The MariaDB Audit Plugin is provided as a dynamic library: server_audit.so (server_audit.dll for Windows). The plugin must be located in the plugin directory, the directory containing all plugin libraries for MariaDB.

The file path of the plugin library is stored in the plugin_dir system variable. To see the value of this variable and thereby determine the file path of the plugin library, execute the following SQL statement:

SHOW GLOBAL VARIABLES LIKE 'plugin_dir';

+---------------+--------------------------+
| Variable_name | Value                    |
+---------------+--------------------------+
| plugin_dir    | /usr/lib64/mysql/plugin/ |
+---------------+--------------------------+

Check the directory returned at the filesystem level to make sure you have a copy of the plugin library, server_audit.so or server_audit.dll, depending on your system. It's included in recent installations of MariaDB. If you do not have it, you should upgrade MariaDB.

One way and not the best way to install this plug‐in is to execute the INSTALL PLUGIN statement while logged into MariaDB. You would need to use an administrative account which has INSERT privilege for the mysql.plugin table. To do this, you would execute the following using the mysql client or an equivalent client:

INSTALL PLUGIN server_audit 
SONAME 'server_audit.so';

The problem with this method of loading the plugin is that the plugin won't be re-enabled when the server restarts. It's better to load it at start-up.

Loading Plugin at Start-Up

The plugin can be loaded from the command‐line as a start‐up parameter, or it can be set in the configuration filee.g., my.cnf, my.ini, or in /etc/my.cnf.d/server.cnf. Below is an excerpt from the configuration file, showing the relevant line to load this plugin. To use this option from the command‐line at start‐up, just add a double‐dash (e.g., ­-plugin_load).

[mysqld]
... 
plugin_load=server_audit=server_audit.so 
…

The variables that will be used by the plugin (see Configuration) will be unknown to the server until the plugin has been loaded the first time. The database server will not start successfully if these variables are set in the configuration file before the audit plugin has been loaded at least once before.

Blocking UNINSTALL PLUGIN

The UNINSTALL PLUGIN statement may be used to uninstall a plugin. For the auditing plugin, you might want to disable this possibility. To do this, you could add the following line to the configuration file after the plugin is loaded once:

[mysqld]
... 
plugin­_load=server_audit=server_audit.so
server_audit=FORCE_PLUS_PERMANENT
...

Once you've added the option above to the server's configuration file and restarted the server, if someone then tries to uninstall the audit plugin, an error message will be returned. Below is an example of this with the error message:

UNINSTALL PLUGIN server_audit;

ERROR 1702 (HY000):
Plugin 'server_audit' is force_plus_permanent and can not be unloaded

Comments

Comments loading...