ggaudit 감사postgresql

11927 단어 #postgresqlextension
os: ubuntu 16.04 db: postgresql 9.6.8 pgaudit: 1.1.1
ggaudit는postgresql의 extension 형식으로 존재하며 표준postgresql 로그 도구를 통해 자세한 세션과/또는 대상 감사 로그 기록을 제공합니다.ggaudit의 목표는postgresql에 감사 로그를 생성하는 것입니다.

릴리즈

# lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 16.04.5 LTS
Release:	16.04
Codename:	xenial


$ psql
psql (9.6.8)
Type "help" for help.

postgres=# select version();
                                                                   version                                                                    
----------------------------------------------------------------------------------------------------------------------------------------------
 PostgreSQL 9.6.8 on x86_64-pc-linux-gnu (Ubuntu 9.6.8-1.pgdg16.04+1), compiled by gcc (Ubuntu 5.4.0-6ubuntu1~16.04.9) 5.4.0 20160609, 64-bit
(1 row)

postgres=#

설치 다운로드


pgAudit versions relate to PostgreSQL major versions as follows:
pgAudit v1.3.X is intended to support PostgreSQL 11. pgAudit v1.2.X is intended to support PostgreSQL 10. pgAudit v1.1.X is intended to support PostgreSQL 9.6. pgAudit v1.0.X is intended to support PostgreSQL 9.5. 
# su - postgres
$ wget https://github.com/pgaudit/pgaudit/archive/1.1.1.zip
$ unzip 1.1.1.zip
$ ls -l
total 172
-rw-rw-r-- 1 postgres postgres  35875 Dec 19 14:28 1.1.1.zip
drwxr-xr-x 3 postgres postgres   4096 Nov  7 09:02 9.6
drwxrwxr-x 5 postgres postgres   4096 Jun 27  2017 pgaudit-1.1.1

$ cd pgaudit-1.1.1
$ make USE_PGXS=1

gcc -Wall -Wmissing-prototypes -Wpointer-arith -Wdeclaration-after-statement -Wendif-labels -Wmissing-format-attribute -Wformat-security -fno-strict-aliasing -fwrapv -fexcess-precision=standard -g -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -fPIC -pie -fno-omit-frame-pointer -fPIC -I. -I./ -I/usr/include/postgresql/9.6/server -I/usr/include/postgresql/internal -Wdate-time -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -I/usr/include/libxml2  -I/usr/include/mit-krb5  -c -o pgaudit.o pgaudit.c
In file included from /usr/include/postgresql/9.6/server/libpq/auth.h:17:0,
                 from pgaudit.c:26:
/usr/include/postgresql/9.6/server/libpq/libpq-be.h:36:27: fatal error: gssapi/gssapi.h: No such file or directory
compilation terminated.
: recipe for target 'pgaudit.o' failed
make: *** [pgaudit.o] Error 1

메이크 타임즈 오류를 냈는데 가방이 부족해서 그런 거예요.
$ sudo apt install libkrb5-dev

postgresql은 apt install로 설치되어 있기 때문에 루트 권한을 사용하려면make install
$ make USE_PGXS=1

$ sudo make install USE_PGXS=1

설치 후 파일 목록 보기
$ ls -l /usr/lib/postgresql/9.6/lib |grep -i audit
-rwxr-xr-x 1 root root 103024 Dec 19 14:49 pgaudit.so

$ ls -l /usr/share/postgresql/9.6/extension |grep -i audit
-rw-r--r-- 1 root root   248 Dec 19 14:49 pgaudit--1.0--1.1.1.sql
-rw-r--r-- 1 root root   615 Dec 19 14:49 pgaudit--1.1.1.sql
-rw-r--r-- 1 root root   145 Dec 19 14:49 pgaudit.control

이제 설치가 완료되었습니다.

pgaudit 만들기

$ vi /etc/postgresql/9.6/main/postgresql.conf

shared_preload_libraries = 'pgaudit,pg_stat_statements'

$ sudo /etc/init.d/postgresql restart
$ psql 
psql (9.6.8)
Type "help" for help.

postgres=# 
postgres=# select * from pg_available_extensions where name like '%audit%';
  name   | default_version | installed_version |             comment             
---------+-----------------+-------------------+---------------------------------
 pgaudit | 1.1.1           |                   | provides auditing functionality
(1 row)

postgres=#

postgres=# create extension pgaudit;

이로써

pgaudit의 매개 변수

postgres=# select name,setting from pg_settings where name like 'pgaudit%';
            name            | setting 
----------------------------+---------
 pgaudit.log                | none
 pgaudit.log_catalog        | on
 pgaudit.log_client         | off
 pgaudit.log_level          | log
 pgaudit.log_parameter      | off
 pgaudit.log_relation       | off
 pgaudit.log_statement_once | off
 pgaudit.role               | 
(8 rows)


$ vi /etc/postgresql/9.6/main/postgresql.conf

pgaudit.log = 'all, -misc'
pgaudit.log_catalog = on
pgaudit.log_client = on
pgaudit.log_level = log
pgaudit.log_parameter = on
pgaudit.log_relation = on
pgaudit.log_statement_once = on

이 몇 개의 매개 변수가 대표하는 의미를 자세히 보아라.

생성된 로그 보기


set create table insert into select

$ psql 
psql (9.6.8)
Type "help" for help.

postgres=# 
postgres=# set pgaudit.log = 'all, -misc';

postgres=# create table account
(
    id int,
    name text,
    password text,
    description text
);

postgres=# insert into account (id, name, password, description)
             values (1, 'user1', 'HASH1', 'blah, blah');

postgres=# select * from account;

해당 로그
2018-12-19 15:20:29.386 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,6,"idle",2018-12-19 15:17:27 CST,2/36,0,LOG,00000,"statement: set pgaudit.log = 'all, -misc';",,,,,,,,,"psql"
2018-12-19 15:20:41.707 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,7,"idle",2018-12-19 15:17:27 CST,2/37,0,LOG,00000,"statement: create table account
(
    id int,
    name text,
    password text,
    description text
);",,,,,,,,,"psql"
2018-12-19 15:20:41.748 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,8,"CREATE TABLE",2018-12-19 15:17:27 CST,2/37,454353307,LOG,00000,"AUDIT: SESSION,2,1,DDL,CREATE TABLE,TABLE,public.account,""create table account
(
    id int,
    name text,
    password text,
    description text
);"",",,,,,,,,,"psql"
2018-12-19 15:20:49.530 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,9,"idle",2018-12-19 15:17:27 CST,2/38,0,LOG,00000,"statement: insert into account (id, name, password, description)
             values (1, 'user1', 'HASH1', 'blah, blah');",,,,,,,,,"psql"
2018-12-19 15:20:49.530 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,10,"INSERT",2018-12-19 15:17:27 CST,2/38,0,LOG,00000,"AUDIT: SESSION,3,1,WRITE,INSERT,TABLE,public.account,""insert into account (id, name, password, description)
             values (1, 'user1', 'HASH1', 'blah, blah');"",",,,,,,,,,"psql"
2018-12-19 15:20:57.948 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,11,"idle",2018-12-19 15:17:27 CST,2/39,0,LOG,00000,"statement: select * from account;",,,,,,,,,"psql"
2018-12-19 15:20:57.948 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,12,"SELECT",2018-12-19 15:17:27 CST,2/39,0,LOG,00000,"AUDIT: SESSION,4,1,READ,SELECT,TABLE,public.account,select * from account;,",,,,,,,,,"psql"

AUDIT 단어 찾기

update create index delete truncate drop table

postgres=# update account set name='user2' where id=1;
postgres=# create index idx_account_x1 on account(id);
postgres=# delete from account where id=1;
postgres=# truncate table account;
postgres=# drop table account;

2018-12-19 15:27:01.672 CST,"postgres","postgres",10963,"[local]",5c19f2c5.2ad3,2,"authentication",2018-12-19 15:27:01 CST,3/111,0,LOG,00000,"connection authorized: user=postgres database=postgres",,,,,,,,,""
2018-12-19 15:27:01.673 CST,"postgres","postgres",10963,"[local]",5c19f2c5.2ad3,3,"idle",2018-12-19 15:27:01 CST,3/112,0,LOG,00000,"statement: select pg_is_in_recovery(); ",,,,,,,,,"psql"
2018-12-19 15:27:01.674 CST,"postgres","postgres",10963,"[local]",5c19f2c5.2ad3,4,"SELECT",2018-12-19 15:27:01 CST,3/112,0,LOG,00000,"AUDIT: SESSION,1,1,READ,SELECT,,,select pg_is_in_recovery(); ,",,,,,,,,,"psql"
2018-12-19 15:27:01.674 CST,"postgres","postgres",10963,"[local]",5c19f2c5.2ad3,5,"idle",2018-12-19 15:27:01 CST,,0,LOG,00000,"disconnection: session time: 0:00:00.003 user=postgres database=postgres host=[local]",,,,,,,,,"psql"

2018-12-19 15:27:08.112 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,13,"idle",2018-12-19 15:17:27 CST,2/40,0,LOG,00000,"statement: update account set name='user2' where id=1;",,,,,,,,,"psql"
2018-12-19 15:27:08.112 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,14,"UPDATE",2018-12-19 15:17:27 CST,2/40,0,LOG,00000,"AUDIT: SESSION,5,1,WRITE,UPDATE,TABLE,public.account,update account set name='user2' where id=1;,",,,,,,,,,"psql"

2018-12-19 15:27:13.902 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,15,"idle",2018-12-19 15:17:27 CST,2/41,0,LOG,00000,"statement: create index idx_account_x1 on account(id);",,,,,,,,,"psql"
2018-12-19 15:27:13.908 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,16,"CREATE INDEX",2018-12-19 15:17:27 CST,2/41,454353310,LOG,00000,"AUDIT: SESSION,6,1,DDL,CREATE INDEX,INDEX,public.idx_account_x1,create index idx_account_x1 on account(id);,",,,,,,,,,"psql"

2018-12-19 15:27:19.215 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,17,"idle",2018-12-19 15:17:27 CST,2/42,0,LOG,00000,"statement: delete from account where id=1;",,,,,,,,,"psql"
2018-12-19 15:27:19.215 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,18,"DELETE",2018-12-19 15:17:27 CST,2/42,0,LOG,00000,"AUDIT: SESSION,7,1,WRITE,DELETE,TABLE,public.account,delete from account where id=1;,",,,,,,,,,"psql"

2018-12-19 15:27:24.831 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,19,"idle",2018-12-19 15:17:27 CST,2/43,0,LOG,00000,"statement: truncate table account;",,,,,,,,,"psql"
2018-12-19 15:27:24.851 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,20,"TRUNCATE TABLE",2018-12-19 15:17:27 CST,2/43,454353312,LOG,00000,"AUDIT: SESSION,8,1,WRITE,TRUNCATE TABLE,,,truncate table account;,",,,,,,,,,"psql"

2018-12-19 15:27:30.207 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,21,"idle",2018-12-19 15:17:27 CST,2/44,0,LOG,00000,"statement: drop table account;",,,,,,,,,"psql"
2018-12-19 15:27:30.238 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,22,"DROP TABLE",2018-12-19 15:17:27 CST,2/44,454353313,LOG,00000,"AUDIT: SESSION,9,1,DDL,DROP TABLE,TABLE,public.account,drop table account;,",,,,,,,,,"psql"
2018-12-19 15:27:30.238 CST,"postgres","postgres",10371,"[local]",5c19f087.2883,23,"DROP TABLE",2018-12-19 15:17:27 CST,2/44,454353313,LOG,00000,"AUDIT: SESSION,9,1,DDL,DROP TABLE,INDEX,public.idx_account_x1,,",,,,,,,,,"psql"

참조:https://www.pgaudit.org/
https://github.com/pgaudit/pgaudit https://github.com/pgaudit/pgaudit/blob/master/README.md
OSX El Capitan의 Tmux 2.0 오류
Vue2 학습 노트: 이벤트 대상, 이벤트 거품, 기본 행동

좋은 웹페이지 즐겨찾기

개발자 우수 사이트 수집

개발자가 알아야 할 필수 사이트 100선 추천 우리는 당신을 위해 100개의 자주 사용하는 개발자 학습 사이트를 정리했습니다
best100-homepage