数据库SQL审核-archery-v1.10.0-docker部署安装
推荐使用docker或k8s跑archery,手工部署环境和各类插件有点繁琐
安装docker
1.安装依赖包
yum install -y yum-utils device-mapper-persistent-data lvm2
2.添加阿里镜像仓库
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3.安装docker
yum -y install docker-ce
安装docker compose
curl -L "https://github.com/docker/compose/releases/download/1.24.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
下载Releases文件(https://github.com/hhyo/archery/releases/),解压后进入docker-compose文件夹
修改各类配置文件
路径:src/docker-compose/archery/settings.py
DEBUG = False
# 设置ALLOWED_HOSTS,建议限制内网访问
ALLOWED_HOSTS = [
'*'
]
# 请求大小限制,如果提交SQL语句过大可以修改该值
DATA_UPLOAD_MAX_MEMORY_SIZE = 15728640
# 密码校验,用户注册和添加密码校验规则
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
'OPTIONS': {
'min_length': 9,
}
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'archery', # 数据库名称
'USER': 'archery', # 数据库用户
'PASSWORD': '1234567', # 数据库密码
'HOST': '10.127.137.97', # 数据库HOST,如果是docker启动并且关联,可以使用容器名连接
'PORT': '3306', # 数据库端口
'OPTIONS': {
'init_command': "SET sql_mode='STRICT_TRANS_TABLES'", # SQL_MODE,为了兼容select * group by,可以按需调整
'charset': 'utf8mb4'
},
'TEST': {
'NAME': 'test_archery',
'CHARSET': 'utf8mb4',
},
}
}
Q_CLUSTER = {
'name': 'archery',
'workers': 4,
'recycle': 500,
'timeout': 60,
'compress': True,
'cpu_affinity': 1,
'save_limit': 0,
'queue_limit': 50,
'label': 'Django Q',
'django_redis': 'default',
'sync': False # 本地调试可以修改为True,使用同步模式
}
CACHES = {
"default": {
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": "redis://10.127.137.94:6379/5", # redis://host:port/db
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
"PASSWORD": "M!Df^1X2121"
}
}
}
修改docker-compose.yml
路径:src/docker-compose/docker-compose.yml
redis与mysql为独立部署
version: '3'
services:
goinception:
image: hanchuanchuan/goinception
container_name: goinception
restart: always
ports:
- "4000:4000"
volumes:
- "./inception/config.toml:/etc/config.toml"
archery:
image: hhyo/archery:v1.10.0
container_name: archery
restart: always
ports:
- "9123:9123"
volumes:
- "./archery/settings.py:/opt/archery/local_settings.py"
- "./archery/soar.yaml:/etc/soar.yaml"
- "./archery/docs.md:/opt/archery/docs/docs.md"
- "./archery/downloads:/opt/archery/downloads"
- "./archery/sql/migrations:/opt/archery/sql/migrations"
- "./archery/logs:/opt/archery/logs"
- "./archery/keys:/opt/archery/keys"
entrypoint: "dockerize -wait tcp://xxxx:3306 -wait tcp://xxxx:6379 -timeout 60s /opt/archery/src/docker/startup.sh"
env_file:
- .env
修改config.toml
路径:src/docker-compose/inception/config.toml
调整数据库连接信息
backup_host = "10.127.127.97"
backup_port = 3306
backup_user = "xx"
backup_password = "xxxx"
启动
docker-compose -f docker-compose.yml up -d
表结构初始化
docker exec -ti archery /bin/bash
cd /opt/archery
source /opt/venv4archery/bin/activate
python3 manage.py makemigrations sql
python3 manage.py migrate
数据初始化
python3 manage.py dbshell<sql/fixtures/auth_group.sql
python3 manage.py dbshell<src/init_sql/mysql_slow_query_review.sql
创建管理用户
python3 manage.py createsuperuser
退出容器
exit
日志查看和问题排查
docker logs archery -f --tail=50
访问地址:
http://xx.xx.xx.xx:9123
审计oracle数据库SQL发生各种报错:替换容器里/opt/archery/sql/engines/oracle.py文件,重新打包镜像,启动即可。
文件链接:https://pan.baidu.com/s/1000aLwbuYfAujIj1VXA6HQ?pwd=hl3y
提取码:hl3y
蛮好用的sql审核平台,点赞!!!
