MySQL SQL审计平台部署

数据库审计(简称DBAudit)能够实时记录网络上的数据库活动,对数据库操作进行细粒度审计的合规性管理,对数据库遭受到的风险行为进行告警,对攻击行为进行阻断。它通过对用户访问数据库行为的记录、分析和汇报,用来帮助用户事后生成合规报告、事故追根溯源,同时加强内外部数据库网络行为记录,提高数据资产安全。

MySQL SQL审计平台部署

Yearning简介:

  • Yearning 是MYSQL SQL语句审核平台。提供查询审计,SQL审核等多种功能。

  • Yearning 1.x版本需inception提供SQL审核及回滚功能。

  • Yearning 2.0开始无需依赖Inception,已自己实现了SQL审核/回滚功能

  • 本文版本为Yearning2.2.0。

官方Github地址:https://github.com/cookieY/Yearning/releases/

注意事项:

  • Yearning 不依赖于任何第三方SQL审核工具作为审核引擎,内部已自己实现审核/回滚相关逻辑。

  • 仅依赖Mysql数据库。

  • mysql版本必须5.7及以上版本,请事先自行安装完毕且创建Yearning库,字符集应为UTF8mb4 (仅Yearning所需mysql版本)

  • Yearning日志仅输出error级别,没有日志即可认为无运行错误!

  • Yearning 基于1080p分辨率开发仅支持1080p及以上显示器访问

  • 由于使用较多新的前端技术栈,请使用Chrome最新版本(不包括360等其他魔改版本)

安装步骤:

  • 需要MySQL 5.7版本数据库,然后创建yearning库yearning用户字符集utf8mb4
    mysql> create database yearning charset utf8mb4;
    mysql> grant all on yearning.* to yearning@localhost identified by 'yearning';
[root@yearning ~]# mkdir /home/tools && cd /home/tools
[root@yearning tools]# wget https://github.com/cookieY/Yearning/releases/download/v2.2.0/Yearning-2.2.0.linux-amd64.zip
[root@yearning tools]# unzip Yearning-2.2.0.linux-amd64.zip -d /usr/local/
[root@yearning tools]# cd /usr/local/Yearning-go/

[root@yearning tools]# cat conf.toml
[Mysql]
Db = "yearning"
Host = "localhost"
Port = "3306"
Password = "yearning"
User = "yearning"

[General]
SecretKey = "dbawspeupqjsuwsm"   # 数据库加解密key,只可更改一次。

# SecretKey是token/数据库密码加密/解密的salt。
# 建议所有用户在初次安装Yearning之前将SecretKey更改(不更改将存在安全风险)
# 格式: 大小写字母均可, 长度必须为16位
# 特别注意:
# 此key仅可在初次安装时更改!之后不可再次更改!如再次更改会导致之前已存放的数据源密码无法解密,最终导致无法获取相关数据源信息

初始化数据结构:

[root@inception Yearning-go]# ./Yearning -h
version: Yearning/2.2.0 author: HenryYee
Usage: Yearning [-m migrate] [-p port] [-s start] [-b web-bind] [-h help] [-c config file]

Options:
 -s  启动Yearning
 -m  数据初始化(第一次安装时执行)
 -p  端口
 -b  钉钉/邮件推送时显示的平台地址
 -x  表结构修复,升级时可以操作。如出现错误可直接忽略。
 -h  帮助
 -c  配置文件路径
 -k  用户权限变更为权限组(2.1.7以下升级至2.1.7及以上使用)
 -f  初始化Admin用户密码

[root@inception Yearning-go]# ./Yearning -m

(/var/jenkins_home/workspace/Yearning-go/src/service/migrate.go:31) 
[2020-03-11 17:01:31]  [0.55ms]  INSERT  INTO `core_accounts` (`username`,`password`,`rule`,`department`,`real_name`,`email`,`is_read`) VALUES ('admin','pbkdf2_sha256$120000$E2De5uQKPxsS$6yiFBE7Tubdirp2fJwMIjCqprrmZyH7rX0UCcEjMjAA=','admin','DBA','超级管理员','',0)  
[1 rows affected or returned ] 

(/var/jenkins_home/workspace/Yearning-go/src/service/migrate.go:39) 
[2020-03-11 17:01:31]  [0.94ms]  INSERT  INTO `core_global_configurations` (`authorization`,`ldap`,`message`,`other`,`stmt`,`audit_role`,`board`) VALUES ('global','{"url":"","user":"","password":"","type":1,"sc":"","ldaps":false}','{"web_hook":"","host":"","port":25,"user":"","password":"","to_user":"","mail":false,"ding":false,"ssl":false}','{"limit":"1000","idc":["Aliyun","AWS"],"multi":false,"query":false,"exclude_db_list":[],"insulate_word_list":[],"register":false,"export":false,"per_order":2,"ex_query_time":60,"query_timeout":0}',0,'{"DMLInsertColumns":false,"DMLMaxInsertRows":10,"DMLWhere":false,"DMLOrder":false,"DMLSelect":false,"DDLCheckTableComment":false,"DDlCheckColumnComment":false,"DDLCheckColumnNullable":false,"DDLCheckColumnDefault":false,"DDLTimeFieldDefault":false,"DDLEnableAcrossDBRename":false,"DDLEnableAutoincrementInit":false,"DDLEnableAutoIncrement":false,"DDLEnableAutoincrementUnsigned":false,"DDLEnableDropTable":false,"DDLEnableDropDatabase":false,"DDLEnableNullIndexName":false,"DDLIndexNameSpec":false,"DDLMaxKeyParts":5,"DDLMaxKey":5,"DDLMaxCharLength":10,"MaxTableNameLen":10,"MaxAffectRows":1000,"MaxDDLAffectRows":0,"EnableSetCollation":false,"EnableSetCharset":false,"SupportCharset":"","SupportCollation":"","CheckIdentifier":false,"MustHaveColumns":"","DDLMultiToSubmit":false,"DDLPrimaryKeyMust":false,"DDLAllowColumnType":false,"DDLImplicitTypeConversion":false,"DMLMinimalRollback":false,"DDLAllowPRINotInt":false,"IsOSC":false,"OscBinDir":"","OscDropNewTable":false,"OscDropOldTable":false,"OscCheckReplicationFilters":false,"OscCheckAlter":false,"OscAlterForeignKeysMethod":"rebuild_constraints","OscMaxLag":1,"OscRecursionMethod":"processlist","OscCheckInterval":1,"OscMaxThreadConnected":25,"OscMaxThreadRunning":25,"OscCriticalThreadConnected":20,"OscCriticalThreadRunning":20,"OscPrintSql":false,"OscChunkTime":0.5,"OscSize":0,"AllowCreateView":false,"AllowCreatePartition":false,"AllowSpecialType":false}','')  
[1 rows affected or returned ] 

(/var/jenkins_home/workspace/Yearning-go/src/service/migrate.go:46) 
[2020-03-11 17:01:31]  [2.34ms]  INSERT  INTO `core_graineds` (`username`,`rule`,`permissions`,`group`) VALUES ('admin','','{"ddl":"1","ddl_source":[],"dml":"1","dml_source":[],"user":"1","base":"1","auditor":[],"query":"1","query_source":[]}',NULL)  
[1 rows affected or returned ] 
初始化成功!
 用户名: admin
密码:Yearning_admin

启动服务:

[root@inception Yearning-go]# ./Yearning -s
检查更新.......
数据已更新!

__    __  _____       ___   _____    __   _   _   __   _   _____  
\ \  / / | ____|     /   | |  _  \  |  \ | | | | |  \ | | /  ___| 
 \ \/ /  | |__      / /| | | |_| |  |   \| | | | |   \| | | |     
  \  /   |  __|    / / | | |  _  /  | |\   | | | | |\   | | |  _  
  / /    | |___   / /  | | | | \ \  | | \  | | | | | \  | | |_| | 
 /_/     |_____| /_/   |_| |_|  \_\ |_|  \_| |_| |_|  \_| \_____/  vgolang.ver

Welcome to Yearning
https://yearning.io
____________________________________O/_______
                                    O\
⇨ http server started on [::]:8000

# 后台运行
[root@yearning ~]# nohup /usr/local/Yearning-go/Yearning -s >> /var/log/yearning.log

[root@yearning ~]# cat /var/log/yearning.log
检查更新.......
数据已更新!

__    __  _____       ___   _____    __   _   _   __   _   _____  
\ \  / / | ____|     /   | |  _  \  |  \ | | | | |  \ | | /  ___| 
 \ \/ /  | |__      / /| | | |_| |  |   \| | | | |   \| | | |     
  \  /   |  __|    / / | | |  _  /  | |\   | | | | |\   | | |  _  
  / /    | |___   / /  | | | | \ \  | | \  | | | | | \  | | |_| | 
 /_/     |_____| /_/   |_| |_|  \_\ |_|  \_| |_| |_|  \_| \_____/  vgolang.ver

Welcome to Yearning
https://yearning.io
____________________________________O/_______
                                    O\
⇨ http server started on [::]:8000

浏览器访问:

http://172.18.1.99:8000

「点点赞赏,手留余香」

    还没有人赞赏,快来当第一个赞赏的人吧!
0 条回复 A 作者 M 管理员
    所有的伟大,都源于一个勇敢的开始!
欢迎您,新朋友,感谢参与互动!欢迎您 {{author}},您在本站有{{commentsCount}}条评论