summary

Database audit （ abbreviation DBAudit） It can record the database activity on the network in real time , Compliance management for fine-grained audit of database operations , Alarm the risk behaviors suffered by the database , Block the attack . It records the user's access to the database 、 Analyze and report , Used to help users generate compliance reports afterwards 、 The accident is traced back to , At the same time, strengthen the internal and external database network behavior record , Improve data asset security .

Database audit is one of the database security technologies , Database security technology mainly includes ： Database Miss scan 、 Database encryption 、 Database firewall 、 Data desensitization 、 Database security audit system .

---

One 、 Characteristics of audit system

integrity ： Unique multi-level business related audit , For WEB layer 、 Application middle tier 、 The data layer performs correlation audit at all levels

fine-grained ： Fine grained audit rules 、 Accurate behavior retrieval and backtracking 、 Comprehensive risk control .

effectiveness ： The unique patented technology realizes the effective control of various attack risks and management risks of database security ; agile 、 Customizable audit rules meet the needs of all kinds of internal control and external audit （ Effectively control misoperation 、 Unauthorized operation 、 Malicious operations and other violations ）

Fairness ： Working mode based on independent audit , Realize the separation of database management and audit , Ensure the authenticity of the audit results 、 integrity 、 Fairness

zero risk ： There is no need to make any changes or add configuration to the existing database , Zero risk deployment can be achieved

Highly reliable ： Provide multi-level physical protection 、 Power down protection 、 Self monitoring and redundant deployment , Improve the overall reliability of the equipment

Easy to operate ： Fully consider the usage and maintenance habits of domestic users , Provide Web-based All Chinese operation interface and online operation tips

---

Two 、 Realization mysql Audit program

mysql The server itself does not provide audit function , But if you want to achieve MySQL Database audit , Generally, there are the following methods ：

1） Use init-connect + binlog Method mysql Operational audit of

2）MySQL audit—SQL Audit plug-ins or Third party open source audit plug-ins ：libaudit_plugin.so To complete MySQL The audit work of

3） be based on 360 Open source database traffic audit MySQL Sniffer

4） Use ELK Handle MySQL Database audit log （ELK The log analysis function is very powerful ）

5）Mysql bin-log Log for real-time storage and behavior analysis When the set rules are triggered, records and alarms are realized

6） Turn on mysql monitor , Implement monitoring logs and user commands , This kind is often a platform or software development result set

---

3、 ... and 、sql Audit plug-ins

server_audit Is an embedded mariadb The audit plug-in , stay mysql The same applies to , It is mainly used to record user operations .

1、 Download plug-ins

To website (https://bintray.com/version/files/mcafee/mysql-audit-plugin/release/1.1.7-805) Download plug-ins audit-plugin-mysql-5.7-1.1.7-80

2、 Upload to the server and unzip

unzip audit-plugin-mysql-5.7-1.1.7-805-linux-x86_64.zip 

3、 see mysql Plug in directory for :

show global variables like 'plugin_dir';

4、 Copy libaudit_plugin.so To mysql Plug-in directory :

cp /opt/audit-plugin-mysql-5.7-1.1.7-805/lib/libaudit_plugin.so /usr/lib64/mysql/plugin/chmod 755 /usr/lib64/mysql/plugin/libaudit_plugin.so

5、 install libaudit_plugin.so plug-in unit

install plugin audit soname 'libaudit_plugin.so';-- After the plug-in is successfully installed, there are these global variables show variables like '%audit%';

6、 Turn on the audit function

set global audit_json_file=1;-- Look at the plug-ins loaded select * from INFORMATION_SCHEMA.PLUGINS where PLUGIN_NAME like '%AUDIT%';

7、 Modify the configuration file

stay my.cnf Add the following , And restart the database

#audit Audit parameters plugin-load=AUDIT=libaudit_plugin.soaudit_json_file=on # Open the log plug-in audit_json_log_file=/data/log/mysql-audit.json # Record the path and name information of the file audit_record_cmds='insert,delete,update,create,drop,alter,grant,truncate' #audit Recorded commands 

8、 View audit log

tail -f /data/log/mysql-audit.json

---

If you think it's useful, please forward it ！ I'll share more later devops and DBA Aspects of , Interested friends can pay attention to ~