安装Archery开源SQL审计平台

本文详细介绍了如何在CentOS系统上安装Docker、docker-compose,并配置Archery项目,包括MySQL、Redis、Inception等服务的部署,以及docker-compose.yml文件的修改和应用。
摘要由CSDN通过智能技术生成

1、安装docker

#检查之前有没有安装过旧版本docker
yum list installed | grep docker
#如果有旧版本就卸载
yum -y remove 包名
#安装yum管理工具
yum install -y yum-utils device-mapper-persistent-data lvm2
#添加docker的yum源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
#安装docker-ce
yum install docker-ce -y
#启动docker服务,加入开机自启,查看版本
systemctl start docker
systemctl enable docker
docker version

2、安装docker-compose

curl -L "https://github.com/docker/compose/releases/download/"指定版本"/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
 
chmod +x /usr/local/bin/docker-compose

3、安装archery

docker pull registry.cn-hangzhou.aliyuncs.com/lihuanhuan/archery

4、下载Archery包

#安装git
yum -y install git
#下载Archery
git clone https://github.com/hhyo/Archery.git

5、修改配置

docker-compose.yml文件内的services可按照本身的运行环境来调整,同时注意检查版本号是否正确,比如说外部已经装好了mysql、redis、inception,就可以将对应的services删除, 但是需要注意修改settings.py文件的相关配置 根据网站中的说明,修改mysql,redis,inception 的配置,也可以不修改,直接运行配置,会自动运行对应的镜像

5.1、修改docker-compose.yml

version: '3'

services:
  redis:
    image: redis:5
    container_name: redis
    restart: always
    command: redis-server --requirepass 123456 #密码
    expose:
      - "6379" #端口

  mysql:
    image: mysql:5.7
    container_name: mysql
    restart: always
    ports:
      - "3306:3306"
    volumes:
      - "./mysql/my.cnf:/etc/mysql/my.cnf"
      - "./mysql/datadir:/var/lib/mysql"
    environment:
      MYSQL_DATABASE: archery
      MYSQL_ROOT_PASSWORD: 123456 #root密码

  inception:
    image: hhyo/inception
    container_name: inception
    restart: always
    expose:
      - "6669"
    volumes:
      - "./inception/inc.cnf:/etc/inc.cnf"

  goinception:
    image: hanchuanchuan/goinception
    container_name: goinception
    restart: always
    ports:
      - "4000:4000"
    volumes:
      - "./inception/config.toml:/etc/config.toml"

  archery:
    image: hhyo/archery:v1.8.2
    container_name: archery
    restart: always
    ports:
      - "9123:9123" #端口
    volumes:
      - "./archery/settings.py:/opt/archery/archery/settings.py"
      - "./archery/soar.yaml:/etc/soar.yaml"
      - "./archery/docs.md:/opt/archery/docs/docs.md"
      - "./archery/downloads:/opt/archery/downloads"
      - "./archery/sql/migrations:/opt/archery/sql/migrations"
      - "./archery/logs:/opt/archery/logs"
	entrypoint: "dockerize -wait tcp://mysql:3306 -wait tcp://redis:6379 -timeout 60s 			 /opt/archery/src/docker/startup.sh" #若是本地需要修改ip
    environment:
      NGINX_PORT: 9123

5.2、 修改archery/settings.py

# 该项目本身的mysql数据库地址
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'archery', #数据库
        'USER': 'root', #用户
        'PASSWORD': 'P@ssw0rd_njxg', #密码
        'HOST': 'mysql', #数据库ip
        'PORT': '3306', #端口
        'OPTIONS': {
            'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
            'charset': 'utf8mb4'
        },
        'TEST': {
            'NAME': 'test_archery',
            'CHARSET': 'utf8mb4',
        },
    }
}

CACHES = {
    "default": {
        "BACKEND": "django_redis.cache.RedisCache",
        "LOCATION": "redis://redis:6379/0", #redis地址
        "OPTIONS": {
            "CLIENT_CLASS": "django_redis.client.DefaultClient",
            "PASSWORD": "123456" #redis密码
        }
    },
    "dingding": {
        "BACKEND": "django_redis.cache.RedisCache",
        "LOCATION": "redis://redis:6379/1", #redis地址
        "OPTIONS": {
            "CLIENT_CLASS": "django_redis.client.DefaultClient",
            "PASSWORD": "123456" #redis密码
        }
    }
}

6、启动

docker-compose -f docker-compose.yml up -d
CONTAINER ID        IMAGE                       COMMAND                  CREATED             STATUS              PORTS                               NAMES
8abc468500bd        mysql:5.7                   "docker-entrypoint.s…"   2 hours ago         Up 2 hours          0.0.0.0:3306->3306/tcp, 33060/tcp   mysql
b9ffa8710c65        hanchuanchuan/goinception   "/usr/local/bin/dumb…"   2 hours ago         Up 2 hours          4000/tcp                            goinception
5ebbaa722433        redis:5                     "docker-entrypoint.s…"   2 hours ago         Up 2 hours          6379/tcp                            redis
718e83ed00e6        hhyo/archery:1.7.12         "dockerize -wait tcp…"   2 hours ago         Up 2 hours          0.0.0.0:9123->9123/tcp              archery
c77fb994581b        hhyo/inception              "/bin/sh -c 'nohup /…"   2 hours ago         Up 2 hours          6669/tcp                            inception

7、表结构和数据初始化

docker exec -ti archery /bin/bash
source /opt/venv4archery/bin/activate
#表结构初始化
python3 manage.py makemigrations sql
python3 manage.py migrate
#数据初始化
python3 manage.py dbshell<sql/fixtures/auth_group.sql
python3 manage.py dbshell<src/init_sql/mysql_slow_query_review.sql

8、重启容器(在容器外执行)

docker restart archery

9、日志和问题排查

#路径logs/archery.log
docker logs archery -f --tail=50

10、访问

http://ip:port

11、修改archery端口

11.1、修改docker-compose.yml

 #修改配置文件
 archery:
    image: hhyo/archery:v1.8.2
    container_name: archery
    restart: always
    ports:
      - "9123:9123" #端口
    volumes:
      - "./archery/settings.py:/opt/archery/archery/settings.py"
      - "./archery/soar.yaml:/etc/soar.yaml"
      - "./archery/docs.md:/opt/archery/docs/docs.md"
      - "./archery/downloads:/opt/archery/downloads"
      - "./archery/sql/migrations:/opt/archery/sql/migrations"
      - "./archery/logs:/opt/archery/logs"
	entrypoint: "dockerize -wait tcp://mysql:3306 -wait tcp://redis:6379 -timeout 60s 			 /opt/archery/src/docker/startup.sh" #若是本地需要修改ip
    environment:
      NGINX_PORT: 9123
#执行命令
docker-compose -f docker-compose.yml up -d

11.2、进入archery容器修改nginx配置文件

docker exec -ti archery /bin/bash
#配置文件位置
/etc/nginx/nginx.conf
/opt/archery/src/docker/nginx.conf

server{
        listen 9123; # 监听的端口(改为你需要的端口)
        server_name archery;
        client_max_body_size 20M; # 处理Request Entity Too Large
        proxy_read_timeout 600s;  # 超时时间与Gunicorn超时时间设置一致,主要用于在线查询

        location / {
          proxy_pass http://127.0.0.1:8000;
          proxy_set_header Host $host:9123; # 解决重定向404的问题,和listen端口保持一致,如果是docker则和宿主机映射端口保持一致
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
        }

11.3修改容器端口

#查看容器CONTAINER ID
docker ps
#停止容器
docker stop CONTAINER ID
#停止docker服务
systemctl stop docker
#修改配置文件,端口全部修改掉
cd /var/lib/docker/containers/CONTAINER ID*
vi hostconfig.json
vi config.v2.json
#退出容器,重启
systemctl start docker
docker start CONTAINER ID

12、 redis并以配置文件方式启动

12.1、创建文件夹,从网上拉取conf配置文件放入文件夹内

redis 6.0.6 下载 -- Redis中国用户组(CRUG)(redis官网)

# 注释符号 #
# 1. 注释 bind 127.0.0.1
# 2. protected-mode yes 修改成 protected-mode no
# 3. 添加 requirepass yourpassword (注:不添加则可以无密码访问)

# 注:步骤1和步骤的2目的是为了远程连接redis,如果只需本地访问就无需修改。

#  bind 127.0.0.1
protected-mode no

12.2、启动

docker run -p 6379:6379 --name redis -v /var/lib/redis.conf:/etc/redis/redis.conf  -v /var/lib/data:/data -d redis redis-server /etc/redis/redis.conf --appendonly yes

配置解释:

-p 6379:6379: 第一个端口是宿主机端口(服务器端口),第二个端口是容器端口(容器是一个个沙箱外部不不能访问的),将容器的6379端口映射到宿主机的6379端口上,这样可以通过访问宿主机6379来访问redis;

–name iredis: 容器的名字 iredis 方便以后操作容器(docker start iredis ;docker stop iredis 等等);

-v /home/docker/redis/config/redis.conf:/etc/redis/redis.conf: 挂载持久化配置 /home/docker/redis/config/redis.conf :是宿主机(服务器)你自己的redis.conf文件路径 /etc/redis/redis.conf : 容器内部的redis.conf文件路径,不用手动创建,容器启动时会把上边宿主机的redis.conf自动映射到改目录下. 这样在修改redis.conf文件时候就不用进入到容器内部去修改了

-v /home/docker/redis/data:/data: 挂载持久化文件 /home/docker/redis/data是宿主机中持久化文件的位置,/data是容器中持久化文件的位置

-d : 后台启动

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值