Mariadb database audit, Part 1

Mariadb database audit, Part 1

Hello colleagues.

I am starting a series of articles about which I will tell you about database auditing. The essence of the audit plugin is to register server activity. Client connections are logged, who connected to the server (i.e. username and host), what queries were executed, what tables were accessed and what server variables were changed, and much more. This information is stored in a constantly updated log file.

Article content:

  1. Plugin location.
  2. Plugin installation.
  3. Prohibition to remove the plugin.
  4. Results.

 

1. Plugin location.

All MariaDB plugins are located in a special directory, in order to check where this directory is located, there is a command:

mariadb> SHOW GLOBAL VARIABLES LIKE 'plugin_dir'

mariadb_audit

mariadb_audit

As you can see server_audit.so is present in the directory. If you don't have such a file, then you should upgrade your database to the latest versions of MariaDB.


 

2. Plugin installation.

Although the plugin is distributed with MariaDB by default, this plugin is not actually installed by default. There are two options for installing it, I will show both options.

The first option is to install via the database console without restarting the server:

mariadb> INSTALL SONAME 'server_audit'

mariadb_audit

 

After executing the installation command, you need to make sure that the plugin is really installed. To check, use the command in the console:

mariadb> SHOW PLUGINS

mariadb_audit

As a result, you should have an entry at the very end of the SERVER_AUDIT list with the status ACTIVE.

 

The second installation option is to add the plugin_load_add = server_audit construct to the configuration file. I don't really like this option because I have to restart the database.

$. vim /etc/my.cnf.d/server.cnf

mariadb_audit

We save and close the file. I will restart the database.

$. service mariadb restart


 

3. Prohibition to remove the plugin.

For some reason, someone may uninstall the audit plugin by accident or on purpose, or you may accidentally do it yourself with the UNINSTALL SONAME 'server_audit' command. To prevent this from happening, you can add the server_audit=FORCE_PLUS_PERMANENT parameter to the configuration file.

mariadb_audit

Save and restart the database.

 

Now we can check if the UNINSTALL SONAME 'server_audit' command will allow us to remove the audit plugin.

mariadb_audit

DOES NOT GIVE! SUPER!


 

4. Results.

Colleagues, today we installed a cool database audit plugin. In the following articles, we will analyze in detail all its features ...


 

Thank you all, I hope my article was of some help to you.

SIMILAR ARTICLES

MariaDB - ERROR Incorrect definition of table
MariaDB - ERROR Incorrect definition of table
MARIADB
Read more
Mariabackup backup - gzip compression
Mariabackup backup - gzip compression
MARIADB
Read more
Mariabackup error - Error writing file UNKNOWN errno 32 Broken pipe
Mariabackup error - Error writing file UNKNOWN errno 32 Broken pipe
MARIADB
Read more