[#MDEV-14713] MariaDB Audit Plugin audits SET GLOBAL

[MDEV-14713] MariaDB Audit Plugin audits SET GLOBAL Created: 2017-12-19 Updated: 2022-04-25
Status:	Open
Project:	MariaDB Server
Component/s:	Plugin - Audit
Fix Version/s:	None

Type:

Task

Priority:

Major

Reporter:

Troy Frericks

Assignee:

Unassigned

Resolution:

Unresolved

Votes:

Labels:

None

Issue Links:

Relates
relates to	~~MDEV-17456~~	Malicious SUPER user can possibly cha...	Closed
relates to	~~MDEV-19459~~	Backport MDEV-17456 to server_audit p...	Closed
relates to	MDEV-5313	Improving audit api	Stalled
relates to	~~MDEV-5983~~	Auditing plugin v2.0	Closed

Description

The 'server_audit_events' system variable currently supports the following event types as filters:

CONNECT
QUERY
TABLE
QUERY_DDL
QUERY_DML
QUERY_DCL

I would like to request the following additional event type as a filter:

GLOBAL_VARIABLES

If this event type is selected for audit logging, then whenever the SET GLOBAL command is executed, the audit plugin should log the following information to the audit log:

The name of the system variable that is being changed.
The old value of the system variable.
The new value of the system variable.

Since the server_audit_% system variables can affect the audit logging configuration, it may be a good idea to make them special cases that are always logged, regardless of whether server_audit_events=GLOBAL_VARIABLES is set. See ~~MDEV-17456~~ for more information about a previous problem related to that.

Generated at Thu Feb 08 08:15:42 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-14713] MariaDB Audit Plugin audits SET GLOBAL Created: 2017-12-19 Updated: 2022-04-25