Äú¿ÉÒÔ¾èÖú£¬Ö§³ÖÎÒÃǵĹ«ÒæÊÂÒµ¡£

1Ôª 10Ôª 50Ôª





ÈÏÖ¤Â룺  ÑéÖ¤Âë,¿´²»Çå³þ?Çëµã»÷Ë¢ÐÂÑéÖ¤Âë ±ØÌî



  ÇóÖª ÎÄÕ ÎÄ¿â Lib ÊÓÆµ iPerson ¿Î³Ì ÈÏÖ¤ ×Éѯ ¹¤¾ß ½²×ù Modeler   Code  
»áÔ±   
 
   
 
 
     
   
 ¶©ÔÄ
  ¾èÖú
MongoDBÊý¾Ý°²È«ºÍ±£»¤--ÅäÖúͲßÂÔ£¨¶þ£©
 
»ðÁú¹ûÈí¼þ    ·¢²¼ÓÚ 2014-10-17
  2844  次浏览      29
 

°²ÅŲßÂÔ

InfoSphere Guardium Ö§³ÖÄú¿ÉÒÔ°²ÅŲßÂÔ°²×°£¬ÕâÒâζ×ÅÄúÔÚÒ¹¼ä¿ÉÒÔÓµÓÐÓë°×Ì첻ͬµÄÒ»×鹿Ôò¡£Äú¿ÉÒÔ½«¸Ã¹æÔòÌí¼Óµ½¸Ã²ßÂÔµÄÁíÒ»¸ö¸±±¾ÖУ¬ÒÔ±ãÔÚÄúÖªµÀÕýÔÚ½øÐÐij¸öά»¤×÷ҵʱ×Ô¶¯°²ÅÅÒ¹¼äÒª°²×°µÄÄÚÈÝ¡£

½¨Ò飺Äú¿ÉÒÔ´´½¨Ò»×鹦ÄÜÓû§²¢ºöÂÔÕâЩÓû§µÄ»î¶¯£¬µ«ÊÇ£¬Èç¹ûÄúÏë½µµÍ¶ªÊ§¿ÉÒɻµÄ¿ÉÄÜÐÔ£¬ÄÇô¿ÉÒÔʹÓà connection information À´Ö¸¶¨¹æÔò¡£ÀýÈ磬Äú¿ÉÄÜÏëºöÂÔÀ´×Ô¿Í»§¶Ë IP 1.22.222.222 µÄ¹¦ÄÜÓû§µÄ»î¶¯£¬µ«ÊÇ£¬Èç¹û¸ÃÓû§ ID ÕýÔÚͨ¹ýÆäËûÈκΠIP ·ÃÎʸÃϵͳ£¬ÄÇôÄú¿ÉÄÜ»áÏ£Íû¼Ç¼¸Ã»î¶¯¡£

Òò´Ë£¬ÎÒÃǽ«´´½¨Ò»¸öÃûΪ ¡°Functional MongoDB User Connections¡± µÄ×飬²¢ÔÚÎÒÃǵIJßÂÔ¹æÔòÖÐʹÓøÃ×é¡£ÎÒÃǽ«»á½éÉÜÌî³ä¸Ã×éµÄÊÖ¶¯·½·¨£¬ÒÔ¼°Í¨¹ýʹÓà Connection Profile List ±¨¸æ µÄ×Ô¶¯Ìî³ä×éµÄ·½·¨¡£

È·ÇеØËµ£¬¸Ã²ßÂÔÖзÃÎʹæÔò×ֶεÄÃû³ÆÎª Client IP/SrcApp/DBUser/Server IP/Svc.Name¡£¸ÃÌØÊâ×Ö¶ÎÓжà¸ö×é¼þ£¬ÕâЩ×é¼þÔÚ Guardium ÖгÆÎª ¡°Ôª×顱¡£

Äú¿ÉÒÔʹÓÃͨÅä·ûÌæ´ú¸ÃÁ¬½ÓÐÅÏ¢µÄÈκβ¿·Ö¡£ÏÂÃæÎÒÃǽéÉÜÒ»ÏÂͨÅä·ûµÄ¹¤×÷Ô­Àí¡£

´Ó Policy Finder ÖÐÑ¡ÔñÄúµÄвßÂÔ£¬È»ºóµ¥»÷ Edit Rules¡£

ÔÚ Policy Rules Ò³ÃæµÄµ×²¿£¬µ¥»÷ Add Access Rule¡£

ͼ 15. Ìí¼Ó·ÃÎʹæÔò

µ¥»÷ Access Access rule °´Å¥ÒÔÏÔʾ¹æÔò¹¹½¨Æ÷ÆÁÄ»¡£

ΪÄúµÄйæÔòÌṩһ¸öÃû³Æ£¬È»ºóµ¥»÷¸ÃÔª×é×Ö¶Î (Client IP/SrcApp/DB User/Server IP/Svc.Name) µÄ×é¹¹½¨Æ÷ͼ±ê£¬Èçͼ 16 Ëùʾ¡£

ͼ 16. µ¥»÷¸Ã²ßÂÔ¹æÔòµÄÁ¬½ÓÔª×é×ֶεÄ×é¹¹½¨Æ÷

µ¥»÷ÄúҪΪÆä´´½¨×éµÄ t ×Ö¶ÎÓÒ²àµÄ×é¹¹½¨Æ÷ͼ±ê¡£

ΪԪ×éµÄÿ¸ö×é¼þÌî³äÊôÐÔ¡£Äú¿ÉÒÔʹÓÃͨÅä·ûָʾÈκÎÄÚÈݶ¼ÓÐ×ʸñ½øÐд˲Ù×÷¡£ÔÚ±¾ÀýÖУ¬ÎÒÃÇÈù¦ÄÜÓû§ ID ×ñÑ­Ò»¸öÃüÃû¹ßÀý£¬Òò´ËÎÒÃÇ»áʹÓøùßÀý¡£´ËÍ⣬ÎÒÃÇ»¹ÖªµÀÕâЩÓû§ ID Ëù½øÐеŤ×÷ʼÖÕÀ´×Ôij¸öÌØ¶¨µÄ¿Í»§¶Ë IP£¬Òò´ËÎÒÃÇ»¹½«Ìí¼Ó¸ÃÄÚÈÝ¡£

ͼ 17. Ìí¼ÓÒ»¸öÔª×é×÷Ϊ×é³ÉÔ±

ÊôÐÔ 1 ÊÇÒ»¸ö ip£¬ÊôÐÔ 2 ÊÇ %£¬ÊôÐÔ 3 ÊÇ FUNC%£¬ÊôÐÔ 4 ÊÇ %£¬¶øÊôÐÔ 5 ÊÇ %¡£

µ±ÄúÌî³äÍêÒ»¸ö³ÉÔ±µÄÊôÐÔºó£¬Çëµ¥»÷ Add¡£¸Ã×éÓ¦Èçͼ 18 Ëùʾ¡£

ͼ 18. Ôª×éÒÑÌí¼Óµ½¸Ã×éÖÐ

.70.144.253+%+%FUNC%+%+%t .

Ìí¼ÓÍê³ÉÔ±ºó£¬Çëµ¥»÷ Back¡£

´Ó²ßÂÔ¹æÔòµÄÔª×é×Ö¶ÎÖÐÑ¡Ôñ¸Ã×é¡£

µ¥»÷ Add Action ²¢´ÓÏÂÀ­²Ëµ¥ÖÐÑ¡Ôñ IGNORE S-TAP SESSION¡£µ¥»÷ Apply¡£¸Ã¹æÔòÏÖÔÚÓ¦Èçͼ 19 Ëùʾ¡£

ͼ 19. ºöÂÔ¹¦ÄÜÓû§£¨ÊÜÐÅÈÎÓû§£©Á¬½ÓµÄ S-TAP »á»°

¸Ã²ßÂÔ¹æÔòÓµÓÐ MongoDB Functional Users Á¬½Ó×éµÄ IGNORE S-TAP SESSION ²Ù×÷¡£×¢Ò⣺ÎÒÃÇÈ¡ÏûÑ¡ÖÐÁË Cont. to next rule¡£ÕâÊÇÒòΪ¸Ã»á»°Ã»ÓÐÀíÓɽøÈëÏÂÒ»¸ö¹æÔò£¬ÒòΪÎÒÃÇÒѾ­Ñ¡ÔñºöÂÔ¸ÃÓû§ºÍÁ¬½ÓµÄËùÓл¡£

µ¥»÷ Save¡£

Ìáʾ£ºÈÃÌî³ä Functional User Connections ×éµÄ¹ý³Ì×Ô¶¯½øÐÐ

Èç¹ûÄúµÄ MongoDB Á÷Á¿ÒѾ­Êܵ½¼àÊÓ£¬ÄÇôÄú¿ÉÒÔʹÓÃÄÚÖÃµÄ Connection Profile List ±¨¸æ×Ô¶¯»¯¸Ã¹ý³Ì¡£Èç¹ûÄúÒÔ¹ÜÀíÔ±Éí·Ý½øÐеǼ£¬ÄÇôÇëתµ½ Daily Monitor Ñ¡Ï£¬²¢µ¥»÷×ó²à²Ëµ¥´°¸ñÖÐµÄ Connection Profiling List¡£

Äú»á¿´µ½ÀàËÆÓÚͼ 20 µÄÒ»¸ö±¨¸æ¡£

ͼ 20. Connection Profile List ʾÀý

¸ÃͼÏÔʾÁ˱¨¸æµÄÒ»²¿·Ö£¬²¢ÏÔʾÁ˸ÃÔª×éÁУ¬ÔÚʵʱ»î¶¯ÖÐÒѾ­Ìî³äÁËһЩÁ¬½Ó¡£

Ôڸñ¨¸æµÄµ×²¿£¬µ¥»÷ Invoke ͼ±ê (icon)£¬ÒÔµ÷Óà API create_member_to_group_by_desc¡£ÔÚµ¯³ö´°¿ÚÖУ¬½«ÃèÊö×ֶθü¸ÄΪÄúÒªÏòÆäÖÐÌí¼Ó´ËÁ¬½ÓµÄ×éµÄÃû³Æ£¬È»ºóµ¥»÷ Invoke now£¬Èçͼ 21 Ëùʾ¡£

ͼ 21. Connection Profile List ʾÀý

ÃèÊö×ֶα»¸ü¸ÄΪ MongoDB Functional User Á¬½Ó¡£

¹ýÂ˸ÉÈÅÃüÁî

¸Ã¹æÔò½«¹ýÂ˵ô MongoDB ÔÚÄÚ²¿·¢³öµÄһЩ¸ÉÈÅÃüÁ±ÈÈ罡¿µ¼ì²éºÍ·þÎñÆ÷Ö®¼äµÄͨÐÅ¡£ËüʹÓÃÁËÒ»¸öÄÚÖõÄ×飬ÃûΪ MongoDB Skip Commands¡£

´Ó Policy Finder ÖÐÑ¡ÔñÄúµÄ²ßÂÔ²¢µ¥»÷ Edit Rules¡£

ÔÚ Policy Rules Ò³ÃæµÄµ×²¿£¬µ¥»÷ Add Access Rule¡£

ÔÚ±êǩΪ Command µÄ²ßÂÔ¹æÔòµÄ²¿·ÖÖУ¬´Ó×éÏÂÀ­²Ëµ¥ÖÐÑ¡Ôñ MongoDB Skip Commands ×飬Èçͼ 22 Ëùʾ¡£

ͼ 22. ´Ó Group ÏÂÀ­²Ëµ¥ÖÐÑ¡Ôñ MongoDB Skip Commands

²Î¼ûÎı¾ÃèÊö¡£

È¡ÏûÑ¡ÖÐ Cont. to next rule ¿ò£¨Èç¹ûÒÑÑ¡ÖУ©¡£ÒòΪûÓÐÈκνøÒ»²½²Ù×÷£¨Õâ¿ÉÄÜ·¢ÉúÔÚ¸Ã×éÖеÄÈκÎÃüÁîÉÏ£©£¬Òò´Ë¸Ã²Ù×÷½ÚÊ¡ÁË´¦Àíʱ¼ä¡£

ÔÚ²ßÂÔ¹æÔòµÄµ×²¿£¬Ñ¡Ôñ SKIP LOGGING ×÷ΪÄúµÄ²Ù×÷²¢µ¥»÷ Apply¡£

±£´æÄúµÄ¹æÔò¡£

ÌØÈ¨Óû§µÄÏêϸ¼àÊÓ

ÔÚ 2.4 ÖУ¬MongoDB Ö§³ÖºÜ¶àнÇÉ«£¬¸ù¾ÝËüÃǵÄ×÷ÓÃÓò£¬¿ÉÒÔ½«ËüÃÇ´óÖ·ÖΪ·þÎñÆ÷·¶Î§µÄ½ÇÉ«ºÍÊý¾Ý¿â·¶Î§µÄ½ÇÉ«¡£ÔÚÕâÁ½ÖÖÇé¿öÏ£¬¶¼ÓвàÖØÓÚÓû§¹ÜÀí¡¢Èº¼¯¹ÜÀíºÍÓ¦ÓóÌÐò·ÃÎʵĽÇÉ«¡£

ÓÉÓÚÕâЩ½ÇÉ«ÖеÄһЩ½ÇÉ«»ù±¾ÉϵÈͬÓÚ³¬¼¶Óû§£¬Òò´ËÐèҪȷ±£½÷É÷·Ö·¢ºÍ¼àÊÓÕâЩ½ÇÉ«£¬ÕâÒ»µã·Ç³£ÖØÒª¡£

һЩ×éÖ¯»ú¹¹ÒªÇóÏêϸ¼àÊÓ¹ÜÀíÓû§£¨ÌØÈ¨Óû§£©µÄÈκλ¡£Îª´ËÒª½øÐеIJßÂÔ¹æÔò²Ù×÷ÊÇ LOG FULL DETAILS¡£ÎÞÂÛÔÚºÎʱ£¬Ö»ÒªÊ¹Óà LOG FULL DETAILS£¬¾Í»á²¶»ñÿ¸ö²Ù×÷µÄÈ·ÇÐʱ¼ä´ÁÒÔ¼°È«²¿ÏêϸÐÅÏ¢¡£È·±£ÄúÕýÈ·É趨ÁËÄúµÄÄÚ²¿ InfoSphere Guardium ´æ´¢¿âµÄ´óСÒÔ¼°É豸ÉϵĻº³åÇø´óС£¬ÒÔ´¦Àí¸Ã¹¤×÷¸ººÉ£¬ÔÚÄúµÄÌØÈ¨Óû§¶ÁÈ¡»òдÈëºÜ¶àÎĵµÊ±ÓÈÆäÈç´Ë¡£

ÏȾöÌõ¼þ£º´´½¨ÈçÉÏËùÊöµÄÒ»¸ö MongoDB ¹ÜÀíÔ±Óû§×飨ÆäÖаüÀ¨ÄúÈÏΪÊÇ ¡°ÌØÈ¨Óû§¡± µÄÈκÎÈË£©¡£

·ÃÎÊÄúµÄ MongoDB ²ßÂÔ£¬È»ºóµ¥»÷ Add Access Rule¡£

Ïòͼ 23 ËùʾµÄ¹æÔòµÄ DB User ×Ö¶ÎÖÐÌí¼ÓÒ»¸öÃèÊö²¢Ìí¼ÓÄúµÄ¹ÜÀíÔ±Óû§×é¡£

ͼ 23. ²àÖØÓÚ DB User Ìõ¼þµÄ²ßÂÔ¹æÔòÕªÒª

BUser ×Ö¶ÎÓµÓÐÒ»¸öÖ¸¶¨ÎªÌõ¼þµÄ MongoDBAdmins ×é

ÓÉÓÚÎÒÃǽ«ÔÚһЩ¹ÜÀíÔ±Óû§»î¶¯ÉÏÌí¼ÓÒ»¸ö¾¯¸æ×÷ΪÏÂÒ»¸ö¹æÔò£¬Òò´ËÎñ±ØÈ·±£Ñ¡ÖÐÁË Cont.to next rule ¸´Ñ¡¿ò²¢Ñ¡ÖÐÁ˲Ù×÷ LOG FULL DETAILS£¬Èçͼ 24 Ëùʾ¡£

ͼ 24. ¡°Continue to next¡± ¹æÔò¿ÉÈ·±£ Guardium »áÔÚÒý·¢¸Ã¹æÔòµÄʱºò´¦ÀíÏÂÒ»¸ö¹æÔò

ÏÔʾ Cont. next rules °´Å¥±»Ñ¡Öв¢ÇÒÑ¡ÔñÁË log full details ²Ù×÷£¬apply ºÍ save Í»³öÏÔʾ

Èç¹ûÄúÒª²âÊÔ²ßÂÔ¹æÔò£¬Äú±ØÐë°²×°¸Ã¹æÔò¡£×ªµ½ Tools > Policy Builder > Install and override¡£

ÔÚÌØÈ¨Óû§·ÃÎÊÃô¸ÐÊý¾Ýʱ·¢³öʵʱ¾¯¸æ

Ãô¸Ð×Ö¶Î

ÔÚ MongoDB ÖУ¬Äú»¹¿ÉÒÔÔÚ×ֶμ¶±ð¶Ô»î¶¯·¢³ö¾¯¸æ¡£ÀýÈ磬Èç¹ûÄúÖªµÀÄúµÄÎĵµ¼¯ºÏÖ»ÊÇÓÃÃô¸ÐÊý¾Ý£¨ÈçÇý¶¯³ÌÐòµÄÐí¿ÉÖ¤ºÅ£©ÁãÐǵؽøÐÐÁËÌî³ä£¬²¢ÇÒÄú²»Ï£Íû¶Ô¸Ã¼¯ºÏÖеÄÎĵµµÄÆäËûËùÓзÃÎÊ·¢³ö¾¯¸æ£¬ÄÇôÄú¿ÉÄÜÏ£ÍûÖ´ÐиòÙ×÷¡£Çë×¢Ò⣬Èç¹ûij¸ö×Ö¶ÎǶÈëµ½¸ÃÎĵµµÄ¶à¸öÉî²ã¼¶±ð£¬ÄÇô½«¼Ç¼¸Ã×ֶεÄÔ²µã±íʾ·¾¶£¨dot notation path£©¡£

db.CreditCard.insert({
"Name" : "Sundari Voruganti",
"code" : "WM2001_0",
"product" : "Gold Card",
"profile" : [
{"CCN" : "11999002"},
{"log" : ["new", "customer", "for", "now"]}
],
"otherinfo" : "Contact Bob Saget"
});

ÔÚÉÏÃæµÄʾÀýÖУ¬Guardium ½«´æ´¢ CreditCard µÄÒ»¸ö¶ÔÏóºÍÏÂÁÐ×ֶΣºName¡¢code¡¢product¡¢profile.CCN¡¢profile.log ºÍ otherinfo¡£

Äú¿ÉÒÔÉèÖÃÒ»¸ö¾¯¸æ£¬¸Ã¾¯¸æ°üº¬ %CCN%£¨ÓÃÓÚÐÅÓÿ¨×ֶΣ©ºÍ %DLN%£¨ÓÃÓÚÇý¶¯³ÌÐòµÄÐí¿ÉÖ¤×ֶΣ©£¬Äú»¹¿ÉÒÔÉèÖÃÒ»¸ö·ÃÎÊÕâЩ×ֶεľ¯¸æ¡£

¾¯¸æÊÇ»ñÈ¡ÓйؿÉÒÉ»ò²»ºÏ¹æÔòµÄ»î¶¯µÄ½üºõʵʱµÄ¾¯¸æµÄÒ»¸öºÃ·½·¨¡£¾¯¸æ±»Ð´Èëµ½ UI µÄ Incident Management Ñ¡Ï£¨ÓëÆäËû²ßÂÔÎ¥·´Çé¿öÏàͬ£©£¬µ«Ò²¿ÉÒÔͨ¹ýµç×ÓÓʼþ½«Æä·¢ËÍ»òдÈëµ½ Syslog¡£Èç¹ûдÈëµ½ Syslog£¬ÄÇôÄú¿ÉÒÔ½«¾¯¸æ×ª·¢µ½°²È«ÖÇÄܺÍʼþ¹ÜÀíϵͳ£¨±ÈÈç IBM QRadar »ò HP Arcsight£©£¬ÒÔ±ãÄúµÄ°²È«ÍŶӿÉÒÔ½øÐÐÏàÓ¦´¦ÀíºÍµ÷²é¡£

ÏȾöÌõ¼þ£º¸Ã²ßÂÔ¹æÔòÒÀÀµÓÚÁ½¸ö×éµÄ´æÔÚÇé¿ö£¬ÎÒÃǽ«ÕâÁ½¸ö×é·Ö±ðÃüÃûΪ ¡°MongoDBAdmins¡± ºÍ ¡°MongoDB Sensitive objects¡±¡£Èç¹ûÏëÏÞÖÆ¶Ôij¸öÃüÁîµÄ¾¯¸æ£¬ÄÇôÄú»¹¿ÉÒÔÌí¼ÓÒ»¸ö°üº¬Ìض¨ÃüÁ±ÈÈç find ºÍ CopyCollection£©µÄ×é¡£ÎÒÃǽ«´´½¨ºÍʹÓÃÕâ¸ö¿ÉÑ¡µÄ×飬ÎÒÃÇ³ÆÆäΪ ¡°MongoDB WatchCommands¡±¡£Ëü°üº¬ÎÒÃÇÏëÒª¹Û²ìµÄ¶à¸öÃüÁ±ÈÈç find¡¢update¡¢insert¡¢delete¡¢cloneCollection ºÍ mapreduce¡£

ͼ 25. Ãô¸Ð¶ÔÏó×é¡£¶ÔÓÚ MongoDB À´Ëµ£¬¼¯ºÏ¾ÍÊǶÔÏó

×é°üº¬ %credit% ºÍ %customer%¡£

ͼ 26. Ò»×éÌØ¶¨µÄÃüÁ ÎÒÃÇÏëÒª¼àÊÓºÎʱÓÃÓÚÃô¸ÐÊý¾Ý

×é°üº¬ cloneCollection¡¢find¡¢insert¡¢delete¡¢mapreduce ºÍ insert¡£

Òª´´½¨ÄúµÄ²ßÂÔ¹æÔò£¬Çë´Ó Policy Finder ÖÐÑ¡ÔñÄúµÄ²ßÂÔ£¬µ¥»÷ Edit Rules£¬È»ºóµ¥»÷ Add Access Rule¡£

ÎÒÃǵIJßÂÔ¹æÔòÈçͼ 27 Ëùʾ¡£

ͼ 27. ¸Ã²ßÂÔ»áÔÚÌØÈ¨Óû§Ê¹ÓÃÌØ¶¨ÃüÁî·ÃÎÊÃô¸ÐÊý¾Ýʱ·¢³ö¾¯¸æ

Ãô¸Ð¶ÔÏó×éÕë¶Ô¶ÔÏóÌõ¼þÏÔʾ£¬¶ø¹Û²ìÃüÁîÊÇÕë¶ÔÃüÁîÌõ¼þÏÔʾ£¬mongodbadmins Õë¶Ô db Óû§£¬²Ù×÷ÊÇÒ»¸ö»á»°¾¯¸æÒ»´Î¡£

Òª²âÊÔйæÔò£¬ÇëÈ·±£ÖØÐ°²×°Á˸òßÂÔ¡£

ͼ 28 ÏÔʾÁ˾¯¸æµÄÍâ¹Û¡£

ͼ 28. ÔÚÌØÈ¨Óû§Ê¹ÓÃÒ»¸ö²»ÔÊÐíµÄÃüÁî·ÃÎÊÃô¸ÐÊý¾Ýʱ´¥·¢¾¯¸æ£¨¾¯¸æÕªÒª£©

¸Ã¾¯¸æÏÔʾÁ˵¼Ö´¥·¢¾¯¸æµÄÌØ¶¨ÃüÁî¡£

¶Ô Data Control ÃüÁî·¢³öʵʱ¾¯¸æ

Ò»¸ö³£¼ûµÄÒªÇóÊǼàÊÓΪÓû§Ìṩ·ÃÎÊȨÏÞÒÔ¼°ÌØÈ¨µÄÈκÎÃüÁî¡£ÔÚ MongoDB ÖУ¬¹ÜÀíÔ±¿ÉÒÔ´´½¨ºÍÌí¼ÓÓû§£¬ÔÚ MongoDB 2.4 ÖУ¬»¹¿ÉÒÔΪÓû§ÌṩÆäËû½ÇÉ«¡£ÓÐ¹Ø MongoDB °²È«ºÍ½ÇÉ«µÄÏêϸÐÅÏ¢µÄÁ´½Ó£¬Çë²ÎÔÄ ²Î¿¼×ÊÁÏ¡£

ƾ¾ÝºÍÓû§È¨ÏÞÐÅÏ¢¶¼´æ´¢ÔÚ¼¯ºÏ system.users ÖС£

Òò´Ë£¬ÀýÈ磬¼Ù¶¨Ä³¸öÈ˰´ÕÕÒÔÏ·½Ê½´´½¨ÁËÐÂÓû§£ºdb.addUser({user:"sundari",pwd:"guardium",roles:["readWrite"]})¡£

Èçͼ 29 Öеı¨¸æËùʾ£¬InfoSphere Guardium »á½«¸Ã»î¶¯¼Ç¼Ϊ¶Ô¼¯ºÏ system.users µÄ insert ²Ù×÷¡£¸Ã»î¶¯½«°üº¬Á½¸ö¶ÔÏó£ºÐÂÓû§µÄÃû³ÆºÍ system.users ¼¯ºÏ¡£

ͼ 29. ÏÔʾ¶Ô system.users ¼¯ºÏµÄ·ÃÎʵÄÉ󼯱¨¸æµÄÕªÒª

ʾÀý±¨¸æÏÔʾÁ˲åÈëÓû§ sundari ÒÔ¼°ÊÚÓè¸ÃÓû§µÄ½ÇÉ«¡£

¶ÔÓÚÎÒÃǵIJßÂÔ¹æÔò£¬ÎÒÃÇ¿ÉÄÜÏ£Íû¿ÉÒÔÇáËɵز鿴 system.users ¼¯ºÏÉϵÄÈκλ¡£Îª´Ë£¬Äú¿ÉÒÔÏò¼Ç¼¶Ô system.users ¼¯ºÏµÄ·ÃÎʵIJßÂÔÖÐÌí¼ÓÒ»¸öеķÃÎʹæÔò¡£Í¼ 30 ÏÔʾÁËÎÒÃǵIJßÂÔ¹æÔò£¬ÔڸùæÔòÖУ¬ÎÒÃÇÖ»ÊÇÌí¼ÓÁ˶ÔÏó system.users ÒÔ¼° Log Only ²Ù×÷£¬²¢½«ÎÒÃǵIJßÂÔ¹æÔòÌí¼Óµ½ÁË UI µÄ Incident Management Ñ¡ÏÖС£

ͼ 30. ÓÃÓڼǼ¶Ô system.users µÄ¸ü¸ÄµÄ²ßÂÔ¹æÔò£¬Òò´Ë¿ÉÒÔÔÚʼþ¹ÜÀíÑ¡ÏÉÏ¿´µ½ËüÃÇ

²Î¼ûÎı¾¡£

ͼ 31 ÏÔʾÁËÒ»¸öʼþµÄ²¿·ÖÊä³ö¡£

ͼ 31. ¹ÜÀíÔ±Ìí¼ÓÁË Sundari Óû§£¬¸ÃÓû§ÏÔʾÔÚ Guardium UI µÄʼþ¹ÜÀíÑ¡ÏÉÏ

ÏÔʾÁËÌí¼Ó Sundari µÄ¹ÜÀíÔ±

×¢Ò⣺¼Ç¼µ½Ê¼þ¹ÜÀíµÄºÃ´¦¾ÍÊÇ¿ÉÒÔ»ñµÃʵʱµÄʼþ¼Ç¼¡£µ«ÊÇ£¬Èç¹ûÕâÊÇÐèÒª¶¨ÆÚÉó¼ÆµÄ»î¶¯£¬ÄÇôÄú¿ÉÄÜÏ£Íû´´½¨¸Ã»î¶¯µÄ±¨¸æ²¢½«Æä·¢¸øÉó¼ÆÈËÔ±¡£

¼Ç¼¿ÉÄÜ»áÓ°ÏìÓ¦ÓóÌÐòµÄ¼¯ºÏ¸ü¸ÄµÄ²ßÂÔÎ¥·´Çé¿ö

һЩ×éÖ¯»ú¹¹µÄ¹ÜÀíÔ±ºÍÓ¦ÓóÌÐòËùÓÐÕß¿ÉÄÜÏ£Íû¼Ç¼Êý¾Ý¿âÖпÉÄÜ»áÓ°ÏìÓ¦ÓóÌÐòÂß¼­»òÐÔÄܵĸü¸Ä£¬±ÈÈ綪Æú»òÖØÃüÃûij¸ö¼¯ºÏ£¬»òÕß¶ªÆúij¸öË÷Òý»òÊý¾Ý¿â¡£Äú¿ÉÒÔ´´½¨Ò»¸ö×飬¸Ã×é°üº¬ÄúÒª¸ú×ÙµÄÃüÁî¡£Çë×¢Ò⣬°ïÖú³ÌÐò·½·¨¿ÉÄÜ»á²ÉÓò»Í¬µÄ·½Ê½ÔÚÏß·ÉÏÁ÷¶¯¡£ÄúÒª¸ú×ÙµÄÃüÁî°üÀ¨£º

1.deleteIndexes

2.drop£¨²¶»ñ¶ªÆúµÄ¼¯ºÏ£©

3.dropDatabase

4.renameCollection

Èç¹ûÄúÏë±ÜÃâ¶Ô¿ÉÄܻᵼÖÂÐí¶à¶ªÆúºÍÖØÃüÃû²Ù×÷µÄ²âÊÔ»ò QA »î¶¯´¥·¢¸Ã¹æÔò£¬ÄÇôÄú¿ÉÄÜ»¹ÐèÒªÌí¼ÓÒ»×é ¡°¶³½á¡± ¶ÔÏó¡£

ͼ 32. ÎÒÃÇÒª¼Ç¼µÄÃüÁî×é

²Î¼ûÉÏÊöÎı¾ÖеÄÃüÁîÁбí

Ëæºó£¬Äú¿ÉÒÔÌí¼ÓÒ»¸ö°üº¬¸Ã×éµÄ·ÃÎʲßÂÔ¹æÔò£¬²¢Ñ¡ÔñÒ»¸öÔÚ´¥·¢¸Ã¹æÔòʱҪ²ÉÈ¡µÄ²Ù×÷¡£ÔÚÎÒÃǵÄʾÀýÖУ¬ÎҼǼÁ˲ßÂÔÎ¥·´Çé¿ö£¬µ«²»Éú³É¾¯¸æ¡£

ͼ 33. ÔÚ Incident Management Ñ¡ÏÉÏ·¢ÉúµÄ¸ü¸ÄÃüÁîµÄÕªÒª

ÕªÒªÏÔʾ sundari ÖØÃüÃûÁËÒ»¸ö¼¯ºÏ²¢¶ªÆúÁËÒ»¸ö¼¯ºÏ

ʵʱ¾¯¸æ£º¶ÔÃô¸ÐÊý¾ÝµÄ¶ÁÈ¡·ÃÎʳ¬¹ýãÐÖµ

ºÜ¶à×éÖ¯»ú¹¹¶¼½ûÖ¹ÆäÔ±¹¤£¨ÒÔ¼°ºÚ¿Í£©¼ìË÷¹ý¶àµÄDZÔÚÃô¸ÐÊý¾Ý£¬Èç¹û³öÏÖÕâÖÖÇé¿ö£¬Ôò»á·¢³ö¾¯¸æ£¬ÒÔ±ãËûÃÇ¿ÉÒÔ¿ìËٵص÷²éºÍÈ·¶¨ÊÇ·ñ·¢ÉúÁËÑÏÖØµÄÎ¥¹æÐÐΪ¡£

Ö´ÐиòÙ×÷µÄÒ»¸ö·½·¨ÊǸù¾Ý ¡°ÊÜÓ°ÏìµÄ¼Ç¼¡± ÔÚ MongoDB ²ßÂԵķÃÎʹæÔòÖд´½¨Ò»¸öãÐÖµ¡£

ÏȾöÌõ¼þ£º

´´½¨Ò»×éÄúÒª¶ÔÆä·¢³ö¾¯¸æµÄÃô¸ÐÊý¾Ý¶ÔÏó¡£

È·±£ÄúµÄϵͳÅäÖÃÕë¶ÔËùÓмì²éÒýÇæÆôÓÃÁË Inspect Returned Data ºÍ Log Records Affected¡£Îª´Ë£¬Çëתµ½ Administration Console Ñ¡Ï£¬È»ºóÑ¡Ôñ Configuration > Inspection Engines ²¢Ñ¡ÖÐÏàÓ¦µÄ¸´Ñ¡¿ò£¬Èçͼ 34 Ëùʾ¡£

ͼ 34. ½« Guardium ÅäÖÃΪ±¨¸æ¶ÁÈ¡µÄÎĵµÊýÁ¿

ÔÚ¼ì²éÒýÇæÅäÖÃÖУ¬Ñ¡ÖÐÁ½¸ö×ֶΡ£

ͼ 35 ÏÔʾÁËÎÒÃÇ´´½¨µÄ²ßÂÔ¹æÔò£¬¼´ÔÚÈκÎÊý¾Ý¿âÓû§¶ÔÃô¸ÐÊý¾Ý¶ÔÏóµÄ¶ÁÈ¡¼Ç¼µÄÊýÁ¿³¬¹ý 200 ʱ·¢³ö¾¯¸æ¡£ÇëÈ·±£ÔÚ DB User ×Ö¶ÎÖзÅÖÃÁËÒ»¸ö¾äµã£¬ÒÔ¼ÆËãÊÜÿ¸öÊý¾Ý¿âÓû§Ó°ÏìµÄ¼Ç¼£¬¶ø²»ÊÇËùÓÐÊý¾Ý¿âÓû§µÄ¼Ç¼¡£

ͼ 35. ¹ý¶È·¢ÏÖ¾¯¸æ¹æÔò£¨excessive finds alert rule£©µÄ¶¨Òå

¸Ã×éÓÉ MongoDB Ãô¸Ð¶ÔÏó×é³É¡£DB User ÊÇÒ»¸ö¾äµã¡£ÊܼǼӰÏìµÄãÐֵΪ 200¡£²Ù×÷ÊÇÒ»¸ö»á»°¾¯¸æÒ»´Î¡£

×¢Ò⣺¸Ã¹æÔò½«ÔÚÌØ¶¨Óû§ÔڸûỰÖиÃ×éµÄËùÓм¯ºÏÀۼƷÃÎʳ¬¹ý 200 ¸öÎĵµÊ±·¢³ö¾¯¸æ¡£Èç¹ûÄúÏëΪÿ¸ö¼¯ºÏÉèÖÃÌØ¶¨µÄÏÞÖÆ£¬ÄÇôӦ¸Ã¶Ôÿ¸ö¼¯ºÏʹÓò»Í¬µÄ¹æÔò¡£

ͼ 36 Öеľ¯¸æÏÔʾһ¸ö²»Ã÷Éí·ÝµÄÓû§´ÓÐÅÓÿ¨¼¯ºÏÖÐÏÂÔØÁ˳¬¹ý 200 ¸öÎĵµ¡£

ͼ 36. ¶à¶È·¢ÏÖ¾¯¸æ

Óû§ÊÇ NO_AUTH¡£

MongoDBÊý¾Ý°²È«ºÍ±£»¤--ÅäÖúͲßÂÔ(Ò»£©

   
2844 ´Îä¯ÀÀ       29
Ïà¹ØÎÄÕÂ

»ùÓÚEAµÄÊý¾Ý¿â½¨Ä£
Êý¾ÝÁ÷½¨Ä££¨EAÖ¸ÄÏ£©
¡°Êý¾Ýºþ¡±£º¸ÅÄî¡¢ÌØÕ÷¡¢¼Ü¹¹Óë°¸Àý
ÔÚÏßÉ̳ÇÊý¾Ý¿âϵͳÉè¼Æ ˼·+Ч¹û
 
Ïà¹ØÎĵµ

GreenplumÊý¾Ý¿â»ù´¡Åàѵ
MySQL5.1ÐÔÄÜÓÅ»¯·½°¸
ijµçÉÌÊý¾ÝÖÐ̨¼Ü¹¹Êµ¼ù
MySQL¸ßÀ©Õ¹¼Ü¹¹Éè¼Æ
Ïà¹Ø¿Î³Ì

Êý¾ÝÖÎÀí¡¢Êý¾Ý¼Ü¹¹¼°Êý¾Ý±ê×¼
MongoDBʵս¿Î³Ì
²¢·¢¡¢´óÈÝÁ¿¡¢¸ßÐÔÄÜÊý¾Ý¿âÉè¼ÆÓëÓÅ»¯
PostgreSQLÊý¾Ý¿âʵսÅàѵ
×îл¼Æ»®
DeepSeek´óÄ£ÐÍÓ¦Óÿª·¢ 6-12[ÏÃÃÅ]
È˹¤ÖÇÄÜ.»úÆ÷ѧϰTensorFlow 6-22[Ö±²¥]
»ùÓÚ UML ºÍEA½øÐзÖÎöÉè¼Æ 6-30[±±¾©]
ǶÈëʽÈí¼þ¼Ü¹¹-¸ß¼¶Êµ¼ù 7-9[±±¾©]
Óû§ÌåÑé¡¢Ò×ÓÃÐÔ²âÊÔÓëÆÀ¹À 7-25[Î÷°²]
ͼÊý¾Ý¿âÓë֪ʶͼÆ× 8-23[±±¾©]

MySQLË÷Òý±³ºóµÄÊý¾Ý½á¹¹
MySQLÐÔÄܵ÷ÓÅÓë¼Ü¹¹Éè¼Æ
SQL ServerÊý¾Ý¿â±¸·ÝÓë»Ö¸´
ÈÃÊý¾Ý¿â·ÉÆðÀ´ 10´óDB2ÓÅ»¯
oracleµÄÁÙʱ±í¿Õ¼äдÂú´ÅÅÌ
Êý¾Ý¿âµÄ¿çƽ̨Éè¼Æ


²¢·¢¡¢´óÈÝÁ¿¡¢¸ßÐÔÄÜÊý¾Ý¿â
¸ß¼¶Êý¾Ý¿â¼Ü¹¹Éè¼ÆÊ¦
HadoopÔ­ÀíÓëʵ¼ù
Oracle Êý¾Ý²Ö¿â
Êý¾Ý²Ö¿âºÍÊý¾ÝÍÚ¾ò
OracleÊý¾Ý¿â¿ª·¢Óë¹ÜÀí


GE Çø¿éÁ´¼¼ÊõÓëʵÏÖÅàѵ
º½Ìì¿Æ¹¤Ä³×Ó¹«Ë¾ Nodejs¸ß¼¶Ó¦Óÿª·¢
ÖÐÊ¢Òæ»ª ׿Խ¹ÜÀíÕß±ØÐë¾ß±¸µÄÎåÏîÄÜÁ¦
ijÐÅÏ¢¼¼Êõ¹«Ë¾ PythonÅàѵ
ij²©²ÊITϵͳ³§ÉÌ Ò×ÓÃÐÔ²âÊÔÓëÆÀ¹À
ÖйúÓÊ´¢ÒøÐÐ ²âÊÔ³ÉÊì¶ÈÄ£Ðͼ¯³É(TMMI)
ÖÐÎïÔº ²úÆ·¾­ÀíÓë²úÆ·¹ÜÀí