mysql themis_MySQL 审核工具 archery

MySQL 审核工具 archery

系统: Centos6.8

ip:192.168.122.150

安装 Python 和 virtualenv

编译安装[[emailprotected]~]#yum install wget gcc make zlib-devel openssl openssl-devel

[[emailprotected]src]#wget""

[[emailprotected]src]#tar-xvfPython-3.6.5.tar.xz

[[emailprotected]src]#cdPython-3.6.5

[[emailprotected]Python-3.6.5]#./configure prefix=/usr/local/python3

[[emailprotected]Python-3.6.5]#make&&make install

[[emailprotected]Python-3.6.5]#ln-fs/usr/local/python3/bin/python3/usr/bin/python3

[[emailprotected]Python-3.6.5]#ln-fs/usr/local/python3/bin/pip3/usr/bin/pip3

virtualenv

[[emailprotected]~]#pip3 install virtualenv-i https://mirrors.ustc.edu.cn/pypi/web/simple/

[[emailprotected]~]#pip3 install-U pip

[[emailprotected]~]#ln-fs/usr/local/python3/bin/virtualenv/usr/bin/virtualenv

安装 Archery

准备虚拟环境

编译安装 python 的使用

[[email protected] ~]# virtualenv venv4archery --python=python3

切换 python 运行环境到虚拟环境

[[email protected] ~]# source venv4archery/bin/activate

安装 ODBC 依赖

[[email protected] Archery-1.5.3]# yum install unixODBC-devel -y

下载 release 包, 安装依赖库[[emailprotected]~]#wget""

[[emailprotected]~]#tar-xzvf v1.5.3.tar.gz

安装系统依赖

[[email protected] ~]# yum -y install gcc gcc-c++ python-devel MySQL-devel openldap-devel unixODBC-devel gettext

安装依赖库[[emailprotected]~]#cdArchery-1.5.3/

[[emailprotected]Archery-1.5.3]#pip3 install-r requirements.txt-i https://mirrors.ustc.edu.cn/pypi/web/simple/

如果出现报一下错误

解决方法:

安装 mysql5.7, 然后安装以下依赖即可[[emailprotected]Archery-1.5.3]#yum installMySQL-devel-y

(venv4archery)[[emailprotected]Archery-1.5.3]#find/-name mysql_config.1.gz

/usr/share/man/man1/mysql_config.1.gz

(venv4archery)[[emailprotected]Archery-1.5.3]#find/-name mysql_config

/usr/bin/mysql_config

[[emailprotected]Archery-1.5.3]#pip3 install-r requirements.txt-i https://mirrors.ustc.edu.cn/pypi/web/simple/

出现报错

解决方法:[[emailprotected]Archery-1.5.3]#yum install openldap-y

[[emailprotected]Archery-1.5.3]#yum install openldap-clients-y

[[emailprotected]Archery-1.5.3]#yum install openldap-devel-y

[[emailprotected]Archery-1.5.3]#pip3 install-r requirements.txt-i https://mirrors.ustc.edu.cn/pypi/web/simple/

(venv4archery)[[emailprotected]Archery-1.5.3]#echo $?

0

修改配置

[[email protected] Archery-1.5.3]# VIM archery/settings.py

安全修改

修改 Prpcrypt 的 key 信息, 该 key 用于数据库密码等信息加密, 目前是硬编码在代码内 aes_decryptor.py

基础配置

关闭 debug 模式

DEBUG = False

设置 ALLOWED_HOSTS, 建议限制内网访问

ALLOWED_HOSTS = ['*']

请求大小限制, 如果提交 SQL 语句过大可以修改该值

DATA_UPLOAD_MAX_MEMORY_SIZE = 15728640

密码校验, 用户注册和添加密码校验规则AUTH_PASSWORD_VALIDATORS=[

{

'NAME':'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',

},

{

'NAME':'django.contrib.auth.password_validation.MinimumLengthValidator',

'OPTIONS':{

'min_length':9,

}

},

{

'NAME':'django.contrib.auth.password_validation.CommonPasswordValidator',

},

{

'NAME':'django.contrib.auth.password_validation.NumericPasswordValidator',

},

]

MySQL 配置

建议 MySQL 版本 5.6 以上

MongoDB 配置

themis 审核需要执行 eval() 命令, 参考配置 Allow user to execute eval() command on MongoDB 3.x}

创建角色useadmin

switched to db admin

db.createRole({

role:"executeFunctions",privileges:[{

resource:{

anyResource:true

},actions:["anyAction"]

}],roles:[]

})

{

"role":"executeFunctions",

"privileges":[

{

"resource":{

"anyResource":true

},

"actions":[

"anyAction"

]

}

],

"roles":[]

}

给用户分配角色usethemis

switched to db themis

db.grantRolesToUser("dbuser",[{

role:"executeFunctions",db:"admin"

}])

修改配置MONGODB_DATABASES={

"default":{

"NAME":'themis',# 数据库

"USER":'',# 用户名"PASSWORD":'', # 密码

"HOST":'127.0.0.1',# 数据库 HOST

"PORT":27017,# 数据库端口

},

}

Django-Q 配置

默认配置即可, 也可参考 django-q 文档修改Q_CLUSTER={

'name':'archery',

'workers':4,

'recycle':500,

'timeout':60,

'compress':True,

'cpu_affinity':1,

'save_limit':0,

'queue_limit':50,

'label':'Django Q',

'django_redis':'default'

}

缓存配置

缓存使用 RedisCACHES={

"default":{

"BACKEND":"django_redis.cache.RedisCache",

"LOCATION":"redis://127.0.0.1:6379/0",# Redis://host:port/db

"OPTIONS":{

"CLIENT_CLASS":"django_redis.client.DefaultClient",

}

}

}

MySQL>create database archerydefaultcharactersetutf8;

QueryOK,1row affected(0.14sec)

MySQL>grant all privileges on archery.*to[emailprotected]'127.0.0.1'identifiedby'abc123';

QueryOK,0rows affected,1warning(0.46sec)

MySQL>flush privileges;

QueryOK,0rows affected(0.14sec)

MySQL>exit

安装 Redis 略

启动准备

数据库初始化

[[email protected] Archery-1.5.3]# python3 manage.py makemigrations sqlpython3 manage.py migrate

[[email protected] Archery-1.5.3]# python3 manage.py migrate

编译翻译文件

[[email protected] Archery-1.5.3]# python3 manage.py compilemessages

创建管理用户python3 manage.py createsuperuser

(venv4archery)[[emailprotected]Archery-1.5.3]#python3 manage.py createsuperuser

Username:admin#用户

Emailaddress:#填写你的邮箱地址

Password:admin123

Password(again):admin123

Superuser created successfully.

启动 Django-Q

需要保持后台运行, 用于消息推送, 工单执行, 定时执行, 可使用 supervisor 进行管理source/opt/venv4archery/bin/activate

python3 manage.py qcluster&

启动服务

runserver 启动source/root/venv4archery/bin/activate

python3 manage.py runserver0.0.0.0:9123--insecure

关闭防火墙, 或者开放 9123 端口 账号密码就是刚刚创建的 admin admin123

来源: http://www.bubuko.com/infodetail-3064101.html