Easy Command Line Interface
Command Line Interface (CLI) of the DataSunrise Database Security Suite is a handy tool for managing security rules when you get to know it better.
CLI is located in ‘cmdline’ subfolder inside the DataSunrise setup folder. Launch it using your command prompt of your operating system by going to the directory of an executable file:
For Linux it is executecommand.sh.
After launching you will see the list of available commands. To view help on a certain command use -h, –h, -help attributes. If you enter the command with missing parameters the help prompt will be displayed as well.
How it works
Below you can see the example of the standard scenario of configuring security, audit, masking and learning rules on DataSunrise, starting with connecting to the host, configuring audit storage, adding a new database and finishing with creation of a new rule. As a result, DataSunrise will be configured to audit queries containing the ‘test’ keyword in the statement of queries coming from the user_1 who operates from a local computer.
- At first we need to connect to the system and authorize in it. Note that session is active during 10 minutes since the last action:
>executecommand.bat connect -host 127.0.0.1 -port 11000 -login admin -password 123123 -protocol https
- Let’s change the data storage location from SQLite database to PostgreSQL. It is necessary if you expect a large amount of traffic transferred to audit storage.
>executecommand.bat changeStorage -dbType postgresql -host 192.168.1.123 -database postgres -password 54321 -login user_1 -port 5433
- Register the database that is required to be monitored. We will use a MySQL database that is located at 192.168.1.71:3305. We need to open a proxy on a local interface port so that the database clients will be able to connect to 127.0.0.1:1025 like to the real database server.
>executecommand.bat addInstancePlus -dbHost 192.168.1.71 -dbPort 3305 -proxyHost 127.0.0.1 -proxyPort 1025 -dbType mysql -database testDB -password 1234 -login root -name test
- We need to create several auxiliary objects that will help to filter according to a specified IP address and user name:
>executecommand.bat addAddress -startIPv4 127.0.0.1 -name testhost -endIPv4 127.0.0.254
>executecommand.bat addDbUser -name user_1 -dbType mysql -instance test
- In order to filter queries by the keyword in the statement we need to create a group of queries. To this group of queries we will add an SQL query that is required to be logged. A group can contain many SQL queries specified as regular expressions or as a full text of an SQL query.
>executecommand.bat addQueryGroup -name test_sql_gr
>executecommand.bat addQueryOfGroup -name test_sql_gr -sql ".*test.*" -regExp true
- Sometimes it is necessary to restrict the active period of a rule. In that cases you can use schedules. To create a schedule use the addSchedule command:
>executecommand.bat addSchedule -name test_schedule -intervals mo08:00:00-18:00:00;tu08:00:00-18:00:00;we08:00:00-18:00:00;th08:00:00-18:00:00;fr08:00:00-18:00:00
- Using all the objects specified above we will create an audit rule:
>executecommand.bat addRule -name "TestRule" -dbType mysql -instance test -action audit -addUsers user_1 -addHosts testhost -intercSqlGr test_sql_gr -filterType group -schedule test_schedule -logData true -logInStorage true
DataSunrise supports all major databases and data warehouses such as Oracle, PostgreSQL, IBM DB2, IBM Netezza, MySQL, MariaDB, Greenplum, Amazon Aurora, Amazon Redshift, Microsoft SQL Server, Azure SQL, Teradata and more. You are welcome to download a free trial if would like to install on your premises. In case you are a cloud user and run your database on Amazon AWS or Microsoft Azure you can get it from AWS market place or Azure market place.