CN115687484A - Database auditing method, apparatus, device, storage medium and program product - Google Patents
Database auditing method, apparatus, device, storage medium and program product Download PDFInfo
- Publication number
- CN115687484A CN115687484A CN202211403560.2A CN202211403560A CN115687484A CN 115687484 A CN115687484 A CN 115687484A CN 202211403560 A CN202211403560 A CN 202211403560A CN 115687484 A CN115687484 A CN 115687484A
- Authority
- CN
- China
- Prior art keywords
- database
- communication data
- interface function
- target communication
- auditing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The application relates to a database auditing method, device, computer equipment, storage medium and computer program product. The method comprises the following steps: establishing a dynamic library, and configuring an interface function for acquiring target communication data of the database for the dynamic library; when a communication program in the database is started, loading a dynamic library and calling an interface function to obtain target communication data based on the identification parameters of the target communication data; the target communication data are sent to the auditing service for auditing, and the method can quickly acquire the target communication data of the database through the identification parameters, so that the local auditing of the target communication data of the database is realized.
Description
Technical Field
The present application relates to the field of data auditing technologies, and in particular, to a database auditing method and apparatus, a computer device, a storage medium, and a computer program product.
Background
The communication mode between the system processes comprises network communication and non-network communication. The network traffic is generated by performing data interaction through network communication, and a commonly used operation method for auditing the network communication of the database is to capture network traffic data through network capture software and then process the data by an auditing service to acquire the operation on the database. The network packet capturing software is usually realized based on a libpcap library, and each database auditing manufacturer independently develops the network packet capturing software to realize auditing of database operation.
However, for a data interaction mode of non-network communication, network traffic cannot be generated, and the packet capturing tool cannot acquire communication data. If the communication data is not obtained, the data of the database tool accessing the database service cannot be obtained, and local audit of the database cannot be realized.
Disclosure of Invention
In view of the above, it is necessary to provide an auditing method, apparatus, computer device, computer-readable storage medium, and computer program product for a database, which can capture communication data of the database during non-network communication and audit the communication data.
In a first aspect, the present application provides a database auditing method, including:
establishing a dynamic library, and configuring an interface function for acquiring target communication data of the database for the dynamic library;
when a communication program in the database is started, loading the dynamic library and calling the target communication data acquired by the interface function based on the identification parameters of the target communication data;
and sending the target communication data to an auditing service for auditing.
In one embodiment, when the communication program in the database is started, loading the dynamic library and calling the interface function to acquire the target communication data based on the identification parameter of the target communication data includes:
and setting an LD _ PRELOAD environment variable in a server of the database, and preferentially loading the dynamic library based on the interface function when a communication program in the database is started.
In one embodiment, when the communication program in the database is started, before the loading the dynamic library and calling the interface function to acquire the target communication data based on the identification parameter of the target communication data, the method further includes:
when a communication program in the database is started, loading the dynamic library, and acquiring a real interface function address of the database based on the interface function;
acquiring a real interface function corresponding to the target communication data from a real interface function address of the database based on the process name when the communication program is started;
copying and writing the target communication data of the real interface function into a file based on the interface function, and recording the identification parameters corresponding to the real interface function;
calling the target communication data acquired by the interface function based on the identification parameters of the target communication data.
In one embodiment, acquiring, based on the process name when the communication program is started, a real interface function corresponding to the target communication data from a real interface function address of the database includes:
based on the process name when the communication program is started, acquiring an interactive program corresponding to the target communication data from a real interface function address of the database;
and acquiring the real interface function of the target communication data based on the interactive program.
In one embodiment, the obtaining the real interface function of the target communication data based on the interactive program includes:
and acquiring a real interface function corresponding to the target communication data through a function call stack based on the interactive program.
In one embodiment, sending the target communication data to an auditing service for auditing comprises:
and sending the target communication data to an auditing service for auditing based on a flow acquisition engine.
In a second aspect, the present application further provides an auditing apparatus for a database, the apparatus including:
the dynamic library configuration module is used for establishing a dynamic library and configuring an interface function for acquiring target communication data of the database for the dynamic library;
the dynamic library acquisition module is used for loading the dynamic library and calling the target communication data acquired by the interface function based on the identification parameters of the target communication data when a communication program in the database is started;
and the dynamic library auditing module is used for sending the target communication data to auditing service for auditing.
In a third aspect, the present application further provides a computer device, which includes a memory and a processor, where the memory stores a computer program, and the processor implements the content of the first aspect when executing the computer program.
In a fourth aspect, the present application also provides a computer-readable storage medium having a computer program stored thereon, which when executed by a processor implements the above-mentioned first aspect.
In a fifth aspect, the present application also provides a computer program product comprising a computer program which, when executed by a processor, implements the content of the first aspect as described above.
The auditing method, the auditing device, the computer equipment, the storage medium and the computer program product of the database are realized by establishing a dynamic library and configuring an interface function for acquiring target communication data of the database for the dynamic library; when a communication program in the database is started, loading a dynamic library and calling an interface function to obtain target communication data based on an identification parameter of the target communication data; and sending the target communication data to an auditing service for auditing, and quickly acquiring the target communication data of the database based on the identification parameters, thereby realizing the local auditing of the communication data of the database.
Drawings
FIG. 1 is a diagram of an application environment of a method for auditing a database in one embodiment;
FIG. 2 is a schematic flow diagram illustrating a method for auditing a database in one embodiment;
fig. 3 is a schematic flow chart illustrating the process of acquiring target communication data before S204 in one embodiment;
FIG. 4 is a flow diagram illustrating a method for auditing a DB2 database in an exemplary embodiment;
FIG. 5 is a block diagram of an audit device of the database in one embodiment;
FIG. 6 is a diagram illustrating an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of and not restrictive on the broad application.
Unless defined otherwise, technical or scientific terms used herein shall have the same general meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The use of the terms "a" and "an" and "the" and similar referents in the context of this application do not denote a limitation of quantity, either in the singular or the plural. The terms "comprises," "comprising," "has," "having," and any variations thereof, as referred to in this application, are intended to cover non-exclusive inclusions; for example, a process, method, and system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to the listed steps or modules, but may include other steps or modules (elements) not listed or inherent to such process, method, article, or apparatus. Reference in this application to "connected," "coupled," and the like is not intended to be limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. Reference to "a plurality" in this application means two or more. "and/or" describes the association relationship of the associated object, indicating that there may be three relationships, for example, "a and/or B" may indicate: a exists alone, A and B exist simultaneously, and B exists alone. In general, the character "/" indicates a relationship in which the objects associated before and after are an "or". The terms "first," "second," "third," and the like in this application are used for distinguishing between similar items and not necessarily for describing a particular sequential or chronological order.
The auditing method of the database provided by the embodiment of the application can be applied to the application environment shown in fig. 1. Where terminal 102 communicates with audit server 104 over a network. Data storage system 106 may store target communication data that audit server 104 needs to process. Data storage system 106 may be integrated on audit server 104 or may be placed on the cloud or other network server. The method comprises the steps of establishing a dynamic library on a terminal 102, configuring an interface function for obtaining target communication data of the database for the dynamic library, loading the dynamic library and calling the target communication data obtained by the interface function based on identification parameters of the target communication data when a communication program in the database is started, and finally sending the target communication data to an audit server 104 for auditing.
The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, internet of things devices and portable wearable devices, and the internet of things devices may be smart speakers, smart televisions, smart air conditioners, smart car-mounted devices, and the like. The portable wearable device can be a smart watch, a smart bracelet, a head-mounted device, and the like. Audit server 104 may be implemented as a stand-alone server or as a server cluster of multiple servers.
In one embodiment, as shown in fig. 2, there is provided an auditing method for a database, which is described by taking the method as an example of the application environment in fig. 1, and includes the following steps:
s202, establishing a dynamic library, and configuring an interface function for acquiring target communication data of the database for the dynamic library.
The definition of the interface function of the dynamic library configuration is the same as that of the real interface function of the database target communication data. The database may be a DB2 database and the target communication data is, for example, communication data responsible for IPC communication of the DB2 database.
And S204, when the communication program in the database is started, loading the dynamic library and calling the target communication data acquired by the interface function based on the identification parameters of the target communication data.
Illustratively, when a communication program of the database in the Linux system is started, the dynamic library is preferentially loaded, and the real interface function address of the database is obtained by calling the interface function of the dynamic library. And obtaining a real interface function of the target communication data according to the real interface function address, judging whether the identification parameter of the real interface function at the moment is the same as the identification parameter stored in the dynamic library, and copying and writing the corresponding target communication data into a file according to the identification parameter if the identification parameter of the real interface function at the moment is the same as the identification parameter stored in the dynamic library.
And S206, sending the target communication data to an auditing service for auditing.
Illustratively, the target communication data is sent to a traffic collection engine, and then the traffic collection engine forwards the target communication data to an auditing service for auditing.
In the auditing method of the database, a dynamic library is established, and an interface function for acquiring target communication data of the database is configured for the dynamic library; when a communication program in the database is started, loading a dynamic library and calling an interface function to obtain target communication data based on the identification parameters of the target communication data; and sending the target communication data to an auditing service for auditing, and quickly acquiring the target communication data of the database based on the identification parameters so as to realize local auditing of the communication data of the database.
In one embodiment, when the communication program in the database is started, loading the dynamic library and calling the target communication data acquired by the interface function based on the identification parameter of the target communication data comprise: setting LD _ PRELOAD environment variable in a server of the database, and when a communication program in the database is started, preferentially loading a dynamic library based on an interface function.
Illustratively, an LD _ load environment variable is set in a database server of the Linux system, and when a communication program in the database is started, a dynamic library is preferentially loaded based on an interface function.
In the above embodiment, the communication modes between the processes of the system database include network communication and IPC communication. Network traffic is generated by means of data interaction through network communication, and the network traffic can be captured through a network capture tool such as tcpdump. And for the mode of data interaction through IPC communication, network flow cannot be generated, a network packet capturing tool cannot be used for acquiring target communication data, and further auditing of a database cannot be performed. Therefore, the LD _ PRELOAD environment variable is set in the database server, so that the dynamic database is loaded preferentially when the program is started, the target communication data of the database can be acquired, and the local audit of the database can be realized.
In one embodiment, as shown in fig. 3, when the communication program in the database is started, the steps of loading the dynamic library and calling the interface function to obtain the target communication data based on the identification parameter of the target communication data further include:
s302, when the communication program in the database is started, loading the dynamic library and acquiring the real interface function address of the database based on the interface function.
Illustratively, when a communication program of the database is started, the dynamic library is preferentially loaded through the LD _ PRELOAD environment variable, and during the implementation process of the interface function of the dynamic library, the real interface function address of the database is obtained through a dlsym function.
S304, acquiring a real interface function corresponding to the target communication data from the real interface function address of the database based on the process name when the communication program is started.
The process name is a fixed name of the database when the communication process is started, and is used for distinguishing different databases.
S306, copying and writing the target communication data of the real interface function into a file based on the interface function, and recording the identification parameters corresponding to the real interface function.
Wherein the identification parameter is a parameter for distinguishing different real interface functions.
Illustratively, based on the interface function, the target communication data of the real interface function is copied and written into a file, so that the target communication data is not lost, and the identification parameters corresponding to the real interface function are recorded, so that the identification parameters correspond to the target communication data one by one, and the target communication data can be flexibly extracted in the subsequent auditing process.
And S308, calling the target communication data acquired by the interface function based on the identification parameters of the target communication data.
Illustratively, based on a process name when the communication program is started, a real interface function corresponding to target communication data is acquired from a real interface function address of the database, the interface function is called, whether an identification parameter of the real interface function is the same as an identification parameter stored in the dynamic library at the moment is judged, and if the identification parameter is the same, the corresponding target communication data is copied and written into a file according to the identification parameter.
In the embodiment, the dynamic library is loaded when the communication program in the database is started, and the real interface function address of the database is obtained based on the interface function; acquiring a real interface function corresponding to target communication data from a real interface function address of a database based on a process name when a communication program is started; copying and writing target communication data of the real interface function into a file based on the interface function, and recording identification parameters corresponding to the real interface function; the interface function is called to obtain the target communication data based on the identification parameters of the target communication data, so that the one-to-one correspondence between the target communication data and the identification parameters is realized, the obtained target communication data of the real interface function is marked, the program flow when the real interface function is called again in the subsequent auditing process is simplified, and the corresponding target communication data can be quickly obtained.
In one embodiment, acquiring a real interface function corresponding to target communication data from a real interface function address of a database based on a process name when a communication program is started includes: based on the process name when the communication program is started, acquiring an interactive program corresponding to target communication data from a real interface function address of a database; and acquiring a real interface function of the target communication data based on the interactive program.
In one embodiment, the obtaining the real interface function of the target communication data based on the interactive program comprises: and based on the interactive program, acquiring a real interface function corresponding to the target communication data through a function call stack.
In one embodiment, sending the target communication data to an auditing service for auditing comprises: and sending the target communication data to an auditing service for auditing based on the flow acquisition engine.
In an exemplary embodiment, as shown in fig. 4, an auditing method for a database is described, which is applied to local auditing of communication data of IPC communication of a DB2 database, and specifically includes the following steps:
s410, establishing a dynamic library based on a real IPC function interface of the Linux system, and configuring an interface function IPC _ wrap for obtaining target communication data of the DB2 database for the dynamic library.
And S420, when the communication program in the database is started, setting an LD _ PRELOAD environment variable in a server of the DB2 database so as to load the dynamic library preferentially.
S430, when the dynamic library is loaded, the interface function IPC _ wrap obtains the real interface function address through the address function dlsym corresponding to the return symbol.
At this time, the interface function IPC _ wrap identifies whether the interface function is an interactive program in charge of the DB2 database in the real interface function address according to different process names of different databases after the communication program is started.
And S440, acquiring real interface functions of DB2 database communication interaction through the function call stack based on the interactive program.
When the IPC communicates, the DB2 database has not only interface functions for communication interaction but also interface functions for executing other transmission functions, so that it is necessary to obtain real interface functions for communication interaction through a function call stack.
S450, copying and writing the target communication data in the real interface function into a file based on the IPC _ wrap, and recording the identification parameters corresponding to the real interface function.
If the interface function of the DB2 database is called again, whether the corresponding identification parameters exist in the dynamic library is preferably checked, and if the corresponding identification parameters exist, the data are directly copied and written into the file without a function call stack; if not, then S440 and S450 are executed again.
And S460, sending the target communication data in the file to an auditing service for auditing based on the flow collection engine.
In the auditing method applied to the DB2 database, the dynamic database is established, and an interface function IPC _ wrap used for acquiring target communication data of the database is configured for the dynamic database; when a communication program in a database is started, an LD _ PRELOAD environment variable is set in a server of a DB2 database to enable a dynamic library to be loaded preferentially, an interface function IPC _ wrap is enabled to obtain a real interface function address through a return symbol corresponding address function dlsym, a real interface function of DB2 database communication interaction is obtained in the real interface function address through a function call stack, target communication data in the real interface function is copied and written into a file, identification parameters corresponding to the real interface function are recorded, the target communication data stored in the file is sent to an auditing service for IPC auditing based on a flow acquisition engine, the IPC communication data of the DB2 database can be obtained, and therefore local auditing of the communication data of the DB2 database is achieved.
It should be understood that, although the steps in the flowcharts related to the embodiments as described above are sequentially displayed as indicated by arrows, the steps are not necessarily performed sequentially as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a part of the steps in the flowcharts related to the embodiments described above may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the execution order of the steps or stages is not necessarily sequential, but may be rotated or alternated with other steps or at least a part of the steps or stages in other steps.
Based on the same inventive concept, the embodiment of the application also provides an auditing device of the database for realizing the auditing method of the database. The implementation scheme for solving the problem provided by the apparatus is similar to the implementation scheme described in the above method, so the specific limitations in the following embodiments of the auditing apparatus for one or more databases may refer to the limitations on the auditing method for the databases, which are not described herein again.
In one embodiment, as shown in fig. 5, there is provided an auditing apparatus for a database, including: a dynamic library configuration module 52, a dynamic library acquisition module 54, and a dynamic library auditing module 56, wherein:
and a dynamic library configuration module 52, configured to establish a dynamic library, and configure an interface function for acquiring target communication data of the database for the dynamic library.
A dynamic library obtaining module 54, configured to, when a communication program in the database is started, load the dynamic library and call the interface function to obtain the target communication data based on the identification parameter of the target communication data.
And the dynamic library auditing module 56 is used for sending the target communication data to an auditing service for auditing.
In one embodiment, the dynamic library configuration module 52 includes: setting LD _ PRELOAD environment variable in the server of the database, and when the communication program in the database is started, preferentially loading the dynamic library based on the interface function.
In one embodiment, the dynamic library acquisition module 54 further comprises: loading a dynamic library when a communication program in the database is started, and acquiring a real interface function address of the database based on an interface function; acquiring a real interface function corresponding to target communication data from a real interface function address of a database based on a process name when a communication program is started; copying and writing target communication data of the real interface function into a file based on the interface function, and recording identification parameters corresponding to the real interface function; and calling the target communication data acquired by the interface function based on the identification parameters of the target communication data.
In one embodiment, the dynamic library acquisition module 54 comprises: based on the process name when the communication program is started, acquiring an interactive program corresponding to target communication data from a real interface function address of a database; and acquiring a real interface function of the target communication data based on the interactive program.
In one embodiment, the dynamic library acquisition module 54 comprises:
and acquiring a real interface function corresponding to the target communication data through the function call stack based on the interactive program.
In one embodiment, dynamic library audit module 56 comprises: and sending the target communication data to an auditing service for auditing based on the flow acquisition engine.
The modules in the auditing device of the database can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent of a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 6. The computer device includes a processor, a memory, an Input/Output interface (I/O for short), and a communication interface. The processor, the memory and the input/output interface are connected through a system bus, and the communication interface is connected to the system bus through the input/output interface. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing target communication data. The input/output interface of the computer device is used for exchanging information between the processor and an external device. The communication interface of the computer device is used for connecting and communicating with an external terminal through a network. The computer program when executed by a processor implements a method of auditing a database.
Those skilled in the art will appreciate that the architecture shown in fig. 6 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory having a computer program stored therein and a processor that when executing the computer program performs the steps of:
step 1, establishing a dynamic library, and configuring an interface function for acquiring target communication data of the database for the dynamic library.
And 2, when a communication program in the database is started, loading the dynamic library and calling the target communication data acquired by the interface function based on the identification parameters of the target communication data.
And 3, sending the target communication data to an auditing service for auditing.
In one embodiment, the processor, when executing the computer program, further performs the steps of: setting LD _ PRELOAD environment variable in the server of the database, and when the communication program in the database is started, preferentially loading the dynamic library based on the interface function.
In one embodiment, the processor when executing the computer program further performs the steps of:
when a communication program in a database is started, loading a dynamic library, and acquiring a real interface function address of the database based on an interface function;
acquiring a real interface function corresponding to target communication data from a real interface function address of a database based on a process name when a communication program is started;
copying and writing target communication data of the real interface function into a file based on the interface function, and recording identification parameters corresponding to the real interface function;
and calling the target communication data acquired by the interface function based on the identification parameters of the target communication data.
In one embodiment, the processor, when executing the computer program, further performs the steps of: based on the process name when the communication program is started, acquiring an interactive program corresponding to target communication data from a real interface function address of a database; and acquiring a real interface function of the target communication data based on the interactive program.
In one embodiment, the processor, when executing the computer program, further performs the steps of: and based on the interactive program, acquiring a real interface function corresponding to the target communication data through a function call stack.
In one embodiment, the processor, when executing the computer program, further performs the steps of: and sending the target communication data to an auditing service for auditing based on the flow acquisition engine.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
step 1, establishing a dynamic library, and configuring an interface function for acquiring target communication data of the database for the dynamic library.
And 2, when a communication program in the database is started, loading the dynamic library and calling the target communication data acquired by the interface function based on the identification parameters of the target communication data.
And 3, sending the target communication data to an auditing service for auditing.
In one embodiment, the computer program when executed by the processor further performs the steps of: setting LD _ PRELOAD environment variable in the server of the database, and when the communication program in the database is started, preferentially loading the dynamic library based on the interface function.
In one embodiment, the computer program when executed by the processor further performs the steps of:
loading a dynamic library when a communication program in the database is started, and acquiring a real interface function address of the database based on an interface function;
acquiring a real interface function corresponding to target communication data from a real interface function address of a database based on a process name when a communication program is started;
copying and writing target communication data of the real interface function into a file based on the interface function, and recording identification parameters corresponding to the real interface function;
and calling the target communication data acquired by the interface function based on the identification parameters of the target communication data.
In one embodiment, the computer program when executed by the processor further performs the steps of: based on the process name when the communication program is started, acquiring an interactive program corresponding to target communication data from a real interface function address of a database; and acquiring a real interface function of the target communication data based on the interactive program.
In one embodiment, the computer program when executed by the processor further performs the steps of: and acquiring a real interface function corresponding to the target communication data through the function call stack based on the interactive program.
In one embodiment, the computer program when executed by the processor further performs the steps of: and sending the target communication data to an auditing service for auditing based on the flow acquisition engine.
Furthermore, in an embodiment, a computer program product is also provided, comprising a computer program which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
It should be noted that the data (including but not limited to data for analysis, stored data, displayed data, etc.) referred to in the present application are all information and data authorized by the user or fully authorized by each party, and the collection, use and processing of the relevant data need to comply with relevant laws and regulations and standards of relevant countries and regions.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above may be implemented by hardware instructions of a computer program, which may be stored in a non-volatile computer-readable storage medium, and when executed, may include the processes of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high-density embedded nonvolatile Memory, resistive Random Access Memory (ReRAM), magnetic Random Access Memory (MRAM), ferroelectric Random Access Memory (FRAM), phase Change Memory (PCM), graphene Memory, and the like. Volatile Memory can include Random Access Memory (RAM), external cache Memory, and the like. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others. The databases involved in the embodiments provided herein may include at least one of relational and non-relational databases. The non-relational database may include, but is not limited to, a block chain based distributed database, and the like. The processors referred to in the various embodiments provided herein may be, without limitation, general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic devices, quantum computing-based data processing logic devices, or the like.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.
Claims (10)
1. A method for auditing a database, the method comprising:
establishing a dynamic library, and configuring an interface function for acquiring target communication data of the database for the dynamic library;
when a communication program in the database is started, loading the dynamic library and calling the target communication data acquired by the interface function based on the identification parameters of the target communication data;
and sending the target communication data to an auditing service for auditing.
2. The auditing method for a database according to claim 1, wherein the loading the dynamic library and calling the target communication data acquired by the interface function based on the identification parameter of the target communication data when the communication program in the database is started comprises:
and setting an LD _ PRELOAD environment variable in a server of the database, and preferentially loading the dynamic library based on the interface function when a communication program in the database is started.
3. The method for auditing a database according to claim 1, wherein the step of loading the dynamic library and calling the target communication data obtained by the interface function based on the identification parameter of the target communication data when the communication program in the database is started further comprises the steps of:
when a communication program in the database is started, loading the dynamic library, and acquiring a real interface function address of the database based on the interface function;
acquiring a real interface function corresponding to the target communication data from a real interface function address of the database based on the process name when the communication program is started;
copying and writing the target communication data of the real interface function into a file based on the interface function, and recording the identification parameters corresponding to the real interface function;
calling the target communication data acquired by the interface function based on the identification parameters of the target communication data.
4. The method for auditing the database according to claim 3, wherein the obtaining of the real interface function corresponding to the target communication data from the real interface function address of the database based on the process name when the communication program is started comprises:
based on the process name when the communication program is started, acquiring an interactive program corresponding to the target communication data from a real interface function address of the database;
and acquiring the real interface function of the target communication data based on the interactive program.
5. The database auditing method according to claim 4, wherein said obtaining the real interface function of the target communication data based on the interactive program comprises:
and acquiring a real interface function corresponding to the target communication data through a function call stack based on the interactive program.
6. The auditing method of a database according to claim 1, where sending the target communication data to an auditing service for auditing comprises:
and sending the target communication data to an auditing service for auditing based on a flow acquisition engine.
7. An auditing apparatus for a database, the apparatus comprising:
the dynamic library configuration module is used for establishing a dynamic library and configuring an interface function for acquiring target communication data of the database for the dynamic library;
the dynamic library acquisition module is used for loading the dynamic library and calling the target communication data acquired by the interface function based on the identification parameters of the target communication data when a communication program in the database is started;
and the dynamic library auditing module is used for sending the target communication data to auditing service for auditing.
8. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor realizes the steps of the method of any one of claims 1 to 6 when executing the computer program.
9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.
10. A computer program product comprising a computer program, characterized in that the computer program realizes the steps of the method of any one of claims 1 to 6 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211403560.2A CN115687484A (en) | 2022-11-10 | 2022-11-10 | Database auditing method, apparatus, device, storage medium and program product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211403560.2A CN115687484A (en) | 2022-11-10 | 2022-11-10 | Database auditing method, apparatus, device, storage medium and program product |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115687484A true CN115687484A (en) | 2023-02-03 |
Family
ID=85049923
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211403560.2A Pending CN115687484A (en) | 2022-11-10 | 2022-11-10 | Database auditing method, apparatus, device, storage medium and program product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115687484A (en) |
-
2022
- 2022-11-10 CN CN202211403560.2A patent/CN115687484A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113014623B (en) | Method and device for processing real-time streaming data of embedded point, computer equipment and storage medium | |
| CN113392158A (en) | Service data processing method and device and data center | |
| CN109981569A (en) | Network system access method, device, computer equipment and readable storage medium storing program for executing | |
| CN114756627A (en) | Alliance-chain-based digital asset processing method, system and storage medium | |
| CN112860412B (en) | Service data processing method and device, electronic equipment and storage medium | |
| CN116644250B (en) | Page detection method, page detection device, computer equipment and storage medium | |
| CN115858322A (en) | Log data processing method and device and computer equipment | |
| CN115687484A (en) | Database auditing method, apparatus, device, storage medium and program product | |
| CN115658794A (en) | Data query method and device, computer equipment and storage medium | |
| CN115576653A (en) | Cloud application operation method, device, equipment and medium based on GPU cloud desktop platform | |
| CN110851446B (en) | Data table generation method and device, computer equipment and storage medium | |
| CN107704557B (en) | Processing method and device for operating mutually exclusive data, computer equipment and storage medium | |
| CN112035471A (en) | Transaction processing method and computer equipment | |
| CN111045787A (en) | Rapid continuous experiment method and system | |
| CN117708117A (en) | Batch data processing method, device, electronic device and storage medium | |
| CN111367750A (en) | Exception handling method, device and equipment | |
| CN117155661A (en) | Risk log data pushing method, apparatus, computer device and storage medium | |
| CN112734360B (en) | End-to-end business process management method, device, equipment and storage medium | |
| CN116662016B (en) | Port switching method, device, computer equipment, storage medium and program product | |
| CN117632009A (en) | Data storage method and device based on business application and computer equipment | |
| CN116132591A (en) | Account management method, account management device, computer equipment and storage medium | |
| CN117453759A (en) | Service data processing method, device, computer equipment and storage medium | |
| CN118200314A (en) | File interaction method, device, computer equipment and storage medium | |
| CN116755934A (en) | Snapshot starting method, device, equipment, storage medium and program product | |
| CN113608897A (en) | Method, device, equipment and medium for data processing and application server operation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |