CN114265843A - Data table auditing method - Google Patents
Data table auditing method Download PDFInfo
- Publication number
- CN114265843A CN114265843A CN202111567926.5A CN202111567926A CN114265843A CN 114265843 A CN114265843 A CN 114265843A CN 202111567926 A CN202111567926 A CN 202111567926A CN 114265843 A CN114265843 A CN 114265843A
- Authority
- CN
- China
- Prior art keywords
- audit
- data table
- list
- data
- specific
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a data table auditing method, which comprises the steps of dynamically loading a data table security auditing module into a database system in an extension plug-in mode, starting auditing on an important data table according to log parameters configured by an administrator, and storing a log except operation records aiming at the data of the important data table into a specific auditing table according to a function; the specific audit table contains an audit state information list, records data table names, parameter lists and audit state information of all specific important data tables; this particular audit table is only consulted by the administrator. The invention can maintain the safety of the specific important data table in the database, can help the administrator to perform small-range data rollback, avoids the need of rollback the whole database content due to misoperation of a user, enables the administrator to place the safety maintenance center of the data table in the specific important data table, and does not need to perform detailed audit on all the data tables, thereby avoiding the waste of storage space and operation resources, and better performing safety maintenance on the database system.
Description
Technical Field
The invention belongs to the technical field of data auditing, and particularly relates to a data table auditing method of a database system.
Background
A database is a computer software system that organizes, stores, and manages a large amount of data according to a data structure. With the rapid development of internet technology, a large amount of data is generated along with the use of daily networks, and as databases enable more efficient organization of data, more efficient maintenance of data, more strict protection of data, and more reasonable utilization of data, government offices, enterprise companies, personal organizations, etc. increasingly frequently use databases, the development of database technology is receiving more attention.
The open source database is a database in which source codes are released together with application programs, and compared with the closed source database, due to the open source characteristic, developers can comprehensively know the mode of realizing functions of the database. Moreover, most source databases provide APIs and instruction manuals for developers, so that the developers can add or change custom functions for the databases according to the design of the database system, and the databases can adapt to the self service development requirements. The PostgreSQL is used as an open-source object-relational database management system, supports a large number of mainstream development languages such as C, C + +, Java and the like, provides rich interfaces for developers, and supports the developers to write custom functions and triggers to enhance or modify database functions. The PostgreSQL adopts the form of extension plug-ins to dynamically load the custom function written by a developer into the database system, and the plug-ins and the database source code are independent and do not interfere with each other, so that the developer and a user can clearly determine the function change brought by the plug-ins to the database system, and can quickly locate error codes and install and uninstall functional module plug-ins.
The data table is a carrier for specifically storing data in the database, and is an important part in the security maintenance of the database, however, the open source database system generally only pays attention to the operation management and behavior log record of the user, but often ignores the audit of the data table, for a specific data table, due to the particularity and importance of the specific data table, separate audit detection needs to be performed, and in order to distinguish from the operation log records of other data tables, the audit log of the specific data table needs to be separately stored in another form. Also, some user database operations, while not malicious, may still be misbehaving. For example, a medical database may store a series of information such as the patient visit time, the diagnosis result, and the medical prescription, and an operator such as a doctor may perform a misoperation action to cause the relevant data table to be incorrectly entered or modified.
Disclosure of Invention
The invention aims to provide a data sheet auditing method aiming at the defects of the prior art.
The invention specifically comprises the following steps: dynamically loading a data table security audit module into a PostgreSQL database system in an extension plug-in mode, starting audit on an important data table according to log parameters configured by an administrator, and recording logs for any operations of adding, modifying and deleting data of the important data table according to a function and storing the logs into a specific audit table; the specific audit table contains an audit state information list, records data table names, parameter lists and audit state information of all specific important data tables; this particular audit table is only consulted by the administrator.
Preferably, the log parameters include a serial number seqID of the current operation, a timestamp tsTransaction of a transaction occurrence, a specific operation occurrence timestamp tsOperation, an operation command action, a schema name schema, a specific important data table name table to be audited, and a session user name user for executing the current operation.
Preferably, the function includes a start function, a stop function, a pause function, a restart function, and a status function.
The start function functions as follows: judging whether the data table exists in an audit state information list or not by introducing a data table name of a specific important data table and a parameter list of the data table, if the data table is in an audit pause state, judging whether log parameter configuration in the parameter list of the data table is the same as log parameter setting configured before in the information parameter list of the specific audit table corresponding to the data table, if so, calling a restart function to restart the audit on the data table, otherwise, unloading an original trigger and an original trigger function of the data table, renaming the original audit table after adding a time stamp, and starting new audit according to the introduced data table name; if the data table is not audited, directly creating a new specific audit table and starting new audit according to the name of the incoming data table; when starting new audit, obtaining log parameter configuration of a data table executed with operation, creating a new trigger function and a new trigger for the data table according to a parameter list of the data table, performing addition, modification and deletion operation on the data table, extracting key information according to the log parameter configuration, performing log recording, and storing a data table name and the parameter list of the data table in an audit state information list.
The stop function functions as follows: and inquiring an audit state information list by transmitting a data list name of a specific important data list, unloading a trigger and a trigger function on the data list if the specific important data list is in an audit stop state, renaming the original audit list after adding a timestamp, and deleting related information of the data list in the audit state information list.
The pause function functions as follows: and inquiring an audit state information list by introducing a data table name of a specific important data table, if the data table is in an audit state, suspending the audit aiming at the data table, closing a trigger of the data table, and updating the audit state information list.
The restart function functions as follows: inquiring an audit state information list by introducing a data list name of a specific important data list, restarting the audit of the data list if the data list is in an audit suspension state, starting a data list trigger, capturing all operations executed on the data list by the trigger at the moment, recording logs in a log parameter configuration format, and updating the audit state information list; if the data table does not exist in the audit state information list, adopting default configuration to start the safety audit of the data table; the default configuration is a specific important data table name table which is audited, an operation command action and a session user name user parameter for executing the current operation.
The status function functions as follows: if the parameter list transmitted into the specific important data table is empty, all information in the audit state information list is printed, otherwise, corresponding information in the audit state information list is printed according to the parameter list transmitted into the specific important data table.
Preferably, the audit status information list records the following information parameters: specific important data table name table, log parameter information paramList, audit status and whether trigger turns on triggerEnabled.
More preferably, the audit status is divided into pause and audit.
The invention has the following beneficial effects:
the invention can start audit on the specific important data table according to the log parameters configured by the administrator by setting the data table security audit module aiming at the data table, and any addition, modification and deletion operation aiming at the data of the specific important data table can be recorded in the log and stored in the specific audit table which can be only consulted by the administrator, thereby not only maintaining the security of the specific important data table in the database, but also helping the administrator to carry out small-range data rollback, thereby avoiding the need of rollback the whole database content due to a small operation error of a user, and enabling the administrator to place the security maintenance center of the data table in the specific important data table without carrying out detailed audit on all the data tables, thereby avoiding the waste of unnecessary storage space, operation resources and the like. Therefore, the invention can better perform safe maintenance on the database system.
Drawings
FIG. 1 is a flow chart of the start function in the present invention.
Detailed Description
The invention will be further described with reference to the accompanying drawings.
In order to maintain the security of a specific important data table in a database system, the invention provides a data table auditing method, wherein a data table security auditing module is dynamically loaded into a PostgreSQL database system in an extension plug-in mode, auditing is started for the specific important data table according to log parameters configured by an administrator, any addition, modification and deletion operations aiming at the data of the specific important data table are recorded in a log and stored in a specific auditing table, and the specific auditing table can be consulted by the administrator only. Because the specific data content of addition, modification and deletion can be recorded in the log, when a user has improper operation to modify part of data in error, the administrator can be requested to refer to the audit log, and thus the original correct data can be obtained. The spreadsheet Security Audit Module (tableAudit) is written using the PL/pgSQL language. The plug-in not only can maintain the database security, but also can help an administrator to perform small-range data rollback, so that the situation that the whole database content needs to be rolled back due to one small misoperation of a user is avoided.
Description of Log parameters
The administrator can configure the parameter information to be recorded in the auditing of the specific important data table, and the log parameters in the data table security auditing module are shown in table 1.
TABLE 1 data sheet Log parameters for Security Audit Module
seqID is the sequence number parameter of the current operation. tsTransaction is a timestamp parameter of occurrence of a transaction, a user records the transaction commit time of a table operation, and in the same transaction, the update of a data entry will have the same tsTransaction and is configured to be opened by default. tsOperation is a specific operation occurrence timestamp, and in the same transaction, the update of the data entry will have a different tsOperation, which is configured to close by default. action is an operation command parameter, records whether the executed operation command belongs to INSERT (addition), UPDATE (modification) or DELETE (deletion), and is configured to be opened by default. The schema is a mode name parameter, and different schemas can have data tables with the same name, so that the schema name of the audited form can be recorded to determine the audited specific important data table, the audit logs are not confused, and the default configuration is closed. the table records the name of the specific important data table which is audited, and the default configuration is opened. And recording the name of the session user executing the current operation by the user, confirming the personnel operating the audited specific important data table, and setting the name as the default to be started.
Description of functional function
The data table security audit module is mainly realized by the following five function functions, records the operation of all users on the specific important data table, records the operation into the specific audit table according to the log parameter format configured by an administrator, and creates an information list to record the audit state of each specific important data table. The functional division of the data table security audit module is shown in table 2.
TABLE 2 functional partitioning of database Security Audit Module
1) start function
Judging whether the data table exists in an audit state information list or not by introducing a data table name of a specific important data table and a parameter list of the data table, if the data table is in an audit pause state (used but still exists in the audit state information list), judging whether log parameter configuration in the parameter list of the data table is the same as log parameter setting configured before in the information parameter list of the specific audit table corresponding to the data table or not, if so, calling a restart function to restart the audit on the data table, otherwise, unloading an original trigger and an original trigger function of the data table, renaming the original audit table after adding a time stamp, and starting new audit according to the introduced data table name; if the data table is not audited (not in an audit pause state), directly creating a new specific audit table and starting new audit according to the name of the incoming data table; when starting new audit, obtaining log parameter configuration of a data table executed with operation, creating a new trigger function and a new trigger for the data table according to a parameter list of the data table, performing addition, modification and deletion operation on the data table, extracting key information according to the log parameter configuration, performing log recording, and storing a data table name and the parameter list of the data table in an audit state information list. The flow of audit opening to the data table is shown in figure 1.
2) stop function
And inquiring an audit state information list by transmitting a data list name of a specific important data list, unloading a trigger and a trigger function on the data list if the specific important data list is in an audit stop state, renaming the original audit list after adding a timestamp, and deleting related information of the data list in the audit state information list. At this time, the operation of the user on the data table is not audited any more, and the calling of the restart function cannot recover the security maintenance on the data table, but the administrator user can know the user operation behavior by referring to the audit table after the timestamp is added.
3) pause function
The method comprises the steps of inquiring an audit state information list by introducing a data table name of a specific important data table, suspending audit aiming at the data table if the data table is in an audit state, closing a trigger of the data table, and updating the audit state information list, so that a user can not be logged when operating the data table at the moment.
4) restart function
Inquiring an audit state information list by introducing a data list name of a specific important data list, restarting the audit of the data list if the data list is in an audit suspension state, starting a data list trigger, capturing the operation executed by a database user on the data list by the trigger, recording logs in a log parameter configuration format, and updating the audit state information list; if the data table does not exist in the audit state information list, adopting default configuration to start the safety audit of the data table; the default configuration is a specific important data table name table which is audited, an operation command action and a session user name user parameter for executing the current operation.
5) status function
If the parameter list transmitted into the specific important data table is empty, all information in the audit state information list is printed, otherwise, corresponding information in the audit state information list is printed according to the parameter list transmitted into the specific important data table. The parameters in the audit status information list are shown in table 3.
TABLE 3 Audit status information List parameters
The invention is described in detail in the following:
the invention restarts the database after configuration is completed in a shared preloading library (sharedpreloadlibraries) of the PostgreSQL database. After logging in a PostgreSQL database by using an administrator user, calling a createextension command to dynamically load a tableAudit plug-in of a data table security audit module into the database.
The invention calls functions such as start and the like to start the safety examination of the specific data table, and the generated audit table can only be checked or modified by the administrator user at the moment. Common users do not have the browsing authority, the modification operation of the common users on the checked data table can be recorded in logs, and administrators can position the users who perform malicious operation or improper operation through the logs, so that the operation authority of the users is limited or other processing modes are adopted.
According to the invention, through the data table security audit module plug-in, an administrator can place the security maintenance gravity center of the data table in a specific important data table without performing detailed audit on all the data tables, thereby avoiding unnecessary storage space waste, operation resources and the like, and better performing security maintenance on the database system.
Claims (5)
1. A data sheet auditing method is characterized in that: dynamically loading a data table security audit module into a PostgreSQL database system in an extension plug-in mode, starting audit on an important data table according to log parameters configured by an administrator, and recording logs for any operations of adding, modifying and deleting data of the important data table according to a function and storing the logs into a specific audit table; the specific audit table contains an audit state information list, records data table names, parameter lists and audit state information of all specific important data tables; this particular audit table is only consulted by the administrator.
2. A spreadsheet audit method according to claim 1 wherein: the log parameters comprise a serial number seqID of the current operation, a timestamp tsTransaction of transaction occurrence, a specific operation occurrence timestamp tsOperation, an operation command action, a mode name schema, an audited specific important data table name table and a session user name user for executing the current operation.
3. A spreadsheet audit method according to claim 1 wherein: the function comprises a start function, a stop function, a pause function, a restart function and a status function;
the start function functions as follows: judging whether the data table exists in an audit state information list or not by introducing a data table name of a specific important data table and a parameter list of the data table, if the data table is in an audit pause state, judging whether log parameter configuration in the parameter list of the data table is the same as log parameter setting configured before in the information parameter list of the specific audit table corresponding to the data table, if so, calling a restart function to restart the audit on the data table, otherwise, unloading an original trigger and an original trigger function of the data table, renaming the original audit table after adding a time stamp, and starting new audit according to the introduced data table name; if the data table is not audited, directly creating a new specific audit table and starting new audit according to the name of the incoming data table; when starting new audit, obtaining log parameter configuration of a data table of executed operation, creating a new trigger function and a new trigger for the data table according to a parameter list of the data table, performing addition, modification and deletion operation on the data table, extracting key information according to the log parameter configuration, performing log recording, and storing a data table name and the parameter list of the data table in an audit state information list;
the stop function functions as follows: inquiring an audit state information list by transmitting a data list name of a specific important data list, unloading a trigger and a trigger function on the data list if the specific important data list is in an audit stop state, renaming an original audit list after adding a timestamp, and deleting related information of the data list in the audit state information list;
the pause function functions as follows: inquiring an audit state information list by transmitting a data list name of a specific important data list, suspending the audit aiming at the data list if the data list is in an audit state, closing a trigger of the data list, and updating the audit state information list;
the restart function functions as follows: inquiring an audit state information list by introducing a data list name of a specific important data list, restarting the audit of the data list if the data list is in an audit suspension state, starting a data list trigger, capturing all operations executed on the data list by the trigger at the moment, recording logs in a log parameter configuration format, and updating the audit state information list; if the data table does not exist in the audit state information list, adopting default configuration to start the safety audit of the data table; the default configuration is a name table of an audited specific important data table, an operation command action and a session user name user parameter for executing the current operation;
the status function functions as follows: if the parameter list transmitted into the specific important data table is empty, all information in the audit state information list is printed, otherwise, corresponding information in the audit state information list is printed according to the parameter list transmitted into the specific important data table.
4. A spreadsheet audit method according to claim 1 wherein: the audit state information list records the following information parameters: specific important data table name table, log parameter information paramList, audit status and whether trigger turns on triggerEnabled.
5. A spreadsheet audit method according to claim 4 wherein: the audit state status is divided into pause and audit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111567926.5A CN114265843A (en) | 2021-12-21 | 2021-12-21 | Data table auditing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111567926.5A CN114265843A (en) | 2021-12-21 | 2021-12-21 | Data table auditing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114265843A true CN114265843A (en) | 2022-04-01 |
Family
ID=80828434
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111567926.5A Pending CN114265843A (en) | 2021-12-21 | 2021-12-21 | Data table auditing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114265843A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103336820A (en) * | 2013-07-01 | 2013-10-02 | 广东科学技术职业学院 | Key data auditing method of information system |
| CN106845271A (en) * | 2017-01-18 | 2017-06-13 | 国网浙江省电力公司 | database security control system and method |
| CN107480166A (en) * | 2017-06-26 | 2017-12-15 | 杭州沃趣科技股份有限公司 | A kind of method of database data object audit |
-
2021
- 2021-12-21 CN CN202111567926.5A patent/CN114265843A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103336820A (en) * | 2013-07-01 | 2013-10-02 | 广东科学技术职业学院 | Key data auditing method of information system |
| CN106845271A (en) * | 2017-01-18 | 2017-06-13 | 国网浙江省电力公司 | database security control system and method |
| CN107480166A (en) * | 2017-06-26 | 2017-12-15 | 杭州沃趣科技股份有限公司 | A kind of method of database data object audit |
Non-Patent Citations (1)
| Title |
|---|
| 张哲: "面向开源数据库的安全与审计组件研究", 万方学位论文数据库, pages 1 - 89 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8244841B2 (en) | Method and system for implementing group policy operations | |
| Sun et al. | One-Way Isolation: An Effective Approach for Realizing Safe Execution Environments. | |
| US20120017280A1 (en) | APPARATUS AND METHOD FOR DETECTING, PRIORITIZING AND FIXING SECURITY DEFECTS AND COMPLIANCE VIOLATIONS IN SAP® ABAPtm CODE | |
| Artho et al. | Why do software packages conflict? | |
| CN102592092B (en) | Strategy adaptation system and method based on SELinux (Security-Enhanced Linux) security subsystem | |
| US20130339313A1 (en) | Guarded file descriptors | |
| CN110489310B (en) | Method and device for recording user operation, storage medium and computer equipment | |
| US8302087B2 (en) | Quality assurance in software systems through autonomic reliability, availability and serviceability code generation | |
| CN111400757B (en) | Method for preventing native code in android third-party library from revealing user privacy | |
| US7571434B1 (en) | Method and apparatus for transparent invocation of a characteristics extractor for pattern-based system design analysis | |
| US20030037320A1 (en) | Method and apparatus for determining class dependencies of objects and/or classes | |
| CN115391142A (en) | Database audit log generation method and system | |
| CN112380236A (en) | DB2/400 database access method, device and equipment | |
| CN115629992A (en) | Method for debugging application system constructed by using Spring technology stack | |
| CN114265843A (en) | Data table auditing method | |
| CN108228266A (en) | Start the method and apparatus of Fragment components under a kind of Android card cages between different plug-in units | |
| CN114491510A (en) | Database security audit management module | |
| US11093485B2 (en) | Branch-based recovery in a database system | |
| CN112783573A (en) | SELinux strategy configuration system and method for multiple user-defined services | |
| CA2501928C (en) | Method, system and software for journaling system objects | |
| KR20210078396A (en) | Compression method for behavior event on computer | |
| Thomas et al. | OCA/OCP: Oracle9i DBA Fundamentals I Study Guide: Exam 1Z0-031 | |
| Ehrbar et al. | Malware Hunting | |
| CN116578565A (en) | Service data management method and system | |
| CN116881222A (en) | Database management method and device, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |