Quick Start Guide for Database Audit
Quick Start Guide Document for Database Audit【6.0】
Section 1: Pre-Deployment Instructions
1、Noted: The configuration of the cloud database environment needs to be completed under the diversion of the agent. The overall deployment process takes about 1-2 days, and the product supports self-deletion and refund after used for three months.
2、Deployment modes for agents:
(1)、Client mode:
Cloud database/self-built database: The agent is deployed on the application server side (client-side) that accesses the database.
(2)、Server side mode: The agent is deployed on the underlying operating system of the database (server side), which will occupy the performance of the underlying host (CPU and memory threshold do not exceed 5% of the overall host, if it exceeds the threshold, it will automatically restart), and the business flow size and the performance of the underlying host must be evaluated before deployment.
Cloud database: The agent is deployed in the business backend.
Self-built database: Customers deploy the agents by themselves.
3、It is recommended that database audit, database, and application server be in the same intranet environment. External network access is not recommended (data forwarding is transmitted in plain text)
4、Pre-expiration cancellation and refund are not supported for database audit (deletion is supported after three months of use)
5、The default account password for Database Audit 6.0 various platforms: a password change is required for default first-time logins:
System administrator sysadmin/3edc$RFV
Security administrator secadmin/3edc$RFV
Audit administrator auditadmin/3edc$RFV
6、The external network firewall ports required to be opened for database auditing:
8443:For login verification code use of web page
443: https frontend access
22: Backend login - unnecessary to open, if not necessary
Section 2: Deployment of the Database Audit System
1. Purchasing the database audit system
Currently supported availability zones includes: commonly-used domestic areas; for deployments and online launches in special areas, please contact our tech support to apply!
Visit path: Product -> Safety Compliance -> Data Security Solutions
Click to purchase the database audit system and choose the corresponding setup, complete the payment and automatic creation (about 5 minutes)
Data Disk Size Estimation Reference: https://docs.ucloud.cn/udas/concepts/shujupan Elastic expansion is also supported synchronously.
2. Request and import authorization
The newly created database audit system by default does not contain license authorization and requires uploading a registration document, please contact our technical support or product manager to apply.
Open your browser, input https://EIP in the address bar, and log onto the system management platform to download the registration information file, then allocate the authorization to the applicant.
System management platform: sysadmin/3edc$RFV
3. Import authorization
Import the received authorization file. After you import it, you can see the number and expiry date of the database audit instances
4. Download and deploy agent (For deploying agent on UDB, please contact your business representative.
4.1、Download agent
System management platform - deployment mode, download the matching version of the agent, currently, we support both Linux and windows versions.
4.2 Deploy agent
Refer to the corresponding version of agent deployment documentation:
-
《Linux_agent deployment guide-V6.0》
-
《windows_agent deployment guide-V6.0》
5. Configure audit rules and audit objects
Open the browser, input https://EIP in the address bar, input rule username/password on the login page popped up. After you have entered: Security Administrator secadmin/3edc$RFV, navigate to the Security Management platform.
Click 'Protect Objects', then click 'Add', input the relevant information of the database server that needs to be audited. After you finish typing, click save, as shown in the figure below:
Note: Full-scale audit of operation logs, the audit policy will trigger corresponding risk alerts
6. View audit results
On the current security management platform, select the Query module, choose corresponding query conditions (default no selection is for select all), then click query.
Query audit log
Audit results display