- 概述
mongodb分為社區版和企業版,只有企業版才有審計功能。
- 下載和安裝
mongodb的企業版下載鏈接:https://www.mongodb.com/try/download/enterprise
安裝mongodb的rpm包時會提示缺少依賴包,可通過yum的方式安裝所需的依賴包
yum install net-snmp cyrus-sasl cyrus-sasl-plain cyrus-sasl-gssapi
rpm -ivh *.rpm
- 配置審計功能
安裝完成后默認的配置文件為/etc/mongod.conf
vi mongod.conf
……
auditLog:
destination: file
format: BSON
path: /var/lib/mongo/auditLog.bson
filter: '{ atype: "authenticate" }'
……
按照以上配置可打開mongod的登錄日志。
- 測試審計功能
mongodb安裝完成后,默認沒有開啟認證,可使用--auth的方式開啟認證。
使用mongo命令可登錄mongodb的數據庫,進入數據庫后,可使用如下命令為數據庫添加test的賬號:
MongoDB Enterprise > use admin
switched to db admin
MongoDB Enterprise > db.createUser(
... {
... user:"test",
... pwd:"test1234",
... roles:[{role:"userAdminAnyDatabase",db:"admin"}]
... }
... )
Successfully added user: { "user" : "test", "roles" : [
{ "role" : "userAdminAnyDatabase", "db" : "admin" }
] }
MongoDB Enterprise > exit
bye
測試如下:
mongo -port 27017 -u "test" -p "test1234" --authenticationDatabase "admin"
退出登錄后,在/var/lib/mongo/auditLog.bson中會記錄本次登錄日志,該日志為bson格式,可使用mongodb提供的bsondump命令查看:
# ./bsondump /var/lib/mongo/auditLog.bson
{"atype":"authenticate","ts":{"$date":{"$numberLong":"1599459319718"}},"local":{"ip":"127.0.0.1","port":{"$numberInt":"27017"}},"remote":
{"ip":"127.0.0.1","port":{"$numberInt":"50458"}},"users":[{"user":"test","db":"admin"}],"roles":
[{"role":"userAdminAnyDatabase","db":"admin"}],"param":{"user":"test","db":"admin","mechanism":"SCRAM-SHA-256"},"result":{"$numberInt":"0"}}
2020-09-07T15:31:48.051+0800 1 objects found
如果需要記錄表的增刪改的操作可以參考如下配置:
--setParameter auditAuthorizationSuccess=true
--auditFilter '{ atype: "authCheck", "param.command": { $in: [ "insert", "delete", "update" ] } }'
涉及多個條件時可以參考如下配置:
--setParameter auditAuthorizationSuccess=true
--auditFilter '{ "$or": [
{ "atype": "authCheck", "param.command":{"$in": [ "insert", "delete", "update" ] } },
{ "atype": "authenticate" }
]}'
bsondump工具的下載鏈接:
https://www.mongodb.com/try/download/database-tools