search

trellix-enterprise / mysql-audit

AUDIT Plugin for MySQL. See wiki and readme for description. If you find the plugin useful, please star us on GitHub. We love stars and it's a great way to show your feedback.
Other
239 stars 57 forks source link

Missing Offsets in Dev Snapshot #177

Closed atze234 closed 7 years ago

atze234 commented 7 years ago

Hello, in the latest Dev Snapshot (730) the Offsets for Debian mysql 5.5 are missing. Could you please add them in the next Version? This is the error log:

170731 9:41:47 [Note] McAfee Audit Plugin: starting up. Version: 1.1.5 , Revision: 730 (64bit). AUDIT plugin interface version: 50557 (0xc57d). MySQL Server version: 5.5.57-0+deb7u1-log. 170731 9:41:47 [Note] McAfee Audit Plugin: setup_offsets audit_offsets: (null) validate_checksum: 1 offsets_by_version: 1 170731 9:41:48 [Note] McAfee Audit Plugin: mysqld: /usr/sbin/mysqld (bb50fe24ce884230e2d9c565a13c2680) 170731 9:41:48 [Note] McAfee Audit Plugin: Couldn't find proper THD offsets for: 5.5.57-0+deb7u1-log 170731 9:41:48 [ERROR] Plugin 'AUDIT' init function returned error.

Thanks alot Jörg

aharonrobbins commented 7 years ago

Hi.

We don't include the offsets for any of the Debian distributions of MySQL. Please the Troubleshooting section of the Wiki. In particular, please look at the section labelled Offsets on Debian distributions which describes how to get the offsets for Debian's versions.

Thanks.

atze234 commented 7 years ago

I think the offsets for mysqlrpm 5.5.57 would work as well, when they are included. Everytime in the past they worked for me, for example mysql 5.5.55:

170508 10:11:23 [Note] Audit Plugin: starting up. Version: 1.1.2 , Revision: 694 (64bit). AUDIT plugin interface version: 50555 (0xc57b). MySQL Server version: 5.5.55-0+deb7u1-log. 170508 10:11:23 [Note] Audit Plugin: setup_offsets audit_offsets: (null) validate_checksum: 1 offsets_by_version: 1 170508 10:11:23 [Note] Audit Plugin: mysqld: /usr/sbin/mysqld (75b914dc2124ecdbf50f08fe57560a35) 170508 10:11:23 [ERROR] Audit Plugin: Offsets: 5.5.55 (863e03c6cdf67da35a98fa312de1f23b) match thread validation check fails with value: 0. Skipping offset. 170508 10:11:23 [Note] Audit Plugin: extended offsets validate res: MySQL thread id 123456, OS thread handle 0x0, query id 789 aud_tusr 170508 10:11:23 [Note] Audit Plugin: Using decrement (24) offsets from offset version: 5.5.55 (863e03c6cdf67da35a98fa312de1f23b) values: 6120 6168 3792 4288 88 2592 96 0 32 104 6240 4168 0 0 0 488 0 0 5984 6008 5992

I think the offsets for 5.5.57 for mysqlrpm are missing as well.

aharonrobbins commented 7 years ago

Thanks for noticing that 5.5.57 offsets aren't present. We will try to get them.

aharonrobbins commented 7 years ago

Offsets for MySQL 5.5.57 are now included. New binaries were uploaded as well. Thanks.