Mariadb database audit, Part 1
Last updated: May 22, 2022
I am starting a series of articles about which I will tell you about database auditing. The essence of the audit plugin is to register server activity. Client connections are logged, who connected to the server (i.e. username and host), what queries were executed, what tables were accessed and what server variables were changed, and much more. This information is stored in a constantly updated log file.
- Plugin location.
- Plugin installation.
- Prohibition to remove the plugin.
1. Plugin location.
All MariaDB plugins are located in a special directory, in order to check where this directory is located, there is a command:
mariadb> SHOW GLOBAL VARIABLES LIKE 'plugin_dir'
As you can see server_audit.so is present in the directory. If you don't have such a file, then you should upgrade your database to the latest versions of MariaDB.
2. Plugin installation.
Although the plugin is distributed with MariaDB by default, this plugin is not actually installed by default. There are two options for installing it, I will show both options.
The first option is to install via the database console without restarting the server:
mariadb> INSTALL SONAME 'server_audit'
After executing the installation command, you need to make sure that the plugin is really installed. To check, use the command in the console:
mariadb> SHOW PLUGINS
As a result, you should have an entry at the very end of the SERVER_AUDIT list with the status ACTIVE.
The second installation option is to add the plugin_load_add = server_audit construct to the configuration file. I don't really like this option because I have to restart the database.
$. vim /etc/my.cnf.d/server.cnf
We save and close the file. I will restart the database.
$. service mariadb restart
3. Prohibition to remove the plugin.
For some reason, someone may uninstall the audit plugin by accident or on purpose, or you may accidentally do it yourself with the UNINSTALL SONAME 'server_audit' command. To prevent this from happening, you can add the server_audit=FORCE_PLUS_PERMANENT parameter to the configuration file.
Save and restart the database.
Now we can check if the UNINSTALL SONAME 'server_audit' command will allow us to remove the audit plugin.
DOES NOT GIVE! SUPER!
Colleagues, today we installed a cool database audit plugin. In the following articles, we will analyze in detail all its features ...
Thank you all, I hope my article was of some help to you.