介紹
Yearning MYSQL 是一個SQL語句審核平台。提供查詢審計,SQL審核等多種功能,支持Mysql,可以在一定程度上解決運維與開發之間的那一環,功能豐富,代碼開源,安裝部署容易!
開源地址
https://gitee.com/cookieYe/Yearning
功能介紹
-
SQL查詢查詢導出查詢自動補全
-
SQL審核流程化工單SQL語句檢測SQL語句執行SQL回滾
-
歷史審核記錄
-
查詢審計
-
推送E-mail工單推送釘釘webhook機器人工單推送
-
其他LDAP登陸用戶權限及管理拼圖式細粒度權限划分(共12項獨立權限,可隨意組合)
模塊介紹
-
Dashboard
dashboard主要展示Yearning各項數據包括用戶數/數據源數/工單數/查詢數以及其他圖表,個人信息欄內用戶可以修改密碼/郵箱/真實姓名,同時可以查看該用戶權限以及申請權限
-
我的工單
展示用戶提交的工單信息.,對於執行失敗/駁回的工單點擊詳細信息后可以重新修改sql並提交
對於執行成功的工單可以查看回滾語句並且快速提交SQL
-
工單DLL
DDL相關SQL提交審核,查看表結構/索引,SQL語法高亮/自動補全
-
DML審核
DML相關SQL提交審核,SQL語法高亮/自動補全
-
查詢
查詢/導出數據 SQL語法高亮/自動補全 快速DML語句提交
-
工單審核
DDL/DML管理員審核並執行
-
查詢審核
用戶查詢審核
-
權限審核
用戶權限審核
-
用戶管理
創建/修改/刪除用戶
-
數據庫管理
添加/編輯/刪除 數據源
-
用戶權限
用戶權限修改/清空
-
基礎設置和進階設置
設置消息推送相關信息 包括釘釘機器人/email,設置LDAP相關信息,全局配置信息,全局配置開關
-
審核規則
設置SQL檢測規則
審核流程
Yearning采用二級/多級的審核模式,可根據實際需求變更相關使用流程,執行人角色必須在開啟多級審核之后才可指定(開啟請前往設置頁面),如果需要將多級審核改為二級審核,請先確保所有多級審核的工單都已確認執行。否則未執行工單將無法找回。當多級審核關閉后系統並不會自動將角色為執行人的用戶重置角色,請自行重置相應用戶角色
二級審核流程:
-
1.使用人根據自己擁有的權限向對應的工單提交單元(DDL,DML)提交工單
-
2.管理員收到消息后在審核工單頁面審核該工單請求並執行/駁回 對應工單
-
3.執行記錄將會記錄在該管理員用戶下
多級審核流程:
-
1.使用人根據自己擁有的權限向對應的工單提交單元(DDL,DML)提交工單,
-
2.管理員收到消息后在審核工單頁面審核該工單請求並同意/駁回 對應工單並選擇對應執行人(執行人必須是角色為執行人的用戶)
-
3.執行人收到工單后 執行/駁回該工單
-
4.執行記錄將會記錄在該執行人用戶下
普通安裝
Yearning 不依賴於任何第三方SQL審核工具作為審核引擎,內部已自己實現審核/回滾相關邏輯。僅依賴Mysql數據庫。mysql版本必須5.7及以上版本,請事先自行安裝完畢且創建Yearning庫,字符集應為UTF-8/UTF8mb4 (僅Yearning所需mysql版本)Yearning日志僅輸出error級別,沒有日志即可認為無運行錯誤!Yearning 基於1080p分辨率開發僅支持1080p及以上顯示器訪問(可到官網下載二進制文件)
[root@iZbp143t3oxhfc3ar7jey0Z ~]# ll total 814104 -rw-r--r-- 1 root root 39 Mar 16 17:58 aaa.text -rw-r--r-- 1 root root 0 Mar 16 21:12 b -rw------- 1 root root 500336640 Feb 21 22:15 elasticsearch.tar -rw-r--r-- 1 root root 25 Mar 16 21:25 file.txt drwxr-xr-x 4 root root 4096 Mar 3 13:57 littleTools drwxr-xr-x 2 root root 4096 Feb 17 21:39 mysql-5.6.35-linux-glibc2.5-x86_64 -rw-r--r-- 1 root root 314581668 Feb 17 21:38 mysql-5.6.35-linux-glibc2.5-x86_64.tar.gz -rw-r--r-- 1 root root 398872 Mar 16 00:29 netcat-0.7.1.tar.gz drwxrwxr-x 5 test1 test1 4096 Feb 21 19:41 ngx_openresty-1.9.7.1 -rw-r--r-- 1 root root 3548444 Dec 25 2015 ngx_openresty-1.9.7.1.tar.gz -rw-r--r-- 1 root root 1062 Mar 6 00:07 passwd drwxrwxr-x 6 root root 4096 Mar 17 18:42 redis-4.0.12 -rw-r--r-- 1 root root 1740544 Dec 12 2018 redis-4.0.12.tar.gz -rw-r--r-- 1 root root 12981868 Mar 17 19:22 Yearning-2.2.0-fix2.linux-amd64.zip drwxr-xr-x 3 root root 4096 Mar 16 10:07 Yearning-go [root@iZbp143t3oxhfc3ar7jey0Z ~]# cd Yearning-go [root@iZbp143t3oxhfc3ar7jey0Z Yearning-go]# ll total 8404 -rw-r--r-- 1 root root 127 Aug 2 2019 conf.toml drwxr-xr-x 6 root root 4096 Mar 17 09:57 dist -rw-r--r-- 1 root root 620 Jan 9 10:06 docker-compose.yml -rw-r--r-- 1 root root 597 Aug 21 2019 Dockerfile -rw-r--r-- 1 root root 177 Aug 23 2019 # README -rwxr--r-- 1 root root 8579816 Mar 17 09:58 Yearning -rw-r--r-- 1 root root 283 Jan 15 16:55 yearning.service [root@iZbp143t3oxhfc3ar7jey0Z Yearning-go]# vim conf.toml [root@iZbp143t3oxhfc3ar7jey0Z Yearning-go]# ll total 8404 -rw-r--r-- 1 root root 171 Mar 17 19:25 conf.toml drwxr-xr-x 6 root root 4096 Mar 17 09:57 dist -rw-r--r-- 1 root root 620 Jan 9 10:06 docker-compose.yml -rw-r--r-- 1 root root 597 Aug 21 2019 Dockerfile -rw-r--r-- 1 root root 177 Aug 23 2019 # README -rwxr--r-- 1 root root 8579816 Mar 17 09:58 Yearning -rw-r--r-- 1 root root 283 Jan 15 16:55 yearning.service [root@iZbp143t3oxhfc3ar7jey0Z Yearning-go]# ./Yearning -h version: Yearning/2.2.0 author: HenryYee Usage: Yearning [-m migrate] [-p port] [-s start] [-b web-bind] [-h help] [-c config file] Options: -s 啟動Yearning -m 數據初始化(第一次安裝時執行) -p 端口 -b 釘釘/郵件推送時顯示的平台地址 -x 表結構修復,升級時可以操作。如出現錯誤可直接忽略。 -h 幫助 -c 配置文件路徑 -k 用戶權限變更為權限組(2.1.7以下升級至2.1.7及以上使用) -f 初始化Admin用戶密碼 [root@iZbp143t3oxhfc3ar7jey0Z Yearning-go]# ./Yearning -m (/var/jenkins_home/workspace/Yearning-go/src/service/migrate.go:31) [2020-03-17 19:25:53] [8.97ms] INSERT INTO `core_accounts` (`username`,`password`,`rule`,`department`,`real_name`,`email`) VALUES ('admin','pbkdf2_sha256$120000$cHnTX55niNFu$b9peQgq7+P85E4Qb8q30SeOnxJPPiKryj5VK9foAR7U=','admin','DBA','超級管理員','') [1 rows affected or returned ] (/var/jenkins_home/workspace/Yearning-go/src/service/migrate.go:39) [2020-03-17 19:25:53] [22.81ms] INSERT INTO `core_global_configurations` (`authorization`,`ldap`,`message`,`other`,`stmt`,`audit_role`,`board`) VALUES ('global','{"url":"","user":"","password":"","type":1,"sc":"","ldaps":false}','{"web_hook":"","host":"","port":25,"user":"","password":"","to_user":"","mail":false,"ding":false,"ssl":false}','{"limit":"1000","idc":["Aliyun","AWS"],"multi":false,"query":false,"exclude_db_list":[],"insulate_word_list":[],"register":false,"export":false,"per_order":2,"ex_query_time":60,"query_timeout":0}',0,'{"DMLInsertColumns":false,"DMLMaxInsertRows":10,"DMLWhere":false,"DMLOrder":false,"DMLSelect":false,"DDLCheckTableComment":false,"DDlCheckColumnComment":false,"DDLCheckColumnNullable":false,"DDLCheckColumnDefault":false,"DDLTimeFieldDefault":false,"DDLEnableAcrossDBRename":false,"DDLEnableAutoincrementInit":false,"DDLEnableAutoIncrement":false,"DDLEnableAutoincrementUnsigned":false,"DDLEnableDropTable":false,"DDLEnableDropDatabase":false,"DDLEnableNullIndexName":false,"DDLIndexNameSpec":false,"DDLMaxKeyParts":5,"DDLMaxKey":5,"DDLMaxCharLength":10,"MaxTableNameLen":10,"MaxAffectRows":1000,"MaxDDLAffectRows":0,"EnableSetCollation":false,"EnableSetCharset":false,"SupportCharset":"","SupportCollation":"","CheckIdentifier":false,"MustHaveColumns":"","DDLMultiToSubmit":false,"DDLPrimaryKeyMust":false,"DDLAllowColumnType":false,"DDLImplicitTypeConversion":false,"DMLMinimalRollback":false,"DDLAllowPRINotInt":false,"IsOSC":false,"OscBinDir":"","OscDropNewTable":false,"OscDropOldTable":false,"OscCheckReplicationFilters":false,"OscCheckAlter":false,"OscAlterForeignKeysMethod":"rebuild_constraints","OscMaxLag":1,"OscRecursionMethod":"processlist","OscCheckInterval":1,"OscMaxThreadConnected":25,"OscMaxThreadRunning":25,"OscCriticalThreadConnected":20,"OscCriticalThreadRunning":20,"OscPrintSql":false,"OscChunkTime":0.5,"OscSize":0,"AllowCreateView":false,"AllowCreatePartition":false,"AllowSpecialType":false}','') [1 rows affected or returned ] (/var/jenkins_home/workspace/Yearning-go/src/service/migrate.go:46) [2020-03-17 19:25:53] [5.59ms] INSERT INTO `core_graineds` (`username`,`rule`,`permissions`,`group`) VALUES ('admin','','{"ddl":"1","ddl_source":[],"dml":"1","dml_source":[],"user":"1","base":"1","auditor":[],"query":"1","query_source":[]}',NULL) [1 rows affected or returned ] 初始化成功! 用戶名: admin 密碼:Yearning_admin [root@iZbp143t3oxhfc3ar7jey0Z Yearning-go]# ./Yearning -s 檢查更新....... 數據已更新! __ __ _____ ___ _____ __ _ _ __ _ _____ \ \ / / | ____| / | | _ \ | \ | | | | | \ | | / ___| \ \/ / | |__ / /| | | |_| | | \| | | | | \| | | | \ / | __| / / | | | _ / | |\ | | | | |\ | | | _ / / | |___ / / | | | | \ \ | | \ | | | | | \ | | |_| | /_/ |_____| /_/ |_| |_| \_\ |_| \_| |_| |_| \_| \_____/ vgolang.ver Welcome to Yearning https://yearning.io ____________________________________O/_______ O\ ⇨ http server started on [::]:8000 {"time":"2020-03-17T19:29:24.38804852+08:00","level":"ERROR","prefix":"echo","fi le":"dbmanage.go","line":"173","message":"Error 1045: Access denied for user 'ro ot'@'47.111.232.99' (using password: YES)"} {"time":"2020-03-17T19:56:05.800777325+08:00","level":"ERROR","prefix":"echo","f ile":"group.go","line":"100","message":"code=400, message=Unmarshal type error: expected=[]string, got=bool, field=Permission.ddl_source, offset=124"}
Docker 方式安裝
[root@iZ1la3d1xbmukrZ Yearning-go]# docker build -t yearning . Sending build context to Docker daemon 25.39MB Step 1/15 : FROM alpine:latest latest: Pulling from library/alpine c9b1b535fdd9: Pull complete Digest: sha256:ab00606a42621fb68f2ed6ad3c88be54397f981a7b70a79db3d1172b11c4367d Status: Downloaded newer image for alpine:latest ---> e7d92cdc71fe Step 2/15 : LABEL maintainer="HenryYee-2019/08/13" ---> Running in 4aade2c7d662 Removing intermediate container 4aade2c7d662 ---> 93d53642bc8b Step 3/15 : EXPOSE 8000 ---> Running in 6d8d737e5f56 Removing intermediate container 6d8d737e5f56 ---> 70c9617c2085 Step 4/15 : COPY Yearning /opt/Yearning ---> fa38bfbc447f Step 5/15 : COPY dist /opt/dist ---> 99524d79fef4 Step 6/15 : COPY conf.toml /opt/conf.toml ---> f9c1912a709c Step 7/15 : RUN mkdir /lib64 && ln -s /lib/libc.musl-x86_64.so.1 /lib64/ld-linux-x86-64.so.2 ---> Running in 4347dc7c2530 Removing intermediate container 4347dc7c2530 ---> a172c01b05ab Step 8/15 : RUN echo "http://mirrors.ustc.edu.cn/alpine/v3.3/main/" > /etc/apk/repositories ---> Running in d46ffc850734 Removing intermediate container d46ffc850734 ---> 2b952b857705 Step 9/15 : RUN apk add --no-cache tzdata ---> Running in 84b172beade5 fetch http://mirrors.ustc.edu.cn/alpine/v3.3/main/x86_64/APKINDEX.tar.gz (1/1) Installing tzdata (2015g-r0) Executing busybox-1.31.1-r9.trigger OK: 9 MiB in 15 packages Removing intermediate container 84b172beade5 ---> 6829de9be4c8 Step 10/15 : RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ---> Running in f92a5657e2d5 Removing intermediate container f92a5657e2d5 ---> e315e0269def Step 11/15 : RUN echo "Asia/Shanghai" >> /etc/timezone ---> Running in a8c6316b5b57 Removing intermediate container a8c6316b5b57 ---> dc6ba5a8ec35 Step 12/15 : RUN echo 'hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4' >> /etc/nsswitch.conf ---> Running in d74577729bad Removing intermediate container d74577729bad ---> 7f1d92ace6fb Step 13/15 : WORKDIR /opt ---> Running in f18d0dff2864 Removing intermediate container f18d0dff2864 ---> 9395ce234ec9 Step 14/15 : ENTRYPOINT ["/opt/Yearning"] ---> Running in cd718743cc95 Removing intermediate container cd718743cc95 ---> 2d4ae2f00b84 Step 15/15 : CMD ["-m", "-s"] ---> Running in b20f152e339d Removing intermediate container b20f152e339d ---> 093cd1b642a3 Successfully built 093cd1b642a3 Successfully tagged yearning:latest [root@iZ1la3d1xbmukrZ Yearning-go]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE yearning latest 093cd1b642a3 7 seconds ago 32.2MB sonatype/nexus3 latest 7e6931b4cdf2 3 weeks ago 640MB wojiushixiaobai/jms_guacamole 1.5.6 af71674d07a4 6 weeks ago 659MB wojiushixiaobai/jms_koko 1.5.6 2561f1397767 6 weeks ago 357MB alpine latest e7d92cdc71fe 8 weeks ago 5.59MB sonatype/nexus pro-2.14.16 f27405473ed3 8 weeks ago 482MB sonatype/nexus oss 8027e6db5d67 8 weeks ago 452MB jpetazzo/nsenter latest 4167ddcfcec6 13 months ago 375MB [root@iZ1la3d1xbmukrZ Yearning-go]# docker run -d -it -p 8000:8000 -e MYSQL_USER=root -e MYSQL_ADDR=rm-bp1y5jh712124eh9clo.mysql.rds.aliyuncs.com:3306 -e MYSQL_PASSWORD=1qaz@WSX -e MYSQL_DB=sqlcheck yearning e84f849d7742545b2af488e84aac5092f9ebb44e2d14fa1f2c7b4bf4285474df [root@iZ1la3d1xbmukrZ Yearning-go]# docker ps -l CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e84f849d7742 yearning "/opt/Yearning -m -s" 5 seconds ago Up 3 seconds 0.0.0.0:8000->8000/tcp affectionate_jepsen [root@iZ1la3d1xbmukrZ Yearning-go]# lsof -i:8000 -bash: lsof: command not found [root@iZ1la3d1xbmukrZ Yearning-go]# netstat -nltp |grep 8000 tcp6 0 0 :::8000 :::* LISTEN 30400/docker-proxy [root@iZ1la3d1xbmukrZ Yearning-go]#
docker-compose安裝
version: '3' services: yearning: image: yearning depends_on: - mysql environment: MYSQL_USER: yearning MYSQL_PASSWORD: ukC2ZkcG_ZTeb MYSQL_ADDR: mysql MYSQL_DB: yearning ports: - 8000:8000 mysql: image: mysql:5.7 environment: MYSQL_ROOT_PASSWORD: ukC2ZkcG_ZTeb MYSQL_DATABASE: yearning MYSQL_USER: yearning MYSQL_PASSWORD: ukC2ZkcG_ZTeb command: - --character-set-server=utf8mb4 - --collation-server=utf8mb4_unicode_ci
注意:雖然我的第一個應用依賴mysql,但是第一次的時候,還是會顯示連不上,需要再執行一次docker-compose up -d 這個時候就會初始化數據庫了。