Access 数据库
- 数据库访问类(直接执行数据库操作)
- 利用Java存储过程简化数据库操作
- 直接通过ADO操作Access数据库
- 组长帮忙实现了基类传参无存储过程能多用的数据库操作
- 利用Java存储过程简化数据库操作
- SQL2K数据库开发二十九之存储过程操作查看存储过程 推荐
- JSP数据库操作例程-存储过程
- 利用Java存储过程简化数据库操作
- SQL2K数据库开发二十六之存储过程操作创建存储过程(一)
- 关于在存储过程中使用游标操作数据库
- 数据库访问类(直接执行数据库操作)