- 概述
mongodb分为社区版和企业版,只有企业版才有审计功能。
- 下载和安装
mongodb的企业版下载链接:https://www.mongodb.com/try/download/enterprise
安装mongodb的rpm包时会提示缺少依赖包,可通过yum的方式安装所需的依赖包
yum install net-snmp cyrus-sasl cyrus-sasl-plain cyrus-sasl-gssapirpm -ivh *.rpm
- 配置审计功能
安装完成后默认的配置文件为/etc/mongod.conf
vi mongod.conf……auditLog:destination: fileformat: BSONpath: /var/lib/mongo/auditLog.bsonfilter: '{ atype: "authenticate" }'……
按照以上配置可打开mongod的登录日志。
- 测试审计功能
mongodb安装完成后,默认没有开启认证,可使用--auth的方式开启认证。
使用mongo命令可登录mongodb的数据库,进入数据库后,可使用如下命令为数据库添加test的账号:
MongoDB Enterprise > use adminswitched to db adminMongoDB Enterprise > db.createUser(... {... user:"test",... pwd:"test1234",... roles:[{role:"userAdminAnyDatabase",db:"admin"}]... }... )Successfully added user: { "user" : "test", "roles" : [{ "role" : "userAdminAnyDatabase", "db" : "admin" }] }MongoDB Enterprise > exitbye
测试如下:mongo -port 27017 -u "test" -p "test1234" --authenticationDatabase "admin"
退出登录后,在/var/lib/mongo/auditLog.bson中会记录本次登录日志,该日志为bson格式,可使用mongodb提供的bsondump命令查看:
# ./bsondump /var/lib/mongo/auditLog.bson{"atype":"authenticate","ts":{"$date":{"$numberLong":"1599459319718"}},"local":{"ip":"127.0.0.1","port":{"$numberInt":"27017"}},"remote":{"ip":"127.0.0.1","port":{"$numberInt":"50458"}},"users":[{"user":"test","db":"admin"}],"roles":[{"role":"userAdminAnyDatabase","db":"admin"}],"param":{"user":"test","db":"admin","mechanism":"SCRAM-SHA-256"},"result":{"$numberInt":"0"}}2020-09-07T15:31:48.051+0800 1 objects found
如果需要记录表的增删改的操作可以参考如下配置:
--setParameter auditAuthorizationSuccess=true--auditFilter '{ atype: "authCheck", "param.command": { $in: [ "insert", "delete", "update" ] } }'
涉及多个条件时可以参考如下配置:
--setParameter auditAuthorizationSuccess=true--auditFilter '{ "$or": [{ "atype": "authCheck", "param.command":{"$in": [ "insert", "delete", "update" ] } },{ "atype": "authenticate" }]}'
bsondump工具的下载链接:
https://www.mongodb.com/try/download/database-tools