MariaDB Audit Plugin - Installation
The MariaDB Audit Plugin is provided as a dynamic library: server_audit.so
(server_audit.dll
for Windows). The plugin must and should be located in the directory for MariaDB's plugin library. The file path of the plugin library is stored in the plugin_dir
system variable. To see the value of this variable and determine thereby the file path of the plugin library, execute the following SQL statement:
SHOW GLOBAL VARIABLES LIKE 'plugin_dir'; +---------------+--------------------------+ | Variable_name | Value | +---------------+--------------------------+ | plugin_dir | /usr/lib64/mysql/plugin/ | +---------------+--------------------------+
Check that directory at the filesystem level to make sure you have a copy of the plugin library, server_audit.so
or server_audit.dll
, depending on your system. It's included in recent installations of MariaDB. If you do not have it, you should upgrade MariaDB.
The plugin can be loaded from the command‐line as a start‐up parameter, or it can be set in the configuration file--e.g., my.cnf
, my.ini
, or in /etc/my.cnf.d/server.cnf
. Below is an excerpt from the configuration file, showing the relevant line to load this plugin. To use this option from the command‐line at start‐up, just add a double‐dash (e.g., pluginload
).
[mysqld] ... plugin_load=server_audit=server_audit.so …
Another way to install this plug‐in is to execute the INSTALL PLUGIN
statement while logged into MariaDB. You would need to use an administrative account which has INSERT
privilege for the mysql.plugin
table. To do this, you would execute the following using the mysql
client or an equivalent client:
INSTALL PLUGIN server_audit SONAME 'server_audit.so';
The variables that will be used by the plugin (see the Configuration section) will be unknown to the server until the plugin has been loaded the first time. The database server will not start successfully if these variables are set in the configuration file before the audit plugin has been loaded at least once before.
Preventing an Uninstall
The UNINSTALL PLUGIN
statement may be used to uninstall a plugin. For the auditing plugin, you might want to disable this possibility. To do this, you could add the following line to the configuration file after the plugin is loaded once:
[mysqld] ... pluginload=server_audit=server_audit.so server_audit=FORCE_PLUS_PERMANENT ...
Once you've added the option above to the server's configuration file and restarted the server, if someone tries then to uninstall the audit plugin, an error message will be returned. Below is an example of this with the error message:
UNINSTALL PLUGIN server_audit; ERROR 1702 (HY000): Plugin 'server_audit' is force_plus_permanent and can not be unloaded