search

trellix-enterprise / mysql-audit

AUDIT Plugin for MySQL. See wiki and readme for description. If you find the plugin useful, please star us on GitHub. We love stars and it's a great way to show your feedback.
Other
239 stars 57 forks source link

offset-extract.sh error in ubuntu 18.04 #249

Open lzj960515 opened 2 years ago

lzj960515 commented 2 years ago

ubuntu18.04 mysql 5.7.39 plugin: audit-plugin-mysql-5.7-1.1.12-999-linux-x86_64.zip

image

I found a similar issue: https://github.com/mcafee-enterprise/mysql-audit/issues/234

Is there a solution now?

Thank You

penascimento commented 2 years ago

I have seen and also experienced this bug numerous times!! And only now, I figured out what the problem was — it as to do with the MySQL server package installed.

You have to have the -dbgsym .deb server (in your case I think is mysql-community-server-dbgsym_5.7.39-1ubuntu18.04_amd64.deb). Side note dbgsym stands for "Debug SYMbols." (those symbols are the ones that the error is saying that it could not find) You just download the file and run # dpkg -i mysql-community-server-dbgsym_5.7.39-1ubuntu18.04_amd64.deb after that, the offset-extarct should run!

I hope it helps!

lzj960515 commented 2 years ago

@penascimento Thank you for your help, but still no success.

I followed this document for the installation : https://ubuntu.pkgs.org/18.04/mysql-5.7-amd64/mysql-community-server-dbgsym_5.7.40-1ubuntu18.04_amd64.deb.html

image
penascimento commented 2 years ago

@penascimento Thank you for your help, but still no success.

I followed this document for the installation: https://ubuntu.pkgs.org/18.04/mysql-5.7-amd64/mysql-community-server-dbgsym_5.7.40-1ubuntu18.04_amd64.deb.html

image

First, all my tests have shown me that not all versions of MySQL 5.7 have a compatible audit for every ubuntu version!

With that in mind, the latest MySQL version I got working in ubuntu 18.04 with an operational audit, after several tries, was MySQL 8.0.25 (with audit v1.1.12-999).

I used MySQL dpkg directly from mysql.com

The procedure that I created, from various online posts (sorry I can not remember all places from where I compiled all this info), is this (this will work in every clean install of ubuntu 18.04): mkdir temp_mysql_8.0.25 && cd temp_mysql_8.0.25/ && sudo apt update && sudo apt install -y wget libaio1 libmecab2 && wget https://downloads.mysql.com/archives/get/p/23/file/mysql-server_8.0.25-1ubuntu18.04_amd64.deb-bundle.tar && wget https://downloads.mysql.com/archives/get/p/23/file/mysql-community-server-core-dbgsym_8.0.25-1ubuntu18.04_amd64.deb && sudo apt install gdb -y && tar -xvf mysql-server_*.tar && rm *test* | rm *.tar to install just run: sudo dpkg -i libmysql* mysql* get the offset running: sudo ./offset-extract.sh /usr/sbin/mysqld to install the plugin "libaudit_plugin.so", download audit v1.1.12-999 and after putting the libaudit_plugin.so in the server just run: sudo cp libaudit_plugin.so /usr/lib/mysql/plugin/. then append information from offset-extract in the /etc/mysql/mysql.conf.d/mysqld.cnf

restart MySQL and that should do it!