mongodb的審計功能
-
概述
mongodb分為社群版和企業版,只有企業版才有審計功能。 -
下載和安裝
mongodb的企業版下載連結:https://www.mongodb.com/try/download/enterprise
安裝mongodb的rpm包時會提示缺少依賴包,可通過yum的方式安裝所需的依賴包
yum install net-snmp cyrus-sasl cyrus-sasl-plain cyrus-sasl-gssapi rpm -ivh *.rpm -
配置審計功能
安裝完成後預設的配置檔案為/etc/mongod.conf
vi mongod.conf …… auditLog: destination: file format: BSON path: /var/lib/mongo/auditLog.bson filter: '{ atype: "authenticate" }' ……
按照以上配置可開啟mongod的登入日誌。 -
測試審計功能
mongodb安裝完成後,預設沒有開啟認證,可使用--auth的方式開啟認證。
使用mongo命令可登入mongodb的資料庫,進入資料庫後,可使用如下命令為資料庫新增test的賬號:
`MongoDB Enterprise > use admin
switched to db admin
MongoDB Enterprise > db.createUser(
... {
... user:"test",
... pwd:"test1234",
... roles:[{role:"userAdminAnyDatabase",db:"admin"}]
... }
... )
Successfully added user: {
"user" : "test",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
MongoDB Enterprise > exit
bye
測試如下:mongo -port 27017 -u "test" -p "test1234" --authenticationDatabase "admin"`
退出登入後,在/var/lib/mongo/auditLog.bson中會記錄本次登入日誌,該日誌為bson格式,可使用mongodb提供的bsondump命令檢視:
`# ./bsondump /var/lib/mongo/auditLog.bson
{"atype":"authenticate","ts":{"$date":{"$numberLong":"1599459319718"}},"local":{"ip":"127.0.0.1","port":{"$numberInt":"27017"}},"remote":{"ip":"127.0.0.1","port":{"$numberInt":"50458"}},"users":[{"user":"test","db":"admin"}],"roles":[{"role":"userAdminAnyDatabase","db":"admin"}],"param":{"user":"test","db":"admin","mechanism":"SCRAM-SHA-256"},"result":{"$numberInt":"0"}}
2020-09-07T15:31:48.051+0800 1 objects found
`
bsondump工具的下載連結:
https://www.mongodb.com/try/download/database-tools