热门标签
热门文章
- 1Python编程实例-Tkinter GUI编程-Treeview_python tkinter treeview
- 2springboot 整合 邮件发送_oxxsw
- 3Linux添加用户及用户权限管理_用linux命令给用户加权限_linux操作系统添加核管理用户
- 4pyqt5基本使用操作_pyqt5怎么使用
- 5hive里如何快速查看表中有多少记录数_hive获取数据量
- 6JavaScript实现打印指定区域的内容(附完整源码)_js打印指定区域内容
- 7【Linux系统进阶】Linux命令日志审计方法、企业中动态密码方案、加密算法md5与随机数8种方法(二)_linux audit日志审计命令
- 8利用AI大模型实现自然语言到SQL的转换及其优化_ai sql
- 9SQLAlchemy 连接 MySQL 数据库(一)_sqlalchemy 链接mysql
- 10mysql中授权(grant)和撤销授权(revoke)等命令的用法详解
当前位置: article > 正文
yearning搭建及使用_yearning使用
作者:空白诗007 | 2024-08-01 06:59:43
赞
踩
yearning使用
yearning搭建及使用
数据库审计管理,是数据安全规范中不可或缺的一环,通过审计管理我们能够把控、追溯sql执行情况。yearning作为一款开源的数据库审计软件,是我们开发运维工作中经常打交道的一个“伙伴”。
yearning提供的核心功能就是sql查询和审计。
我们可以通过yearning来创建用户,设置权限,规定哪些用户可以查询哪个库,哪些用户可以修改哪个库,查询、修改操作需要经过那些人的审批后才能执行,执行完成的SQL修改语句可以进行回退,可以监控追溯到哪些人执行了哪些SQL。
一、搭建
1、二进制搭建
1.1、准备数据库
- navicat工具创建数据库
![[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-e3iQc7tr-1670921520594)(/Users/hanwang/Library/Application Support/typora-user-images/image-20221213154841896.png)]](https://i-blog.csdnimg.cn/blog_migrate/d29bb3a44cedeed2df160ed35dc7a070.png)
- mysql命令行创建
mysql> create database yearning;
- 1
- 创建用户并授权
mysql> use mysql;
mysql> create user 'yearning'@'%' identified by 'Yearning@123';
mysql> grant all privielges on yearning.* to 'yearning'@'%';
mysql> flush privileges;
- 1
- 2
- 3
- 4
1.2、下载
- 下载地址:https://github.com/cookieY/Yearning/releases
mkdir /opt/yearning
cd /opt/yearning
wget https://github.com/cookieY/Yearning/releases/download/v3.1.1/Yearning-v3.1.1-linux-amd64.zip
- 1
- 2
- 3
- 4
1.3、修改配置
cd /opt/yearning unzip Yearning-v3.1.1-linux-amd64.zip cd Yearning vim conf.toml [Mysql] Db = "Yearning" Host = "your db ip" Port = "3306" Password = "Yearning@123" User = "yearning" [General] SecretKey = "dbcjqheupqjsuwsm" Hours = 4 [Oidc] Enable = false ClientId = "yearning" ClientSecret = "fefehelj23jlj22f3jfjdfd" Scope = "openid profile" AuthUrl = "https://keycloak.xxx.ca/auth/realms/master/protocol/openid-connect/auth" TokenUrl = "https://keycloak.xxx.ca/auth/realms/master/protocol/openid-connect/token" UserUrl = "https://keycloak.xxx.ca/auth/realms/master/protocol/openid-connect/userinfo" RedirectUrL = "http://127.0.0.1:8000/oidc/_token-login" UserNameKey = "preferred_username" RealNameKey = "name" EmailKey = "email" SessionKey = "session_state"
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
1.4、安装
$ ./Yearning install
- 1
1.5、启动
1、使用默认8000端口启动
$ ./Yearning run
2、使用指定端口启动
./Yearning run --push “you ip:you port” --port “your port”
3、放到后台运行
$ nohup ./Yearning run --push “you ip:you port” --port “your port” >> /var/log/yearning.log 2>&1 &
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
1.6、web访问
-
如无法访问,请查看防火墙是否放行8000端口
-
地址:http://对外ip或域名:端口 http://localhost:8000
-
默认账号: admin / Yearning_admin
2、docker安装
docker run -it -d \
--name yearning \
--restart unless-stopped \
-p 8000:8000 \
-e MYSQL_ADDR=your db ip:3306 \
-e MYSQL_USER=yearning \
-e MYSQL_PASSWORD=Yearning@123 \
-e MYSQL_DB=yearning \
zhangsean/yearning:v3.1.1
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
3、k8s安装
deployment
apiVersion: apps/v1 kind: Deployment metadata: labels: app: yearning name: yearning namespace: tools spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: yearning strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: app: yearning spec: containers: - args: - run - -b - 对外域名或ip:对外端口 env: - name: MYSQL_ADDR value: yearning数据库地址 - name: MYSQL_USER value: yearning - name: MYSQL_PASSWORD value: Yearning@123 - name: MYSQL_DB value: yearning image: zhangsean/yearning:v3.1.1 imagePullPolicy: IfNotPresent name: yearning resources: limits: cpu: 800m memory: 2Gi requests: cpu: 100m memory: 256Mi dnsPolicy: ClusterFirst nodeSelector: role: rools tolerations: - effect: NoExecute key: role operator: Equal value: tools
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
svc和ingress
apiVersion: v1 kind: Service metadata: name: yearning-svc namespace: tools spec: ports: - name: http port: 8000 protocol: TCP targetPort: 8000 selector: app: yearning sessionAffinity: None type: ClusterIP --- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: yearning-ing namespace: tools spec: rules: - host: 域名或公网IP http: paths: - backend: serviceName: yearning-svc servicePort: http path: /
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
二、使用
1、基础配置
1.1、设置邮件或钉钉提醒
1.2、创建环境
1.3、创建审核流程
1.4、创建数据源
1.5、创建权限组
1.6、创建用户
- 审计人为否,则无权审核;为是,这为leader权限,可以审核SQL
1.7、授权
- 查询
- DDL
- DML
2、审核规则
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/空白诗007/article/detail/912861
推荐阅读
相关标签
