Atlas作为SQL审计的安装部署

安装依赖包

?

yum install -y libevent-devel libffi-devel lua-devel openssl-devel flex    yum install -y mysql-devel     yum install -y gcc glibc-develglib2-devel     yum install -y xz gettext-devel

源码安装glib

?

wget http://ftp.acc.umu.se/pub/gnome/sources/glib/2.33/glib-2.33.6.tar.xz               xz -d glib-2.33.6.tar.xz      tar xvf glib-2.33.6.tar     cd glib-2.32.4       ./configure     make     make install

源码安装Atlas

?

wget https://codeload.github.com/Qihoo360/Atlas/zip/master   tar xvf Atlas-2.2.1.tar.gz   cd Atlas-2.2.1

导出SQL日志增加user字段功能，修改源码

修改文件 Atlas-2.2.1\plugins\proxy\proxy-plugin.c

修改方法 1734行

?

if (inj->qstat.query_status == MYSQLD_PACKET_OK) {     g_string_append_printf(message, "%s OK %.3f \"%s\"\n", con->server->dst->name->str, latency_ms, inj->query->str+1); } else {     g_string_append_printf(message, "%s ERR %.3f \"%s\"\n", con->server->dst->name->str, latency_ms, inj->query->str+1); }

修改为

?

if (inj->qstat.query_status == MYSQLD_PACKET_OK) {     g_string_append_printf(message, "%s %s OK %.3f \"%s\"\n", con->server->dst->name->str, con->server->response->username->str, latency_ms, inj->query->str+1); } else {     g_string_append_printf(message, "%s %s ERR %.3f \"%s\"\n", con->server->dst->name->str, con->server->response->username->str, latency_ms, inj->query->str+1); }

编译安装

?

./configure --prefix=/usr/local/mysql-proxy CFLAGS="-DHAVE_LUA_H -O2" LDFLAGS="-lm -ldl -lcrypto" LUA_CFLAGS="-I/usr/local/include" LUA_LIBS="-L/usr/local/lib -llua" GLIB_CFLAGS="-I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include/glib-2.0/glib/" GLIB_LIBS="-L/usr/local/lib -lglib-2.0" GMODULE_CFLAGS="-I/usr/local/include" GMODULE_LIBS="-L/usr/local/lib -lgmodule-2.0" GTHREAD_CFLAGS="-I/usr/local/include" GTHREAD_LIBS="-L/usr/local/lib -lgthread-2.0" make make install

创建配置文件/usr/local/mysql-proxy/conf/tzg.cnf

?

#Atlas后端连接的MySQL主库的IP和端口，可设置多项，用逗号分隔 proxy-backend-addresses = 10.117.181.217:3306, #用户名与其对应的加密过的MySQL密码，密码使用PREFIX/bin目录下的加密程序encrypt加密，下行的user1和user2为示例，将其替换为你的MySQL的用户名和加密密码！ Pwds = dcmaster:MFdWcUguvHEa8s/oWZlMvQ==,chq:GkOVzUtCc+ca8s/oWZlMvQ==,yyh:xgzVgfC3LYka8s/oWZlMvQ==,gyw:hwvTXF74Lmsa8s/oWZlMvQ==,zwj:QqUvhVfKAbwa8s/oWZlMvQ==,chs:oyLSVUFAv58a8s/oWZlMvQ== #设置Atlas的运行方式，设为true时为守护进程方式，设为false时为前台方式，一般开发调试时设为false，线上运行时设为true,true后面不能有空格。 daemon = true #设置Atlas的运行方式，设为true时Atlas会启动两个进程，一个为monitor，一个为worker，monitor在worker意外退出后会自动将其重启，设为false时只有worker，没有monitor，一般开发调试时设为false，线上运行时设为true,true后面不能有空格。 keepalive = true #日志存放的路径 log-path = /usr/local/mysql-proxy/log #实例名称，用于同一台机器上多个Atlas实例间的区分 instance = tzg #Atlas监听的工作接口IP和端口 proxy-address = 0.0.0.0:1234 #Atlas监听的管理接口IP和端口 admin-address = 0.0.0.0:2345

启动 将atlas设置成服务，并实现开机自动启动 在/etc/rc.d/init.d目录下创建atlas文件 文件内容

?

#!/bin/sh #chkconfig: 2345 80 90 instancename=tzg case "$1" in     "start")         /usr/local/mysql-proxy/bin/mysql-proxyd $instancename start         ;;     "stop")         /usr/local/mysql-proxy/bin/mysql-proxyd $instancename stop        ;;     "restart")         /usr/local/mysql-proxy/bin/mysql-proxyd $instancename restart       ;;     "status")         /usr/local/mysql-proxy/bin/mysql-proxyd $instance_name status        ;;     *)   echo "Usage: service atlas start/stop/restart/status "        ;;   esac

启动

?

chmod +x /etc/rc.d/init.d/atlas      chkconfig --add atlas   chkconfig atlas on

使用命令如下

service atlas start
service atlas stop
service atlas status
service atlas restart

如果需要连接多个mysql库，则需要创建多个配置文件，并启多个Atlas进程，注意修改工作和监听端口

关于sql日志中同时获得sql返回值的功能，后续继续添加