先登录上机器确认一下数据库版本号

$ mysqld --version
mysqld  Ver 5.7.17 for linux-glibc2.5 on x86_64 (MySQL Community Server (GPL))
# 或者进数据库查看
mysql> SHOW VARIABLES LIKE "%version%";
+--------------------------+------------------------------+
| Variable_name            | Value                        |
+--------------------------+------------------------------+
| audit_offsets_by_version | ON                           |
| innodb_version           | 5.7.17                       |
| protocol_version         | 10                           |
| slave_type_conversions   |                              |
| tls_version              | TLSv1,TLSv1.1                |
| version                  | 5.7.17-log                   |
| version_comment          | MySQL Community Server (GPL) |
| version_compile_machine  | x86_64                       |
| version_compile_os       | linux-glibc2.5               |
+--------------------------+------------------------------+
9 rows in set (0.01 sec)

可以看到，当前数据库为5.7.17社区版。
因为社区版未包含审计插件，需要自己下载
在github上搜索：mysql-audit ，之后根据自己的数据库版本，选择对应插件下载。这里选择：https://github.com/trellix-enterprise/mysql-audit/releases/download/v1.1.2/audit-plugin-mysql-5.7-1.1.2-694-linux-x86_64.zip

image.png

解压下载文件，获取lib目录下libaudit_plugin.so文件，上传到数据库插件目录

mysql> SHOW VARIABLES LIKE "%plugin_dir%";
+---------------+------------------------------+
| Variable_name | Value                        |
+---------------+------------------------------+
| plugin_dir    | /usr/local/mysql/lib/plugin/ |
+---------------+------------------------------+
1 row in set (0.00 sec)
mysql> exit
Bye
$ mv libaudit_plugin.so  /usr/local/mysql/lib/plugin/
$ chown mysql:mysql /usr/local/mysql/lib/plugin/libaudit_plugin.so
$ chmod a+x /usr/local/mysql/lib/plugin/libaudit_plugin.so

修改数据库配置文件/etc/my.cnf，配置相关审计项。网上有很多示例，但可能版本原因，很多参数系统无法识别，最后配置如下：

$ cat /etc/my.cnf
......
#启用安全审计
plugin-load-add=libaudit_plugin.so
# 审计日志文件路径
audit_json_log_file=/var/log/mysql/audit.log
audit_json_file=ON
audit_force_record_logins=ON
audit_record_cmds='insert,delete,update,create,drop,alter,grant,truncate,select'
......

再重启数据库，检查一下

mysql> SHOW PLUGINS;
+------------------------------------------+----------+--------------------+-----------------------+---------+
| Name                                     | Status   | Type               | Library               | License |
+------------------------------------------+----------+--------------------+-----------------------+---------+
| binlog                                   | ACTIVE   | STORAGE ENGINE     | NULL                  | GPL     |
| mysql_native_password                    | ACTIVE   | AUTHENTICATION     | NULL                  | GPL     |
| sha256_password                          | ACTIVE   | AUTHENTICATION     | NULL                  | GPL     |
| MyISAM                                   | ACTIVE   | STORAGE ENGINE     | NULL                  | GPL     |
| PERFORMANCE_SCHEMA                       | ACTIVE   | STORAGE ENGINE     | NULL                  | GPL     |
| InnoDB                                   | ACTIVE   | STORAGE ENGINE     | NULL                  | GPL     |
| INNODB_TRX                               | ACTIVE   | INFORMATION SCHEMA | NULL                  | GPL     |
| INNODB_LOCKS                             | ACTIVE   | INFORMATION SCHEMA | NULL                  | GPL     |
| INNODB_LOCK_WAITS                        | ACTIVE   | INFORMATION SCHEMA | NULL                  | GPL     |
......
| AUDIT                                    | ACTIVE   | AUDIT              | libaudit_plugin.so    | GPL     |
+------------------------------------------+----------+--------------------+-----------------------+---------+

参考：MySQL 5.7 审计插件安装与配置指南-百度开发者中心 (baidu.com)