Easy Command Line Interface
Command Line Interface (CLI) of the DataSunrise Database Security Suite is a handy tool for managing security rules when you get to know it better.

Launching CLI

CLI is located in ‘cmdline’ subfolder inside the DataSunrise setup folder. Launch it using your command prompt of your operating system by going to the directory of an executable file: C:\Program Files\DataSunrise\cmdline>executecommand.bat For Linux it is executecommand.sh.

After launching you will see the list of available commands. To view help on a certain command use -h, –h, -help attributes. If you enter the command with missing parameters the help prompt will be displayed as well.

How it works

Below you can see the example of the standard scenario of configuring security, audit, masking and learning rules on DataSunrise, starting with connecting to the host, configuring audit storage, adding a new database and finishing with creation of a new rule. As a result, DataSunrise will be configured to audit queries containing the ‘test’ keyword in the statement of queries coming from the user_1 who operates from a local computer.

  1. At first we need to connect to the system and authorize in it. Note that session is active during 10 minutes since the last action:
>executecommand.bat connect -host 127.0.0.1 -port 11000 -login admin -password 123123 -protocol https
  1. Let’s change the data storage location from SQLite database to PostgreSQL. It is necessary if you expect a large amount of traffic transferred to audit storage.
>executecommand.bat changeStorage -dbType postgresql -host 192.168.1.123 -database postgres -password 54321 -login user_1 -port 5433
  1. Register the database that is required to be monitored. We will use a MySQL database that is located at 192.168.1.71:3305. We need to open a proxy on a local interface port so that the database clients will be able to connect to 127.0.0.1:1025 like to the real database server.
>executecommand.bat addInstancePlus -dbHost 192.168.1.71 -dbPort 3305 -proxyHost 127.0.0.1 -proxyPort 1025 -dbType mysql -database testDB -password 1234 -login root -name test
  1. We need to create several auxiliary objects that will help to filter according to a specified IP address and user name:
>executecommand.bat addAddress -startIPv4 127.0.0.1 -name testhost -endIPv4 127.0.0.254 >executecommand.bat addDbUser -name user_1