Introduction
Yearning MYSQL is a SQL statement audit platform. Provide access audit, easy to deploy SQL audit and other functions, support Mysql, that can be resolved between the ring operation and maintenance and development to a certain extent, feature-rich, open source code, installation!
Open source address
https://gitee.com/cookieYe/Yearning
Features
-
SQL query query Export Query autocomplete
-
SQL chemical review process to detect a single SQL statement SQL statement SQL rollback
-
Audit trail history
-
Audit inquiry
-
Push E-mail Ticket push nail webhook robot work order push
-
Other LDAP login and user rights management jigsaw fine-grained division of authority (a total of 12 independent rights can be freely combined)
Module Description
-
Dashboard
Yearning main dashboard display of data include the singular number of users / number of data sources / work / query number and other charts, bar personal information the user can change the password / email / real name, but you can view the user rights and permissions apply
-
I work order
Show ticket information submitted by the user., Re-edit sql after for failed / rejected work order details and click submit
For the successful implementation of the work order can be viewed and rapid rollback statement submitted to SQL
-
Ticket DLL
Related SQL DDL submitted for review, see table structure / index, SQL syntax highlighting / autocomplete
-
DML auditing
Related SQL DML submitted for review, SQL syntax highlighting / autocomplete
-
Inquire
Query / export data SQL syntax highlighting / autocomplete fast DML statements submitted
-
Ticket audit
DDL / DML administrators to review and act on
-
Audit inquiry
Audit user queries
-
Audit authority
User rights review
-
User Management
Create / modify / delete users
-
Database Management
Add / Edit / Delete data source
-
User rights
User permissions to modify / Clear
-
Basic settings and advanced settings
Provided the push message includes information related to staple the robot / email, LDAP setting information, global configuration information, global configuration switch
-
Audit rules
Setting SQL detection rules
Review process
Yearning using binary / multi-level audit mode can be changed using the processes related to the actual demand, the role of executor must be designated (open go to the settings page) after turning on multi-level approval, if need be changed to two multi-level approval level review, please make sure that all multi-level approval of work orders have been confirmed to perform. Otherwise not perform work orders can not be retrieved. When the system does not automatically reset role for the user role holders off the multi-level approval, the user reset their own roles
Two review process:
-
1. submitted to a corresponding work order under the authority of own unit (DDL, DML) to submit tickets
-
2. After receiving the message administrator review the audit work in a work order request single page and execute / reject the corresponding work orders
-
3. Perform the recording will be recorded under the administrator user
Multi-level approval process:
-
1. submit unit (DDL, DML) submitted the ticket to a corresponding work order under the authority of their own,
-
2. After receiving the message administrator review the work order request and consent / reject the corresponding work orders and select the corresponding executor (executor executor must be a role for the user) in the single-page audit work
-
3. After receipt of work order execution executor / dismiss the ticket
-
4. perform recording will be recorded in this user executors
Normal installation
Yearning is not dependent on any third-party audits as a tool for auditing SQL engine, internal audit has to realize his / rollback associated logic. Only rely Mysql database. mysql version must be 5.7 or later, installed themselves in advance and create Yearning database character set should be UTF-8 / UTF8mb4 (Yearning only required mysql version) Yearning only error log output level, no log can be considered an error-free run ! Yearning development support 1080p resolution based on more than just 1080p display and access (available to the official website to download a binary file)
[root@iZbp143t3oxhfc3ar7jey0Z ~]# ll total 814104 -rw-r--r-- 1 root root 39 Mar 16 17:58 aaa.text -rw-r--r-- 1 root root 0 Mar 16 21:12 b -rw------- 1 root root 500336640 Feb 21 22:15 elasticsearch.tar -rw-r--r-- 1 root root 25 Mar 16 21:25 file.txt drwxr-xr-x 4 root root 4096 Mar 3 13:57 littleTools drwxr-xr-x 2 root root 4096 Feb 17 21:39 mysql-5.6.35-linux-glibc2.5-x86_64 -rw-r--r-- 1 root root 314581668 Feb 17 21:38 mysql-5.6.35-linux-glibc2.5-x86_64.tar.gz -rw-r--r-- 1 root root 398872 Mar 16 00:29 netcat-0.7.1.tar.gz drwxrwxr-x 5 test1 test1 4096 Feb 21 19:41 ngx_openresty-1.9.7.1 -rw-r--r-- 1 root root 3548444 Dec 25 2015 ngx_openresty-1.9.7.1.tar.gz -rw-r--r-- 1 root root 1062 Mar 6 00:07 passwd drwxrwxr-x 6 root root 4096 Mar 17 18:42 redis-4.0.12 -rw-r--r-- 1 root root 1740544 Dec 12 2018 redis-4.0.12.tar.gz -rw-r--r-- 1 root root 12981868 Mar 17 19:22 Yearning-2.2.0-fix2.linux-amd64.zip drwxr-xr-x 3 root root 4096 Mar 16 10:07 Yearning-go [root@iZbp143t3oxhfc3ar7jey0Z ~]# cd Yearning-go [root@iZbp143t3oxhfc3ar7jey0Z Yearning-go]# ll total 8404 -rw-r--r-- 1 root root 127 Aug 2 2019 conf.toml drwxr-xr-x 6 root root 4096 Mar 17 09:57 dist -rw-r--r-- 1 root root 620 Jan 9 10:06 docker-compose.yml -rw-r--r-- 1 root root 597 Aug 21 2019 Dockerfile -rw-r--r-- 1 root root 177 Aug 23 2019 # README -rwxr--r-- 1 root root 8579816 Mar 17 09:58 Yearning -rw-r--r-- 1 root root 283 Jan 15 16:55 yearning.service [root@iZbp143t3oxhfc3ar7jey0Z Yearning-go]# vim conf.toml [root@iZbp143t3oxhfc3ar7jey0Z Yearning-go]# ll total 8404 -rw-r--r-- 1 root root 171 Mar 17 19:25 conf.toml drwxr-xr-x 6 root root 4096 Mar 17 09:57 dist -rw-r--r-- 1 root root 620 Jan 9 10:06 docker-compose.yml -rw-r--r-- 1 root root 597 Aug 21 2019 Dockerfile -rw-r--r-- 1 root root 177 Aug 23 2019 # README -rwxr--r-- 1 root root 8579816 Mar 17 09:58 Yearning -rw-r--r-- 1 root root 283 Jan 15 16:55 yearning.service [root@iZbp143t3oxhfc3ar7jey0Z Yearning-go]# ./Yearning -h version: Yearning/2.2.0 author: HenryYee Usage: Yearning [the migrate -m] [-p Port] [-s Start] [the bind-Web -b] [Help -H] [- C config File] the Options: - S Start Yearning - (executed when first installed) m initialization data - the p-port -b nails / platform is displayed when push mail address - the X-table structure repair, you can upgrade operation. If an error occurs it can safely ignore. - H help - c profile path -k user permission to change the permissions group (hereinafter 2.1.7 upgrade to 2.1 .7 use and above) -f initialization Admin user password [root @ iZbp143t3oxhfc3ar7jey0Z Yearning-Go] # ./Yearning -m ( /var/jenkins_home/workspace/Yearning-go/src/service/migrate.go:31 ) [2020-03-17 19:25:53] [8.97ms] INSERT INTO `core_accounts` (`username`,`password`,`rule`,`department`,`real_name`,`email`) VALUES ('admin','pbkdf2_sha256$120000$cHnTX55niNFu$b9peQgq7+P85E4Qb8q30SeOnxJPPiKryj5VK9foAR7U=','admin','DBA','超级管理员','') [1 rows affected or returned ] (/var/jenkins_home/workspace/Yearning-go/src/service/migrate.go:39) [2020-03-17 19:25:53] [22.81ms] INSERT INTO `core_global_configurations` (`authorization`,`ldap`,`message`,`other`,`stmt`,`audit_role`,`board`) VALUES ('global','{"url":"","user":"","password":"","type":1,"sc":"","ldaps":false}','{"web_hook":"","host":"","port":25,"user":"","password":"","to_user":"","mail":false,"ding":false,"ssl":false}','{"limit":"1000","idc":["Aliyun","AWS"],"multi":false,"query":false,"exclude_db_list":[],"insulate_word_list":[],"register":false,"export":false,"per_order":2,"ex_query_time":60,"query_timeout":0}',0,'{"DMLInsertColumns":false,"DMLMaxInsertRows":10,"DMLWhere":false,"DMLOrder":false,"DMLSelect":false,"DDLCheckTableComment":false,"DDlCheckColumnComment":false,"DDLCheckColumnNullable":false,"DDLCheckColumnDefault":false,"DDLTimeFieldDefault":false,"DDLEnableAcrossDBRename":false,"DDLEnableAutoincrementInit":false,"DDLEnableAutoIncrement":false,"DDLEnableAutoincrementUnsigned":false,"DDLEnableDropTable":false,"DDLEnableDropDatabase":false,"DDLEnableNullIndexName":false,"DDLIndexNameSpec":false,"DDLMaxKeyParts":5,"DDLMaxKey":5,"DDLMaxCharLength":10,"MaxTableNameLen":10,"MaxAffectRows":1000,"MaxDDLAffectRows":0,"EnableSetCollation":false,"EnableSetCharset":false,"SupportCharset":"","SupportCollation":"","CheckIdentifier":false,"MustHaveColumns":"","DDLMultiToSubmit":false,"DDLPrimaryKeyMust":false,"DDLAllowColumnType":false,"DDLImplicitTypeConversion":false,"DMLMinimalRollback":false,"DDLAllowPRINotInt":false,"IsOSC":false,"OscBinDir":"","OscDropNewTable":false,"OscDropOldTable":false,"OscCheckReplicationFilters":false,"OscCheckAlter":false,"OscAlterForeignKeysMethod":"rebuild_constraints","OscMaxLag":1,"OscRecursionMethod":"processlist","OscCheckInterval":1,"OscMaxThreadConnected":25,"OscMaxThreadRunning":25,"OscCriticalThreadConnected":20,"OscCriticalThreadRunning":20,"OscPrintSql":false,"OscChunkTime":0.5,"OscSize":0,"AllowCreateView":false,"AllowCreatePartition":false,"AllowSpecialType":false}','') [1 rows affected or returned ] (/var/jenkins_home/workspace/Yearning-go/src/service/migrate.go:46) [2020-03-17 19:25:53] [5.59ms] INSERT INTO `core_graineds` (`username`,`rule`,`permissions`,`group`) VALUES ('admin','','{"ddl":"1","ddl_source":[],"dml":"1","dml_source":[],"user":"1","base":"1 " , " Auditor " : [], " Query " : " 1 " , " query_source " : []} ', NULL) [ 1 rows affected or returned] initialization success ! Username: admin Password: Yearning_admin [root @ iZbp143t3oxhfc3ar7jey0Z Go-Yearning] # ./Yearning -s check for updates ....... data has been updated ! __ __ _____ ___ _____ __ _ _ __ _ _____ \ \ / / | ____ | / | | _ \ | \ | | | | | \ | | / ___ | \ \/ / | |__ / /| | | |_| | | \| | | | | \| | | | \ / | __| / / | | | _ / | |\ | | | | |\ | | | _ / / | |___ / / | | | | \ \ | | \ | | | | | \ | | |_| | /_/ |_____| /_/ |_| |_| \_\ |_| \_| |_| |_| \_| \_____/ vgolang.ver Welcome to Yearning https://yearning.io ____________________________________O/_______ O\ ⇨ http server started on [::]:8000 {"time":"2020-03-17T19:29:24.38804852+08:00","level":"ERROR","prefix":"echo","fi le":"dbmanage.go","line":"173","message":"Error 1045: Access denied for user 'ro ot'@'47.111.232.99' (using password: YES)"} {"time":"2020-03-17T19:56:05.800777325+08:00","level":"ERROR","prefix":"echo","f ile":"group.go","line":"100","message":"code=400, message=Unmarshal type error: expected=[]string, got=bool, field=Permission.ddl_source, offset=124"}
Docker installed
[root@iZ1la3d1xbmukrZ Yearning-go]# docker build -t yearning . Sending build context to Docker daemon 25.39MB Step 1/15 : FROM alpine:latest latest: Pulling from library/alpine c9b1b535fdd9: Pull complete Digest: sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d Status: Downloaded newer image for alpine:latest ---> e7d92cdc71fe Step 2/15 : LABEL maintainer="HenryYee-2019/08/13" ---> Running in 4aade2c7d662 Removing intermediate container 4aade2c7d662 ---> 93d53642bc8b Step 3/15 : EXPOSE 8000 ---> Running in 6d8d737e5f56 Removing intermediate container 6d8d737e5f56 ---> 70c9617c2085 Step 4/15 : COPY Yearning /opt/Yearning ---> fa38bfbc447f Step 5/15 : COPY dist /opt/dist ---> 99524d79fef4 Step 6/15 : COPY conf.toml /opt/conf.toml ---> f9c1912a709c Step 7/15 : RUN mkdir /lib64 && ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2 ---> Running in 4347dc7c2530 Removing intermediate container 4347dc7c2530 ---> a172c01b05ab Step 8/15 : RUN echo "http://mirrors.ustc.edu.cn/alpine/v3.3/main/" > /etc/apk/repositories ---> Running in d46ffc850734 Removing intermediate container d46ffc850734 ---> 2b952b857705 Step 9/15 : RUN apk add --no-cache tzdata ---> Running in 84b172beade5 fetch http://mirrors.ustc.edu.cn/alpine/v3.3/main/x86_64/APKINDEX.tar.gz (1/1) Installing tzdata (2015g-r0) Executing busybox-1.31.1-r9.trigger OK: 9 MiB in 15 packages Removing intermediate container 84b172beade5 ---> 6829de9be4c8 Step 10/15 : RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ---> Running in f92a5657e2d5 Removing intermediate container f92a5657e2d5 ---> e315e0269def Step 11/15 : RUN echo "Asia/Shanghai" >> /etc/timezone ---> Running in a8c6316b5b57 Removing intermediate container a8c6316b5b57 ---> dc6ba5a8ec35 Step 12/15 : RUN echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf ---> Running in d74577729bad Removing intermediate container d74577729bad ---> 7f1d92ace6fb Step 13/15 : WORKDIR /opt ---> Running in f18d0dff2864 Removing intermediate container f18d0dff2864 ---> 9395ce234ec9 Step 14/15 : ENTRYPOINT ["/opt/Yearning"] ---> Running in cd718743cc95 Removing intermediate container cd718743cc95 ---> 2d4ae2f00b84 Step 15/15 : CMD ["-m", "-s"] ---> Running in b20f152e339d Removing intermediate container b20f152e339d ---> 093cd1b642a3 Successfully built 093cd1b642a3 Successfully tagged yearning:latest [root@iZ1la3d1xbmukrZ Yearning-go]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE yearning latest 093cd1b642a3 7 seconds ago 32.2MB sonatype/nexus3 latest 7e6931b4cdf2 3 weeks ago 640MB wojiushixiaobai/jms_guacamole 1.5.6 af71674d07a4 6 weeks ago 659MB wojiushixiaobai/jms_koko 1.5.6 2561f1397767 6 weeks ago 357MB alpine latest e7d92cdc71fe 8 weeks ago 5.59MB sonatype/nexus pro-2.14.16 f27405473ed3 8 weeks ago 482MB sonatype/nexus oss 8027e6db5d67 8 weeks ago 452MB jpetazzo/nsenter latest 4167ddcfcec6 13 months ago 375MB [root@iZ1la3d1xbmukrZ Yearning-go]# docker run -d -it -p 8000:8000 -e MYSQL_USER=root -e MYSQL_ADDR=rm-bp1y5jh712124eh9clo.mysql.rds.aliyuncs.com:3306 -e MYSQL_PASSWORD=1qaz@WSX -e MYSQL_DB=sqlcheck yearning e84f849d7742545b2af488e84aac5092f9ebb44e2d14fa1f2c7b4bf4285474df [root@iZ1la3d1xbmukrZ Yearning-go]# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e84f849d7742 yearning "/opt/Yearning -m -s" 5 seconds ago Up 3 seconds 0.0.0.0:8000->8000/tcp affectionate_jepsen [root@iZ1la3d1xbmukrZ Yearning-go]# lsof -i:8000 -bash: lsof: command not found [root@iZ1la3d1xbmukrZ Yearning-go]# netstat -nltp |grep 8000 tcp6 0 0 :::8000 :::* LISTEN 30400/docker-proxy [root@iZ1la3d1xbmukrZ Yearning-go]#
docker-compose Installation
version: '3' services: yearning: image: yearning depends_on: - mysql environment: MYSQL_USER: yearning MYSQL_PASSWORD: ukC2ZkcG_ZTeb MYSQL_ADDR: mysql MYSQL_DB: yearning ports: - 8000:8000 mysql: image: mysql:5.7 environment: MYSQL_ROOT_PASSWORD: ukC2ZkcG_ZTeb MYSQL_DATABASE: yearning MYSQL_USER: yearning MYSQL_PASSWORD: ukC2ZkcG_ZTeb command: - --character-set-server=utf8mb4 - --collation-server=utf8mb4_unicode_ci
Note: Although my first application dependent mysql, but the first time, or will display Rom, you need to perform another