Yearning introduction and installation of three ways

Introduction

Yearning MYSQL is a SQL statement audit platform. Provide access audit, easy to deploy SQL audit and other functions, support Mysql, that can be resolved between the ring operation and maintenance and development to a certain extent, feature-rich, open source code, installation!

Open source address

https://gitee.com/cookieYe/Yearning

Features

• SQL query query Export Query autocomplete

• SQL chemical review process to detect a single SQL statement SQL statement SQL rollback

• Audit trail history

• Audit inquiry

• Push E-mail Ticket push nail webhook robot work order push

• Other LDAP login and user rights management jigsaw fine-grained division of authority (a total of 12 independent rights can be freely combined)

Module Description

• Dashboard

Yearning main dashboard display of data include the singular number of users / number of data sources / work / query number and other charts, bar personal information the user can change the password / email / real name, but you can view the user rights and permissions apply

 

 

• I work order

Show ticket information submitted by the user., Re-edit sql after for failed / rejected work order details and click submit

For the successful implementation of the work order can be viewed and rapid rollback statement submitted to SQL

 

• Ticket DLL

Related SQL DDL submitted for review, see table structure / index, SQL syntax highlighting / autocomplete

• DML auditing

Related SQL DML submitted for review, SQL syntax highlighting / autocomplete

• Inquire

Query / export data SQL syntax highlighting / autocomplete fast DML statements submitted

• Ticket audit

DDL / DML administrators to review and act on

• Audit inquiry

Audit user queries

• Audit authority

User rights review

• User Management

Create / modify / delete users

• Database Management

Add / Edit / Delete data source

• User rights

User permissions to modify / Clear

• Basic settings and advanced settings

Provided the push message includes information related to staple the robot / email, LDAP setting information, global configuration information, global configuration switch

 

 

• Audit rules

Setting SQL detection rules

Review process

Yearning using binary / multi-level audit mode can be changed using the processes related to the actual demand, the role of executor must be designated (open go to the settings page) after turning on multi-level approval, if need be changed to two multi-level approval level review, please make sure that all multi-level approval of work orders have been confirmed to perform. Otherwise not perform work orders can not be retrieved. When the system does not automatically reset role for the user role holders off the multi-level approval, the user reset their own roles

Two review process:

• 1. submitted to a corresponding work order under the authority of own unit (DDL, DML) to submit tickets

• 2. After receiving the message administrator review the audit work in a work order request single page and execute / reject the corresponding work orders

• 3. Perform the recording will be recorded under the administrator user

Multi-level approval process:

• 1. submit unit (DDL, DML) submitted the ticket to a corresponding work order under the authority of their own,

• 2. After receiving the message administrator review the work order request and consent / reject the corresponding work orders and select the corresponding executor (executor executor must be a role for the user) in the single-page audit work

• 3. After receipt of work order execution executor / dismiss the ticket

• 4. perform recording will be recorded in this user executors

Normal installation

Yearning is not dependent on any third-party audits as a tool for auditing SQL engine, internal audit has to realize his / rollback associated logic. Only rely Mysql database. mysql version must be 5.7 or later, installed themselves in advance and create Yearning database character set should be UTF-8 / UTF8mb4 (Yearning only required mysql version) Yearning only error log output level, no log can be considered an error-free run ! Yearning development support 1080p resolution based on more than just 1080p display and access (available to the official website to download a binary file)

[root@iZbp143t3oxhfc3ar7jey0Z ~]# ll
total 814104
-rw-r--r-- 1 root  root         39 Mar 16 17:58 aaa.text
-rw-r--r-- 1 root  root          0 Mar 16 21:12 b
-rw------- 1 root  root  500336640 Feb 21 22:15 elasticsearch.tar
-rw-r--r-- 1 root  root         25 Mar 16 21:25 file.txt
drwxr-xr-x 4 root  root       4096 Mar  3 13:57 littleTools
drwxr-xr-x 2 root  root       4096 Feb 17 21:39 mysql-5.6.35-linux-glibc2.5-x86_64
-rw-r--r-- 1 root  root  314581668 Feb 17 21:38 mysql-5.6.35-linux-glibc2.5-x86_64.tar.gz
-rw-r--r-- 1 root  root     398872 Mar 16 00:29 netcat-0.7.1.tar.gz
drwxrwxr-x 5 test1 test1      4096 Feb 21 19:41 ngx_openresty-1.9.7.1
-rw-r--r-- 1 root  root    3548444 Dec 25  2015 ngx_openresty-1.9.7.1.tar.gz
-rw-r--r-- 1 root  root       1062 Mar  6 00:07 passwd
drwxrwxr-x 6 root  root       4096 Mar 17 18:42 redis-4.0.12
-rw-r--r-- 1 root  root    1740544 Dec 12  2018 redis-4.0.12.tar.gz
-rw-r--r-- 1 root  root   12981868 Mar 17 19:22 Yearning-2.2.0-fix2.linux-amd64.zip
drwxr-xr-x 3 root  root       4096 Mar 16 10:07 Yearning-go
[root@iZbp143t3oxhfc3ar7jey0Z ~]# cd Yearning-go
[root@iZbp143t3oxhfc3ar7jey0Z Yearning-go]# ll
total 8404
-rw-r--r-- 1 root root     127 Aug  2  2019 conf.toml
drwxr-xr-x 6 root root    4096 Mar 17 09:57 dist
-rw-r--r-- 1 root root     620 Jan  9 10:06 docker-compose.yml
-rw-r--r-- 1 root root     597 Aug 21  2019 Dockerfile
-rw-r--r-- 1 root root     177 Aug 23  2019 # README
-rwxr--r-- 1 root root 8579816 Mar 17 09:58 Yearning
-rw-r--r-- 1 root root     283 Jan 15 16:55 yearning.service
[root@iZbp143t3oxhfc3ar7jey0Z Yearning-go]# vim conf.toml
[root@iZbp143t3oxhfc3ar7jey0Z Yearning-go]# ll
total 8404
-rw-r--r-- 1 root root     171 Mar 17 19:25 conf.toml
drwxr-xr-x 6 root root    4096 Mar 17 09:57 dist
-rw-r--r-- 1 root root     620 Jan  9 10:06 docker-compose.yml
-rw-r--r-- 1 root root     597 Aug 21  2019 Dockerfile
-rw-r--r-- 1 root root     177 Aug 23  2019 # README
-rwxr--r-- 1 root root 8579816 Mar 17 09:58 Yearning
-rw-r--r-- 1 root root     283 Jan 15 16:55 yearning.service
[root@iZbp143t3oxhfc3ar7jey0Z Yearning-go]# ./Yearning -h
version: Yearning/2.2.0 author: HenryYee
Usage: Yearning [the migrate -m] [-p Port] [-s Start] [the bind-Web -b] [Help -H] [- C config File] 

the Options:
  - S Start Yearning
  - (executed when first installed) m initialization data
  - the p-port
  -b nails / platform is displayed when push mail address
  - the X-table structure repair, you can upgrade operation. If an error occurs it can safely ignore.
 - H help
  - c profile path
  -k user permission to change the permissions group (hereinafter 2.1.7 upgrade to 2.1 .7 use and above)
  -f   initialization Admin user password 
[root @ iZbp143t3oxhfc3ar7jey0Z Yearning-Go] # ./Yearning -m 

( /var/jenkins_home/workspace/Yearning-go/src/service/migrate.go:31 ) 
[2020-03-17 19:25:53]  [8.97ms]  INSERT  INTO `core_accounts` (`username`,`password`,`rule`,`department`,`real_name`,`email`) VALUES ('admin','pbkdf2_sha256$120000$cHnTX55niNFu$b9peQgq7+P85E4Qb8q30SeOnxJPPiKryj5VK9foAR7U=','admin','DBA','超级管理员','')
[1 rows affected or returned ]

(/var/jenkins_home/workspace/Yearning-go/src/service/migrate.go:39)
[2020-03-17 19:25:53]  [22.81ms]  INSERT  INTO `core_global_configurations` (`authorization`,`ldap`,`message`,`other`,`stmt`,`audit_role`,`board`) VALUES ('global','{"url":"","user":"","password":"","type":1,"sc":"","ldaps":false}','{"web_hook":"","host":"","port":25,"user":"","password":"","to_user":"","mail":false,"ding":false,"ssl":false}','{"limit":"1000","idc":["Aliyun","AWS"],"multi":false,"query":false,"exclude_db_list":[],"insulate_word_list":[],"register":false,"export":false,"per_order":2,"ex_query_time":60,"query_timeout":0}',0,'{"DMLInsertColumns":false,"DMLMaxInsertRows":10,"DMLWhere":false,"DMLOrder":false,"DMLSelect":false,"DDLCheckTableComment":false,"DDlCheckColumnComment":false,"DDLCheckColumnNullable":false,"DDLCheckColumnDefault":false,"DDLTimeFieldDefault":false,"DDLEnableAcrossDBRename":false,"DDLEnableAutoincrementInit":false,"DDLEnableAutoIncrement":false,"DDLEnableAutoincrementUnsigned":false,"DDLEnableDropTable":false,"DDLEnableDropDatabase":false,"DDLEnableNullIndexName":false,"DDLIndexNameSpec":false,"DDLMaxKeyParts":5,"DDLMaxKey":5,"DDLMaxCharLength":10,"MaxTableNameLen":10,"MaxAffectRows":1000,"MaxDDLAffectRows":0,"EnableSetCollation":false,"EnableSetCharset":false,"SupportCharset":"","SupportCollation":"","CheckIdentifier":false,"MustHaveColumns":"","DDLMultiToSubmit":false,"DDLPrimaryKeyMust":false,"DDLAllowColumnType":false,"DDLImplicitTypeConversion":false,"DMLMinimalRollback":false,"DDLAllowPRINotInt":false,"IsOSC":false,"OscBinDir":"","OscDropNewTable":false,"OscDropOldTable":false,"OscCheckReplicationFilters":false,"OscCheckAlter":false,"OscAlterForeignKeysMethod":"rebuild_constraints","OscMaxLag":1,"OscRecursionMethod":"processlist","OscCheckInterval":1,"OscMaxThreadConnected":25,"OscMaxThreadRunning":25,"OscCriticalThreadConnected":20,"OscCriticalThreadRunning":20,"OscPrintSql":false,"OscChunkTime":0.5,"OscSize":0,"AllowCreateView":false,"AllowCreatePartition":false,"AllowSpecialType":false}','')
[1 rows affected or returned ]

(/var/jenkins_home/workspace/Yearning-go/src/service/migrate.go:46)
[2020-03-17 19:25:53]  [5.59ms]  INSERT  INTO `core_graineds` (`username`,`rule`,`permissions`,`group`) VALUES ('admin','','{"ddl":"1","ddl_source":[],"dml":"1","dml_source":[],"user":"1","base":"1 " , " Auditor " : [], " Query " : " 1 " , " query_source " : []} ', NULL) 
[ 1 rows affected or returned] 
initialization success ! 
 Username: admin 
Password: Yearning_admin 
[root @ iZbp143t3oxhfc3ar7jey0Z Go-Yearning] # ./Yearning -s 
check for updates ....... 
data has been updated ! 

__ __ _____ ___ _____ __ _ _ __ _ _____ 
\ \   / / | ____ | / | | _ \ | \ | | | | | \ | | / ___ | 
 \ \/ /  | |__      / /| | | |_| |  |   \| | | | |   \| | | |
  \  /   |  __|    / / | | |  _  /  | |\   | | | | |\   | | |  _
  / /    | |___   / /  | | | | \ \  | | \  | | | | | \  | | |_| |
 /_/     |_____| /_/   |_| |_|  \_\ |_|  \_| |_| |_|  \_| \_____/  vgolang.ver

Welcome to Yearning
https://yearning.io
____________________________________O/_______
                                    O\
⇨ http server started on [::]:8000
{"time":"2020-03-17T19:29:24.38804852+08:00","level":"ERROR","prefix":"echo","fi                                                                                        le":"dbmanage.go","line":"173","message":"Error 1045: Access denied for user 'ro                                                                                        ot'@'47.111.232.99' (using password: YES)"}
{"time":"2020-03-17T19:56:05.800777325+08:00","level":"ERROR","prefix":"echo","f                                                                                        ile":"group.go","line":"100","message":"code=400, message=Unmarshal type error:                                                                                         expected=[]string, got=bool, field=Permission.ddl_source, offset=124"}

 

 

 Docker installed

[root@iZ1la3d1xbmukrZ Yearning-go]# docker build  -t yearning .
Sending build context to Docker daemon  25.39MB
Step 1/15 : FROM alpine:latest
latest: Pulling from library/alpine
c9b1b535fdd9: Pull complete
Digest: sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d
Status: Downloaded newer image for alpine:latest
 ---> e7d92cdc71fe
Step 2/15 : LABEL maintainer="HenryYee-2019/08/13"
 ---> Running in 4aade2c7d662
Removing intermediate container 4aade2c7d662
 ---> 93d53642bc8b
Step 3/15 : EXPOSE 8000
 ---> Running in 6d8d737e5f56
Removing intermediate container 6d8d737e5f56
 ---> 70c9617c2085
Step 4/15 : COPY Yearning  /opt/Yearning
 ---> fa38bfbc447f
Step 5/15 : COPY dist /opt/dist
 ---> 99524d79fef4
Step 6/15 : COPY conf.toml /opt/conf.toml
 ---> f9c1912a709c
Step 7/15 : RUN mkdir /lib64 && ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2
 ---> Running in 4347dc7c2530
Removing intermediate container 4347dc7c2530
 ---> a172c01b05ab
Step 8/15 : RUN echo "http://mirrors.ustc.edu.cn/alpine/v3.3/main/" > /etc/apk/repositories
 ---> Running in d46ffc850734
Removing intermediate container d46ffc850734
 ---> 2b952b857705
Step 9/15 : RUN apk add --no-cache tzdata
 ---> Running in 84b172beade5
fetch http://mirrors.ustc.edu.cn/alpine/v3.3/main/x86_64/APKINDEX.tar.gz
(1/1) Installing tzdata (2015g-r0)
Executing busybox-1.31.1-r9.trigger
OK: 9 MiB in 15 packages
Removing intermediate container 84b172beade5
 ---> 6829de9be4c8
Step 10/15 : RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
 ---> Running in f92a5657e2d5
Removing intermediate container f92a5657e2d5
 ---> e315e0269def
Step 11/15 : RUN echo "Asia/Shanghai" >> /etc/timezone
 ---> Running in a8c6316b5b57
Removing intermediate container a8c6316b5b57
 ---> dc6ba5a8ec35
Step 12/15 : RUN echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf
 ---> Running in d74577729bad
Removing intermediate container d74577729bad
 ---> 7f1d92ace6fb
Step 13/15 : WORKDIR /opt
 ---> Running in f18d0dff2864
Removing intermediate container f18d0dff2864
 ---> 9395ce234ec9
Step 14/15 : ENTRYPOINT  ["/opt/Yearning"]
 ---> Running in cd718743cc95
Removing intermediate container cd718743cc95
 ---> 2d4ae2f00b84
Step 15/15 : CMD ["-m", "-s"]
 ---> Running in b20f152e339d
Removing intermediate container b20f152e339d
 ---> 093cd1b642a3
Successfully built 093cd1b642a3
Successfully tagged yearning:latest
[root@iZ1la3d1xbmukrZ Yearning-go]# docker images
REPOSITORY                      TAG                 IMAGE ID            CREATED             SIZE
yearning                        latest              093cd1b642a3        7 seconds ago       32.2MB
sonatype/nexus3                 latest              7e6931b4cdf2        3 weeks ago         640MB
wojiushixiaobai/jms_guacamole   1.5.6               af71674d07a4        6 weeks ago         659MB
wojiushixiaobai/jms_koko        1.5.6               2561f1397767        6 weeks ago         357MB
alpine                          latest              e7d92cdc71fe        8 weeks ago         5.59MB
sonatype/nexus                  pro-2.14.16         f27405473ed3        8 weeks ago         482MB
sonatype/nexus                  oss                 8027e6db5d67        8 weeks ago         452MB
jpetazzo/nsenter                latest              4167ddcfcec6        13 months ago       375MB
[root@iZ1la3d1xbmukrZ Yearning-go]# docker run -d -it -p 8000:8000 -e MYSQL_USER=root -e MYSQL_ADDR=rm-bp1y5jh712124eh9clo.mysql.rds.aliyuncs.com:3306 -e MYSQL_PASSWORD=1qaz@WSX -e MYSQL_DB=sqlcheck yearning
e84f849d7742545b2af488e84aac5092f9ebb44e2d14fa1f2c7b4bf4285474df
[root@iZ1la3d1xbmukrZ Yearning-go]# docker ps -l
CONTAINER ID        IMAGE               COMMAND                 CREATED             STATUS              PORTS                    NAMES
e84f849d7742        yearning            "/opt/Yearning -m -s"   5 seconds ago       Up 3 seconds        0.0.0.0:8000->8000/tcp   affectionate_jepsen
[root@iZ1la3d1xbmukrZ Yearning-go]# lsof -i:8000
-bash: lsof: command not found
[root@iZ1la3d1xbmukrZ Yearning-go]# netstat -nltp |grep 8000
tcp6       0      0 :::8000                 :::*                    LISTEN      30400/docker-proxy
[root@iZ1la3d1xbmukrZ Yearning-go]#

 

 

 docker-compose Installation

version: '3'

services:
  yearning:
    image: yearning
    depends_on:
      - mysql
    environment:
      MYSQL_USER: yearning
      MYSQL_PASSWORD: ukC2ZkcG_ZTeb
      MYSQL_ADDR: mysql
      MYSQL_DB: yearning
    ports:
      - 8000:8000

  mysql:
    image: mysql:5.7
    environment:
      MYSQL_ROOT_PASSWORD: ukC2ZkcG_ZTeb
      MYSQL_DATABASE: yearning
      MYSQL_USER: yearning
      MYSQL_PASSWORD: ukC2ZkcG_ZTeb
    command:
      - --character-set-server=utf8mb4
      - --collation-server=utf8mb4_unicode_ci

 

 

 

 Note: Although my first application dependent mysql, but the first time, or will display Rom, you need to perform another