°²ÅŲßÂÔ
InfoSphere Guardium Ö§³ÖÄú¿ÉÒÔ°²ÅŲßÂÔ°²×°£¬ÕâÒâζ×ÅÄúÔÚÒ¹¼ä¿ÉÒÔÓµÓÐÓë°×Ì첻ͬµÄÒ»×鹿Ôò¡£Äú¿ÉÒÔ½«¸Ã¹æÔòÌí¼Óµ½¸Ã²ßÂÔµÄÁíÒ»¸ö¸±±¾ÖУ¬ÒÔ±ãÔÚÄúÖªµÀÕýÔÚ½øÐÐij¸öά»¤×÷ҵʱ×Ô¶¯°²ÅÅÒ¹¼äÒª°²×°µÄÄÚÈÝ¡£
½¨Ò飺Äú¿ÉÒÔ´´½¨Ò»×鹦ÄÜÓû§²¢ºöÂÔÕâЩÓû§µÄ»î¶¯£¬µ«ÊÇ£¬Èç¹ûÄúÏë½µµÍ¶ªÊ§¿ÉÒɻµÄ¿ÉÄÜÐÔ£¬ÄÇô¿ÉÒÔʹÓÃ
connection information À´Ö¸¶¨¹æÔò¡£ÀýÈ磬Äú¿ÉÄÜÏëºöÂÔÀ´×Ô¿Í»§¶Ë IP 1.22.222.222
µÄ¹¦ÄÜÓû§µÄ»î¶¯£¬µ«ÊÇ£¬Èç¹û¸ÃÓû§ ID ÕýÔÚͨ¹ýÆäËûÈκΠIP ·ÃÎʸÃϵͳ£¬ÄÇôÄú¿ÉÄÜ»áÏ£Íû¼Ç¼¸Ã»î¶¯¡£
Òò´Ë£¬ÎÒÃǽ«´´½¨Ò»¸öÃûΪ ¡°Functional MongoDB User
Connections¡± µÄ×飬²¢ÔÚÎÒÃǵIJßÂÔ¹æÔòÖÐʹÓøÃ×é¡£ÎÒÃǽ«»á½éÉÜÌî³ä¸Ã×éµÄÊÖ¶¯·½·¨£¬ÒÔ¼°Í¨¹ýʹÓÃ
Connection Profile List ±¨¸æ µÄ×Ô¶¯Ìî³ä×éµÄ·½·¨¡£
È·ÇеØËµ£¬¸Ã²ßÂÔÖзÃÎʹæÔò×ֶεÄÃû³ÆÎª Client IP/SrcApp/DBUser/Server
IP/Svc.Name¡£¸ÃÌØÊâ×Ö¶ÎÓжà¸ö×é¼þ£¬ÕâЩ×é¼þÔÚ Guardium ÖгÆÎª ¡°Ôª×顱¡£
Äú¿ÉÒÔʹÓÃͨÅä·ûÌæ´ú¸ÃÁ¬½ÓÐÅÏ¢µÄÈκβ¿·Ö¡£ÏÂÃæÎÒÃǽéÉÜÒ»ÏÂͨÅä·ûµÄ¹¤×÷ÔÀí¡£
´Ó Policy Finder ÖÐÑ¡ÔñÄúµÄвßÂÔ£¬È»ºóµ¥»÷ Edit Rules¡£
ÔÚ Policy Rules Ò³ÃæµÄµ×²¿£¬µ¥»÷ Add Access Rule¡£
ͼ 15. Ìí¼Ó·ÃÎʹæÔò

µ¥»÷ Access Access rule
°´Å¥ÒÔÏÔʾ¹æÔò¹¹½¨Æ÷ÆÁÄ»¡£
ΪÄúµÄйæÔòÌṩһ¸öÃû³Æ£¬È»ºóµ¥»÷¸ÃÔª×é×Ö¶Î (Client IP/SrcApp/DB
User/Server IP/Svc.Name) µÄ×é¹¹½¨Æ÷ͼ±ê£¬Èçͼ 16 Ëùʾ¡£
ͼ 16. µ¥»÷¸Ã²ßÂÔ¹æÔòµÄÁ¬½ÓÔª×é×ֶεÄ×é¹¹½¨Æ÷

µ¥»÷ÄúҪΪÆä´´½¨×éµÄ t ×Ö¶ÎÓÒ²àµÄ×é¹¹½¨Æ÷ͼ±ê¡£
ΪԪ×éµÄÿ¸ö×é¼þÌî³äÊôÐÔ¡£Äú¿ÉÒÔʹÓÃͨÅä·ûָʾÈκÎÄÚÈݶ¼ÓÐ×ʸñ½øÐд˲Ù×÷¡£ÔÚ±¾ÀýÖУ¬ÎÒÃÇÈù¦ÄÜÓû§
ID ×ñÑÒ»¸öÃüÃû¹ßÀý£¬Òò´ËÎÒÃÇ»áʹÓøùßÀý¡£´ËÍ⣬ÎÒÃÇ»¹ÖªµÀÕâЩÓû§ ID Ëù½øÐеŤ×÷ʼÖÕÀ´×Ôij¸öÌØ¶¨µÄ¿Í»§¶Ë
IP£¬Òò´ËÎÒÃÇ»¹½«Ìí¼Ó¸ÃÄÚÈÝ¡£
ͼ 17. Ìí¼ÓÒ»¸öÔª×é×÷Ϊ×é³ÉÔ±

ÊôÐÔ 1 ÊÇÒ»¸ö ip£¬ÊôÐÔ 2 ÊÇ %£¬ÊôÐÔ
3 ÊÇ FUNC%£¬ÊôÐÔ 4 ÊÇ %£¬¶øÊôÐÔ 5 ÊÇ %¡£
µ±ÄúÌî³äÍêÒ»¸ö³ÉÔ±µÄÊôÐÔºó£¬Çëµ¥»÷ Add¡£¸Ã×éÓ¦Èçͼ 18 Ëùʾ¡£
ͼ 18. Ôª×éÒÑÌí¼Óµ½¸Ã×éÖÐ
.70.144.253+%+%FUNC%+%+%t
.
Ìí¼ÓÍê³ÉÔ±ºó£¬Çëµ¥»÷ Back¡£
´Ó²ßÂÔ¹æÔòµÄÔª×é×Ö¶ÎÖÐÑ¡Ôñ¸Ã×é¡£
µ¥»÷ Add Action ²¢´ÓÏÂÀ²Ëµ¥ÖÐÑ¡Ôñ IGNORE S-TAP
SESSION¡£µ¥»÷ Apply¡£¸Ã¹æÔòÏÖÔÚÓ¦Èçͼ 19 Ëùʾ¡£
ͼ 19. ºöÂÔ¹¦ÄÜÓû§£¨ÊÜÐÅÈÎÓû§£©Á¬½ÓµÄ S-TAP »á»°

¸Ã²ßÂÔ¹æÔòÓµÓÐ MongoDB Functional Users Á¬½Ó×éµÄ
IGNORE S-TAP SESSION ²Ù×÷¡£×¢Ò⣺ÎÒÃÇÈ¡ÏûÑ¡ÖÐÁË Cont. to next rule¡£ÕâÊÇÒòΪ¸Ã»á»°Ã»ÓÐÀíÓɽøÈëÏÂÒ»¸ö¹æÔò£¬ÒòΪÎÒÃÇÒѾѡÔñºöÂÔ¸ÃÓû§ºÍÁ¬½ÓµÄËùÓл¡£
µ¥»÷ Save¡£
Ìáʾ£ºÈÃÌî³ä Functional User Connections
×éµÄ¹ý³Ì×Ô¶¯½øÐÐ
Èç¹ûÄúµÄ MongoDB Á÷Á¿ÒѾÊܵ½¼àÊÓ£¬ÄÇôÄú¿ÉÒÔʹÓÃÄÚÖÃµÄ Connection
Profile List ±¨¸æ×Ô¶¯»¯¸Ã¹ý³Ì¡£Èç¹ûÄúÒÔ¹ÜÀíÔ±Éí·Ý½øÐеǼ£¬ÄÇôÇëתµ½ Daily Monitor
Ñ¡Ï£¬²¢µ¥»÷×ó²à²Ëµ¥´°¸ñÖÐµÄ Connection Profiling List¡£
Äú»á¿´µ½ÀàËÆÓÚͼ 20 µÄÒ»¸ö±¨¸æ¡£
ͼ 20. Connection Profile List ʾÀý

¸ÃͼÏÔʾÁ˱¨¸æµÄÒ»²¿·Ö£¬²¢ÏÔʾÁ˸ÃÔª×éÁУ¬ÔÚʵʱ»î¶¯ÖÐÒѾÌî³äÁËһЩÁ¬½Ó¡£
Ôڸñ¨¸æµÄµ×²¿£¬µ¥»÷ Invoke ͼ±ê (icon)£¬ÒÔµ÷Óà API
create_member_to_group_by_desc¡£ÔÚµ¯³ö´°¿ÚÖУ¬½«ÃèÊö×ֶθü¸ÄΪÄúÒªÏòÆäÖÐÌí¼Ó´ËÁ¬½ÓµÄ×éµÄÃû³Æ£¬È»ºóµ¥»÷
Invoke now£¬Èçͼ 21 Ëùʾ¡£
ͼ 21. Connection Profile List ʾÀý

ÃèÊö×ֶα»¸ü¸ÄΪ MongoDB Functional
User Á¬½Ó¡£
¹ýÂ˸ÉÈÅÃüÁî
¸Ã¹æÔò½«¹ýÂ˵ô MongoDB ÔÚÄÚ²¿·¢³öµÄһЩ¸ÉÈÅÃüÁ±ÈÈ罡¿µ¼ì²éºÍ·þÎñÆ÷Ö®¼äµÄͨÐÅ¡£ËüʹÓÃÁËÒ»¸öÄÚÖõÄ×飬ÃûΪ
MongoDB Skip Commands¡£
´Ó Policy Finder ÖÐÑ¡ÔñÄúµÄ²ßÂÔ²¢µ¥»÷ Edit Rules¡£
ÔÚ Policy Rules Ò³ÃæµÄµ×²¿£¬µ¥»÷ Add Access Rule¡£
ÔÚ±êǩΪ Command µÄ²ßÂÔ¹æÔòµÄ²¿·ÖÖУ¬´Ó×éÏÂÀ²Ëµ¥ÖÐÑ¡Ôñ MongoDB
Skip Commands ×飬Èçͼ 22 Ëùʾ¡£
ͼ 22. ´Ó Group ÏÂÀ²Ëµ¥ÖÐÑ¡Ôñ MongoDB Skip Commands

²Î¼ûÎı¾ÃèÊö¡£
È¡ÏûÑ¡ÖÐ Cont. to next rule ¿ò£¨Èç¹ûÒÑÑ¡ÖУ©¡£ÒòΪûÓÐÈκνøÒ»²½²Ù×÷£¨Õâ¿ÉÄÜ·¢ÉúÔÚ¸Ã×éÖеÄÈκÎÃüÁîÉÏ£©£¬Òò´Ë¸Ã²Ù×÷½ÚÊ¡ÁË´¦Àíʱ¼ä¡£
ÔÚ²ßÂÔ¹æÔòµÄµ×²¿£¬Ñ¡Ôñ SKIP LOGGING ×÷ΪÄúµÄ²Ù×÷²¢µ¥»÷ Apply¡£
±£´æÄúµÄ¹æÔò¡£
ÌØÈ¨Óû§µÄÏêϸ¼àÊÓ
ÔÚ 2.4 ÖУ¬MongoDB Ö§³ÖºÜ¶àнÇÉ«£¬¸ù¾ÝËüÃǵÄ×÷ÓÃÓò£¬¿ÉÒÔ½«ËüÃÇ´óÖ·ÖΪ·þÎñÆ÷·¶Î§µÄ½ÇÉ«ºÍÊý¾Ý¿â·¶Î§µÄ½ÇÉ«¡£ÔÚÕâÁ½ÖÖÇé¿öÏ£¬¶¼ÓвàÖØÓÚÓû§¹ÜÀí¡¢Èº¼¯¹ÜÀíºÍÓ¦ÓóÌÐò·ÃÎʵĽÇÉ«¡£
ÓÉÓÚÕâЩ½ÇÉ«ÖеÄһЩ½ÇÉ«»ù±¾ÉϵÈͬÓÚ³¬¼¶Óû§£¬Òò´ËÐèҪȷ±£½÷É÷·Ö·¢ºÍ¼àÊÓÕâЩ½ÇÉ«£¬ÕâÒ»µã·Ç³£ÖØÒª¡£
һЩ×éÖ¯»ú¹¹ÒªÇóÏêϸ¼àÊÓ¹ÜÀíÓû§£¨ÌØÈ¨Óû§£©µÄÈκλ¡£Îª´ËÒª½øÐеIJßÂÔ¹æÔò²Ù×÷ÊÇ
LOG FULL DETAILS¡£ÎÞÂÛÔÚºÎʱ£¬Ö»ÒªÊ¹Óà LOG FULL DETAILS£¬¾Í»á²¶»ñÿ¸ö²Ù×÷µÄÈ·ÇÐʱ¼ä´ÁÒÔ¼°È«²¿ÏêϸÐÅÏ¢¡£È·±£ÄúÕýÈ·É趨ÁËÄúµÄÄÚ²¿
InfoSphere Guardium ´æ´¢¿âµÄ´óСÒÔ¼°É豸ÉϵĻº³åÇø´óС£¬ÒÔ´¦Àí¸Ã¹¤×÷¸ººÉ£¬ÔÚÄúµÄÌØÈ¨Óû§¶ÁÈ¡»òдÈëºÜ¶àÎĵµÊ±ÓÈÆäÈç´Ë¡£
ÏȾöÌõ¼þ£º´´½¨ÈçÉÏËùÊöµÄÒ»¸ö MongoDB ¹ÜÀíÔ±Óû§×飨ÆäÖаüÀ¨ÄúÈÏΪÊÇ
¡°ÌØÈ¨Óû§¡± µÄÈκÎÈË£©¡£
·ÃÎÊÄúµÄ MongoDB ²ßÂÔ£¬È»ºóµ¥»÷ Add Access Rule¡£
Ïòͼ 23 ËùʾµÄ¹æÔòµÄ DB User ×Ö¶ÎÖÐÌí¼ÓÒ»¸öÃèÊö²¢Ìí¼ÓÄúµÄ¹ÜÀíÔ±Óû§×é¡£
ͼ 23. ²àÖØÓÚ DB User Ìõ¼þµÄ²ßÂÔ¹æÔòÕªÒª
BUser ×Ö¶ÎÓµÓÐÒ»¸öÖ¸¶¨ÎªÌõ¼þµÄ MongoDBAdmins
×é
ÓÉÓÚÎÒÃǽ«ÔÚһЩ¹ÜÀíÔ±Óû§»î¶¯ÉÏÌí¼ÓÒ»¸ö¾¯¸æ×÷ΪÏÂÒ»¸ö¹æÔò£¬Òò´ËÎñ±ØÈ·±£Ñ¡ÖÐÁË
Cont.to next rule ¸´Ñ¡¿ò²¢Ñ¡ÖÐÁ˲Ù×÷ LOG FULL DETAILS£¬Èçͼ 24 Ëùʾ¡£
ͼ 24. ¡°Continue to next¡± ¹æÔò¿ÉÈ·±£ Guardium
»áÔÚÒý·¢¸Ã¹æÔòµÄʱºò´¦ÀíÏÂÒ»¸ö¹æÔò

ÏÔʾ Cont. next rules °´Å¥±»Ñ¡Öв¢ÇÒÑ¡ÔñÁË
log full details ²Ù×÷£¬apply ºÍ save Í»³öÏÔʾ
Èç¹ûÄúÒª²âÊÔ²ßÂÔ¹æÔò£¬Äú±ØÐë°²×°¸Ã¹æÔò¡£×ªµ½ Tools > Policy
Builder > Install and override¡£
ÔÚÌØÈ¨Óû§·ÃÎÊÃô¸ÐÊý¾Ýʱ·¢³öʵʱ¾¯¸æ
Ãô¸Ð×Ö¶Î
ÔÚ MongoDB ÖУ¬Äú»¹¿ÉÒÔÔÚ×ֶμ¶±ð¶Ô»î¶¯·¢³ö¾¯¸æ¡£ÀýÈ磬Èç¹ûÄúÖªµÀÄúµÄÎĵµ¼¯ºÏÖ»ÊÇÓÃÃô¸ÐÊý¾Ý£¨ÈçÇý¶¯³ÌÐòµÄÐí¿ÉÖ¤ºÅ£©ÁãÐǵؽøÐÐÁËÌî³ä£¬²¢ÇÒÄú²»Ï£Íû¶Ô¸Ã¼¯ºÏÖеÄÎĵµµÄÆäËûËùÓзÃÎÊ·¢³ö¾¯¸æ£¬ÄÇôÄú¿ÉÄÜÏ£ÍûÖ´ÐиòÙ×÷¡£Çë×¢Ò⣬Èç¹ûij¸ö×Ö¶ÎǶÈëµ½¸ÃÎĵµµÄ¶à¸öÉî²ã¼¶±ð£¬ÄÇô½«¼Ç¼¸Ã×ֶεÄÔ²µã±íʾ·¾¶£¨dot
notation path£©¡£
db.CreditCard.insert({ "Name" : "Sundari Voruganti", "code" : "WM2001_0", "product" : "Gold Card", "profile" : [ {"CCN" : "11999002"}, {"log" : ["new", "customer", "for", "now"]} ], "otherinfo" : "Contact Bob Saget" }); |
ÔÚÉÏÃæµÄʾÀýÖУ¬Guardium ½«´æ´¢ CreditCard µÄÒ»¸ö¶ÔÏóºÍÏÂÁÐ×ֶΣºName¡¢code¡¢product¡¢profile.CCN¡¢profile.log
ºÍ otherinfo¡£
Äú¿ÉÒÔÉèÖÃÒ»¸ö¾¯¸æ£¬¸Ã¾¯¸æ°üº¬ %CCN%£¨ÓÃÓÚÐÅÓÿ¨×ֶΣ©ºÍ %DLN%£¨ÓÃÓÚÇý¶¯³ÌÐòµÄÐí¿ÉÖ¤×ֶΣ©£¬Äú»¹¿ÉÒÔÉèÖÃÒ»¸ö·ÃÎÊÕâЩ×ֶεľ¯¸æ¡£
¾¯¸æÊÇ»ñÈ¡ÓйؿÉÒÉ»ò²»ºÏ¹æÔòµÄ»î¶¯µÄ½üºõʵʱµÄ¾¯¸æµÄÒ»¸öºÃ·½·¨¡£¾¯¸æ±»Ð´Èëµ½
UI µÄ Incident Management Ñ¡Ï£¨ÓëÆäËû²ßÂÔÎ¥·´Çé¿öÏàͬ£©£¬µ«Ò²¿ÉÒÔͨ¹ýµç×ÓÓʼþ½«Æä·¢ËÍ»òдÈëµ½
Syslog¡£Èç¹ûдÈëµ½ Syslog£¬ÄÇôÄú¿ÉÒÔ½«¾¯¸æ×ª·¢µ½°²È«ÖÇÄܺÍʼþ¹ÜÀíϵͳ£¨±ÈÈç IBM QRadar
»ò HP Arcsight£©£¬ÒÔ±ãÄúµÄ°²È«ÍŶӿÉÒÔ½øÐÐÏàÓ¦´¦ÀíºÍµ÷²é¡£
ÏȾöÌõ¼þ£º¸Ã²ßÂÔ¹æÔòÒÀÀµÓÚÁ½¸ö×éµÄ´æÔÚÇé¿ö£¬ÎÒÃǽ«ÕâÁ½¸ö×é·Ö±ðÃüÃûΪ ¡°MongoDBAdmins¡±
ºÍ ¡°MongoDB Sensitive objects¡±¡£Èç¹ûÏëÏÞÖÆ¶Ôij¸öÃüÁîµÄ¾¯¸æ£¬ÄÇôÄú»¹¿ÉÒÔÌí¼ÓÒ»¸ö°üº¬Ìض¨ÃüÁ±ÈÈç
find ºÍ CopyCollection£©µÄ×é¡£ÎÒÃǽ«´´½¨ºÍʹÓÃÕâ¸ö¿ÉÑ¡µÄ×飬ÎÒÃÇ³ÆÆäΪ ¡°MongoDB
WatchCommands¡±¡£Ëü°üº¬ÎÒÃÇÏëÒª¹Û²ìµÄ¶à¸öÃüÁ±ÈÈç find¡¢update¡¢insert¡¢delete¡¢cloneCollection
ºÍ mapreduce¡£
ͼ 25. Ãô¸Ð¶ÔÏó×é¡£¶ÔÓÚ MongoDB À´Ëµ£¬¼¯ºÏ¾ÍÊǶÔÏó

×é°üº¬ %credit% ºÍ %customer%¡£
ͼ 26. Ò»×éÌØ¶¨µÄÃüÁ ÎÒÃÇÏëÒª¼àÊÓºÎʱÓÃÓÚÃô¸ÐÊý¾Ý

×é°üº¬ cloneCollection¡¢find¡¢insert¡¢delete¡¢mapreduce
ºÍ insert¡£
Òª´´½¨ÄúµÄ²ßÂÔ¹æÔò£¬Çë´Ó Policy Finder ÖÐÑ¡ÔñÄúµÄ²ßÂÔ£¬µ¥»÷
Edit Rules£¬È»ºóµ¥»÷ Add Access Rule¡£
ÎÒÃǵIJßÂÔ¹æÔòÈçͼ 27 Ëùʾ¡£
ͼ 27. ¸Ã²ßÂÔ»áÔÚÌØÈ¨Óû§Ê¹ÓÃÌØ¶¨ÃüÁî·ÃÎÊÃô¸ÐÊý¾Ýʱ·¢³ö¾¯¸æ

Ãô¸Ð¶ÔÏó×éÕë¶Ô¶ÔÏóÌõ¼þÏÔʾ£¬¶ø¹Û²ìÃüÁîÊÇÕë¶ÔÃüÁîÌõ¼þÏÔʾ£¬mongodbadmins
Õë¶Ô db Óû§£¬²Ù×÷ÊÇÒ»¸ö»á»°¾¯¸æÒ»´Î¡£
Òª²âÊÔйæÔò£¬ÇëÈ·±£ÖØÐ°²×°Á˸òßÂÔ¡£
ͼ 28 ÏÔʾÁ˾¯¸æµÄÍâ¹Û¡£
ͼ 28. ÔÚÌØÈ¨Óû§Ê¹ÓÃÒ»¸ö²»ÔÊÐíµÄÃüÁî·ÃÎÊÃô¸ÐÊý¾Ýʱ´¥·¢¾¯¸æ£¨¾¯¸æÕªÒª£©

¸Ã¾¯¸æÏÔʾÁ˵¼Ö´¥·¢¾¯¸æµÄÌØ¶¨ÃüÁî¡£
¶Ô Data Control ÃüÁî·¢³öʵʱ¾¯¸æ
Ò»¸ö³£¼ûµÄÒªÇóÊǼàÊÓΪÓû§Ìṩ·ÃÎÊȨÏÞÒÔ¼°ÌØÈ¨µÄÈκÎÃüÁî¡£ÔÚ MongoDB
ÖУ¬¹ÜÀíÔ±¿ÉÒÔ´´½¨ºÍÌí¼ÓÓû§£¬ÔÚ MongoDB 2.4 ÖУ¬»¹¿ÉÒÔΪÓû§ÌṩÆäËû½ÇÉ«¡£ÓÐ¹Ø MongoDB
°²È«ºÍ½ÇÉ«µÄÏêϸÐÅÏ¢µÄÁ´½Ó£¬Çë²ÎÔÄ ²Î¿¼×ÊÁÏ¡£
ƾ¾ÝºÍÓû§È¨ÏÞÐÅÏ¢¶¼´æ´¢ÔÚ¼¯ºÏ system.users ÖС£
Òò´Ë£¬ÀýÈ磬¼Ù¶¨Ä³¸öÈ˰´ÕÕÒÔÏ·½Ê½´´½¨ÁËÐÂÓû§£ºdb.addUser({user:"sundari",pwd:"guardium",roles:["readWrite"]})¡£
Èçͼ 29 Öеı¨¸æËùʾ£¬InfoSphere Guardium »á½«¸Ã»î¶¯¼Ç¼Ϊ¶Ô¼¯ºÏ
system.users µÄ insert ²Ù×÷¡£¸Ã»î¶¯½«°üº¬Á½¸ö¶ÔÏó£ºÐÂÓû§µÄÃû³ÆºÍ system.users
¼¯ºÏ¡£
ͼ 29. ÏÔʾ¶Ô system.users ¼¯ºÏµÄ·ÃÎʵÄÉ󼯱¨¸æµÄÕªÒª

ʾÀý±¨¸æÏÔʾÁ˲åÈëÓû§ sundari ÒÔ¼°ÊÚÓè¸ÃÓû§µÄ½ÇÉ«¡£
¶ÔÓÚÎÒÃǵIJßÂÔ¹æÔò£¬ÎÒÃÇ¿ÉÄÜÏ£Íû¿ÉÒÔÇáËɵز鿴 system.users
¼¯ºÏÉϵÄÈκλ¡£Îª´Ë£¬Äú¿ÉÒÔÏò¼Ç¼¶Ô system.users ¼¯ºÏµÄ·ÃÎʵIJßÂÔÖÐÌí¼ÓÒ»¸öеķÃÎʹæÔò¡£Í¼
30 ÏÔʾÁËÎÒÃǵIJßÂÔ¹æÔò£¬ÔڸùæÔòÖУ¬ÎÒÃÇÖ»ÊÇÌí¼ÓÁ˶ÔÏó system.users ÒÔ¼° Log Only
²Ù×÷£¬²¢½«ÎÒÃǵIJßÂÔ¹æÔòÌí¼Óµ½ÁË UI µÄ Incident Management Ñ¡ÏÖС£
ͼ 30. ÓÃÓڼǼ¶Ô system.users µÄ¸ü¸ÄµÄ²ßÂÔ¹æÔò£¬Òò´Ë¿ÉÒÔÔÚʼþ¹ÜÀíÑ¡ÏÉÏ¿´µ½ËüÃÇ

²Î¼ûÎı¾¡£
ͼ 31 ÏÔʾÁËÒ»¸öʼþµÄ²¿·ÖÊä³ö¡£
ͼ 31. ¹ÜÀíÔ±Ìí¼ÓÁË Sundari Óû§£¬¸ÃÓû§ÏÔʾÔÚ Guardium
UI µÄʼþ¹ÜÀíÑ¡ÏÉÏ

ÏÔʾÁËÌí¼Ó Sundari µÄ¹ÜÀíÔ±
×¢Ò⣺¼Ç¼µ½Ê¼þ¹ÜÀíµÄºÃ´¦¾ÍÊÇ¿ÉÒÔ»ñµÃʵʱµÄʼþ¼Ç¼¡£µ«ÊÇ£¬Èç¹ûÕâÊÇÐèÒª¶¨ÆÚÉó¼ÆµÄ»î¶¯£¬ÄÇôÄú¿ÉÄÜÏ£Íû´´½¨¸Ã»î¶¯µÄ±¨¸æ²¢½«Æä·¢¸øÉó¼ÆÈËÔ±¡£
¼Ç¼¿ÉÄÜ»áÓ°ÏìÓ¦ÓóÌÐòµÄ¼¯ºÏ¸ü¸ÄµÄ²ßÂÔÎ¥·´Çé¿ö
һЩ×éÖ¯»ú¹¹µÄ¹ÜÀíÔ±ºÍÓ¦ÓóÌÐòËùÓÐÕß¿ÉÄÜÏ£Íû¼Ç¼Êý¾Ý¿âÖпÉÄÜ»áÓ°ÏìÓ¦ÓóÌÐòÂß¼»òÐÔÄܵĸü¸Ä£¬±ÈÈ綪Æú»òÖØÃüÃûij¸ö¼¯ºÏ£¬»òÕß¶ªÆúij¸öË÷Òý»òÊý¾Ý¿â¡£Äú¿ÉÒÔ´´½¨Ò»¸ö×飬¸Ã×é°üº¬ÄúÒª¸ú×ÙµÄÃüÁî¡£Çë×¢Ò⣬°ïÖú³ÌÐò·½·¨¿ÉÄÜ»á²ÉÓò»Í¬µÄ·½Ê½ÔÚÏß·ÉÏÁ÷¶¯¡£ÄúÒª¸ú×ÙµÄÃüÁî°üÀ¨£º
1.deleteIndexes
2.drop£¨²¶»ñ¶ªÆúµÄ¼¯ºÏ£©
3.dropDatabase
4.renameCollection
Èç¹ûÄúÏë±ÜÃâ¶Ô¿ÉÄܻᵼÖÂÐí¶à¶ªÆúºÍÖØÃüÃû²Ù×÷µÄ²âÊÔ»ò QA »î¶¯´¥·¢¸Ã¹æÔò£¬ÄÇôÄú¿ÉÄÜ»¹ÐèÒªÌí¼ÓÒ»×é
¡°¶³½á¡± ¶ÔÏó¡£
ͼ 32. ÎÒÃÇÒª¼Ç¼µÄÃüÁî×é

²Î¼ûÉÏÊöÎı¾ÖеÄÃüÁîÁбí
Ëæºó£¬Äú¿ÉÒÔÌí¼ÓÒ»¸ö°üº¬¸Ã×éµÄ·ÃÎʲßÂÔ¹æÔò£¬²¢Ñ¡ÔñÒ»¸öÔÚ´¥·¢¸Ã¹æÔòʱҪ²ÉÈ¡µÄ²Ù×÷¡£ÔÚÎÒÃǵÄʾÀýÖУ¬ÎҼǼÁ˲ßÂÔÎ¥·´Çé¿ö£¬µ«²»Éú³É¾¯¸æ¡£
ͼ 33. ÔÚ Incident Management Ñ¡ÏÉÏ·¢ÉúµÄ¸ü¸ÄÃüÁîµÄÕªÒª

ÕªÒªÏÔʾ sundari ÖØÃüÃûÁËÒ»¸ö¼¯ºÏ²¢¶ªÆúÁËÒ»¸ö¼¯ºÏ
ʵʱ¾¯¸æ£º¶ÔÃô¸ÐÊý¾ÝµÄ¶ÁÈ¡·ÃÎʳ¬¹ýãÐÖµ
ºÜ¶à×éÖ¯»ú¹¹¶¼½ûÖ¹ÆäÔ±¹¤£¨ÒÔ¼°ºÚ¿Í£©¼ìË÷¹ý¶àµÄDZÔÚÃô¸ÐÊý¾Ý£¬Èç¹û³öÏÖÕâÖÖÇé¿ö£¬Ôò»á·¢³ö¾¯¸æ£¬ÒÔ±ãËûÃÇ¿ÉÒÔ¿ìËٵص÷²éºÍÈ·¶¨ÊÇ·ñ·¢ÉúÁËÑÏÖØµÄÎ¥¹æÐÐΪ¡£
Ö´ÐиòÙ×÷µÄÒ»¸ö·½·¨ÊǸù¾Ý ¡°ÊÜÓ°ÏìµÄ¼Ç¼¡± ÔÚ MongoDB ²ßÂԵķÃÎʹæÔòÖд´½¨Ò»¸öãÐÖµ¡£
ÏȾöÌõ¼þ£º
´´½¨Ò»×éÄúÒª¶ÔÆä·¢³ö¾¯¸æµÄÃô¸ÐÊý¾Ý¶ÔÏó¡£
È·±£ÄúµÄϵͳÅäÖÃÕë¶ÔËùÓмì²éÒýÇæÆôÓÃÁË Inspect Returned
Data ºÍ Log Records Affected¡£Îª´Ë£¬Çëתµ½ Administration Console
Ñ¡Ï£¬È»ºóÑ¡Ôñ Configuration > Inspection Engines ²¢Ñ¡ÖÐÏàÓ¦µÄ¸´Ñ¡¿ò£¬Èçͼ
34 Ëùʾ¡£
ͼ 34. ½« Guardium ÅäÖÃΪ±¨¸æ¶ÁÈ¡µÄÎĵµÊýÁ¿

ÔÚ¼ì²éÒýÇæÅäÖÃÖУ¬Ñ¡ÖÐÁ½¸ö×ֶΡ£
ͼ 35 ÏÔʾÁËÎÒÃÇ´´½¨µÄ²ßÂÔ¹æÔò£¬¼´ÔÚÈκÎÊý¾Ý¿âÓû§¶ÔÃô¸ÐÊý¾Ý¶ÔÏóµÄ¶ÁÈ¡¼Ç¼µÄÊýÁ¿³¬¹ý
200 ʱ·¢³ö¾¯¸æ¡£ÇëÈ·±£ÔÚ DB User ×Ö¶ÎÖзÅÖÃÁËÒ»¸ö¾äµã£¬ÒÔ¼ÆËãÊÜÿ¸öÊý¾Ý¿âÓû§Ó°ÏìµÄ¼Ç¼£¬¶ø²»ÊÇËùÓÐÊý¾Ý¿âÓû§µÄ¼Ç¼¡£
ͼ 35. ¹ý¶È·¢ÏÖ¾¯¸æ¹æÔò£¨excessive finds alert
rule£©µÄ¶¨Òå

¸Ã×éÓÉ MongoDB Ãô¸Ð¶ÔÏó×é³É¡£DB
User ÊÇÒ»¸ö¾äµã¡£ÊܼǼӰÏìµÄãÐֵΪ 200¡£²Ù×÷ÊÇÒ»¸ö»á»°¾¯¸æÒ»´Î¡£
×¢Ò⣺¸Ã¹æÔò½«ÔÚÌØ¶¨Óû§ÔڸûỰÖиÃ×éµÄËùÓм¯ºÏÀۼƷÃÎʳ¬¹ý 200 ¸öÎĵµÊ±·¢³ö¾¯¸æ¡£Èç¹ûÄúÏëΪÿ¸ö¼¯ºÏÉèÖÃÌØ¶¨µÄÏÞÖÆ£¬ÄÇôӦ¸Ã¶Ôÿ¸ö¼¯ºÏʹÓò»Í¬µÄ¹æÔò¡£
ͼ 36 Öеľ¯¸æÏÔʾһ¸ö²»Ã÷Éí·ÝµÄÓû§´ÓÐÅÓÿ¨¼¯ºÏÖÐÏÂÔØÁ˳¬¹ý 200
¸öÎĵµ¡£
ͼ 36. ¶à¶È·¢ÏÖ¾¯¸æ

Óû§ÊÇ NO_AUTH¡£
MongoDBÊý¾Ý°²È«ºÍ±£»¤--ÅäÖúͲßÂÔ(Ò»£©
|