Mysql 5.5.47 offsets won't extract

trellix-enterprise / mysql-audit

AUDIT Plugin for MySQL. See wiki and readme for description. If you find the plugin useful, please star us on GitHub. We love stars and it's a great way to show your feedback.

Other

239 stars 57 forks source link

Mysql 5.5.47 offsets won't extract #136

Closed daviddavis83 closed 8 years ago

daviddavis83 commented 8 years ago

I can't get the offesets for mysql version 5.5.47. I am running bodhi as an operating system. Here is the output I recieve:

./offset-extract.sh /usr/sbin/mysqld 160202 20:55:41 [Warning] Using unique option prefix key_buffer instead of key_buffer_size is deprecated and will be removed in a future release. Please use the full name instead. //offsets for: /usr/sbin/mysqld (5.5.47-0ubuntu0.12.04.1) offsets.gdb:2: Error in sourced command file: No symbol table is loaded. Use the "file" command.,

aharonrobbins commented 8 years ago

Hi. Please provide more information:

32 or 64 bit
Where to get an ISO image to install this version of Linux
Can you try with the version distributed from MySQL.org instead of with the Ubuntu version? That one may even work out of the box without needed to get offsets
Can you try with MySQL 5.6?

Thanks.

daviddavis83 commented 8 years ago

Linux info: Linux david-VirtualBox 3.16.0-29-generic #39-Ubuntu SMP Tue Dec 16 20:53:40 UTC 2014 i686 i686 i686 GNU/Linux

MySQL info: Server version: 5.5.47-0ubuntu0.14.04.1 (Ubuntu)

Audit Plugin: audit-plugin-mysql-5.5-1.0.8-527-linux-i386

I have changed a couple things since my original post but same problem. Even tried it in ubuntu. I know I just need the offsets but they won't extract. And I have followed every single instruction on the site and NOTHING fixes it.

aharonrobbins commented 8 years ago

Can you try these offsets?

//offsets for: /mysqlrpm/5.5.47/usr/sbin/mysqld (5.5.47)
{"5.5.47","669f76493658cd2758af28a1c391391a", 3872, 3900, 2368, 2748, 44, 1656, 60, 0, 20, 64, 60, 3956},

Thanks.

daviddavis83 commented 8 years ago

I tried that, this is the error in the log: [ERROR] Audit Plugin: Offsets set didn't pass validation. audit_offsets: 3872, 3900, 2368, 2748, 44, 1656, 60, 0, 20, 64, 60, 3956 .160203 16:23:55 [ERROR] Plugin 'AUDIT' init function returned error.160203 16:23:55 [Note] Audit Plugin: deinit

atze234 commented 8 years ago

Hi, i think you can extract the offsets, but you'll have to build your Ubuntu mysql server with debug symbols from Source. You can follow the Instructions here in Wiki i think: https://github.com/mcafee/mysql-audit/wiki/Troubleshooting "Offsets on Debian distributions"

I tested this using Debian, but for Ubuntu it should be the same. With Debian i got, maybe they're working for Ubuntu too: //offsets for: mysql-5.5.47/builddir/sql/mysqld (5.5.47-0) {"5.5.47-0","75cf0fbc69619284b80533621739d145", 6120, 6168, 3792, 4288, 88, 2592, 96, 0, 32, 104, 120, 6240}

aharonrobbins commented 8 years ago

@daviddavis83: There is an updated version of the offset-extract.sh script checked into Github. Can you try that and see what results you get? Thanks!