MySQL审查工具_Mysql审核工具archery

Mysql审核工具archery

系统：Centos6.8

ip:192.168.122.150

安装Python和virtualenv

编译安装

[root@www ~]# yum install wget gcc make zlib-devel openssl openssl-devel

[root@www src]# wget "https://www.python.org/ftp/python/3.6.5/Python-3.6.5.tar.xz"

[root@www src]# tar -xvf Python-3.6.5.tar.xz

[root@www src]# cd Python-3.6.5

[root@www Python-3.6.5]# ./configure prefix=/usr/local/python3

[root@www Python-3.6.5]# make && make install

[root@www Python-3.6.5]# ln -fs /usr/local/python3/bin/python3 /usr/bin/python3

[root@www Python-3.6.5]# ln -fs /usr/local/python3/bin/pip3 /usr/bin/pip3

virtualenv

[root@www ~]# pip3 install virtualenv -i https://mirrors.ustc.edu.cn/pypi/web/simple/

[root@www ~]# pip3 install -U pip

[root@www ~]# ln -fs /usr/local/python3/bin/virtualenv /usr/bin/virtualenv

安装Archery

准备虚拟环境

编译安装python的使用

[root@www ~]# virtualenv venv4archery --python=python3

切换python运行环境到虚拟环境

[root@www ~]# source venv4archery/bin/activate

安装ODBC依赖

[root@www Archery-1.5.3]# yum install unixODBC-devel -y

下载release包，安装依赖库

[root@www ~]# wget "https://github.com/hhyo/archery/archive/v1.5.3.tar.gz"

[root@www ~]# tar -xzvf v1.5.3.tar.gz

安装系统依赖

[root@www ~]# yum -y install gcc gcc-c++ python-devel mysql-devel openldap-devel unixODBC-devel gettext

安装依赖库

[root@www ~]# cd Archery-1.5.3/

[root@www Archery-1.5.3]# pip3 install -r requirements.txt -i https://mirrors.ustc.edu.cn/pypi/web/simple/

如果出现报一下错误

解决方法：

安装mysql5.7，然后安装以下依赖即可

[root@www Archery-1.5.3]# yum install mysql-devel -y

(venv4archery) [root@www Archery-1.5.3]# find / -name mysql_config.1.gz

/usr/share/man/man1/mysql_config.1.gz

(venv4archery) [root@www Archery-1.5.3]# find / -name mysql_config

/usr/bin/mysql_config

[root@www Archery-1.5.3]# pip3 install -r requirements.txt -i https://mirrors.ustc.edu.cn/pypi/web/simple/

出现报错

解决方法：

[root@www Archery-1.5.3]# yum install openldap -y

[root@www Archery-1.5.3]# yum install openldap-clients -y

[root@www Archery-1.5.3]# yum install openldap-devel -y

[root@www Archery-1.5.3]# pip3 install -r requirements.txt -i https://mirrors.ustc.edu.cn/pypi/web/simple/

(venv4archery) [root@www Archery-1.5.3]# echo $?

0

修改配置

[root@www Archery-1.5.3]# vim archery/settings.py

安全修改

修改Prpcrypt的key信息，该key用于数据库密码等信息加密，目前是硬编码在代码内 aes_decryptor.py

基础配置

关闭debug模式

DEBUG = False

设置ALLOWED_HOSTS，建议限制内网访问

ALLOWED_HOSTS = ['*']

请求大小限制，如果提交SQL语句过大可以修改该值

DATA_UPLOAD_MAX_MEMORY_SIZE = 15728640

密码校验，用户注册和添加密码校验规则

AUTH_PASSWORD_VALIDATORS = [

{

'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',

},

{

'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',

'OPTIONS': {

'min_length': 9,

}

},

{

'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',

},

{

'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',

},

]

MySQL配置

建议MySQL版本5.6以上

MongoDB配置

themis审核需要执行eval()命令，参考配置Allow user to execute eval() command on MongoDB 3.x}

创建角色

use admin

switched to db admin

db.createRole( { role: "executeFunctions", privileges: [ { resource: { anyResource: true }, actions: [ "anyAction" ] } ], roles: [] } )

{

"role" : "executeFunctions",

"privileges" : [

{

"resource" : {

"anyResource" : true

},

"actions" : [

"anyAction"

]

}

],

"roles" : [ ]

}

给用户分配角色

use themis

switched to db themis

db.grantRolesToUser("dbuser", [ { role: "executeFunctions", db: "admin" } ])

修改配置

MONGODB_DATABASES = {

"default": {

"NAME": 'themis', # 数据库

"USER": '', # 用户名

"PASSWORD": '', # 密码

"HOST": '127.0.0.1', # 数据库HOST

"PORT": 27017, # 数据库端口

},

}

Django-Q配置

默认配置即可，也可参考django-q文档修改

Q_CLUSTER = {

'name': 'archery',

'workers': 4,

'recycle': 500,

'timeout': 60,

'compress': True,

'cpu_affinity': 1,

'save_limit': 0,

'queue_limit': 50,

'label': 'Django Q',

'django_redis': 'default'

}

缓存配置

缓存使用redis

CACHES = {

"default": {

"BACKEND": "django_redis.cache.RedisCache",

"LOCATION": "redis://127.0.0.1:6379/0", # redis://host:port/db

"OPTIONS": {

"CLIENT_CLASS": "django_redis.client.DefaultClient",

}

}

}

mysql> create database archery default character set utf8;

Query OK, 1 row affected (0.14 sec)

mysql> grant all privileges on archery.* to root@'127.0.0.1' identified by 'abc123';

Query OK, 0 rows affected, 1 warning (0.46 sec)

mysql> flush privileges;

Query OK, 0 rows affected (0.14 sec)

mysql>exit

安装redis略

启动准备

数据库初始化

[root@www Archery-1.5.3]# python3 manage.py makemigrations sqlpython3 manage.py migrate

[root@www Archery-1.5.3]# python3 manage.py migrate

编译翻译文件

[root@www Archery-1.5.3]# python3 manage.py compilemessages

创建管理用户

python3 manage.py createsuperuser

(venv4archery) [root@www Archery-1.5.3]# python3 manage.py createsuperuser

Username: admin #用户

Email address: #填写你的邮箱地址

Password: admin123

Password (again): admin123

Superuser created successfully.

启动Django-Q

需要保持后台运行，用于消息推送、工单执行、定时执行，可使用supervisor进行管理

source /opt/venv4archery/bin/activate

python3 manage.py qcluster &

启动服务

runserver启动

source /root/venv4archery/bin/activate

python3 manage.py runserver 0.0.0.0:9123 --insecure

关闭防火墙，或者开放9123端口 账号密码就是刚刚创建的admin admin123