MySQL 审核工具 Inception

çæ¬ä¿¡æ¯ï¼

çæ¬ä¿¡æ¯ï¼
CentOS 7 x86_64
Inception2.1.50 for Linux on x86_64 (Source distribution)


# rpm -qa | grep -E '^(cmake|ncurses|openssl|bison|gcc-c++)'

openssl-devel-1.0.2k-16.el7.x86_64
cmake-2.8.12.2-2.el7.x86_64
ncurses-base-5.9-14.20130511.el7_4.noarch
ncurses-5.9-14.20130511.el7_4.x86_64
bison-3.0.4-2.el7.x86_64
bison-devel-3.0.4-2.el7.x86_64
ncurses-libs-5.9-14.20130511.el7_4.x86_64
gcc-c++-4.8.5-36.el7.x86_64
openssl-libs-1.0.2k-16.el7.x86_64
ncurses-devel-5.9-14.20130511.el7_4.x86_64
openssl-1.0.2k-16.el7.x86_64

# vim /etc/my.cnf
[mysqld]
log-bin=/usr/local/mysql/binlog/mysql-bin
binlog_format = row	#mixed/row 
server_id = 10

=============================== å¼å§å®è£ ==============================

å®è£ç¸å³å

yum install -y cmake ncurses-devel openssl-devel bison-devel gcc-c++ MySQL-python

å®è£ percona-toolkit (éè¦ç¨å° pt-online-schema-change)

wget https://www.percona.com/downloads/percona-toolkit/3.0.12/binary/redhat/7/x86_64/percona-toolkit-3.0.12-1.el7.x86_64.rpm
rpm -ivh percona-toolkit-3.0.12-1.el7.x86_64.rpm
ll /usr/bin/pt-*

ä¸è½½Â SQLauditï¼inception ï¼æºç ï¼å½åä¸º "inception-master"

wget https://github.com/weiyanwei412/SQLaudit/archive/master.zip
unzip master.zip
mv SQLaudit-master /opt/inception-master
cd /opt/inception-master

-----------------------------------------------------------
# éè¯¯ä¸ï¼
# sh inception_build.sh /usr/local/inception
-----------------------------------------------------------
building project in /usr/local/inception
CMake Error: The source directory "/usr/local" does not appear to contain CMakeLists.txt.
Specify --help for usage, or press the help button on the CMake GUI.
make: *** No rule to make target `install.  Stop.


-----------------------------------------------------------
# éè¯¯äºï¼
# sh inception_build.sh inception [linux]
-----------------------------------------------------------
-- Running cmake version 2.8.12.2
CMake Warning (dev) at CMakeLists.txt:141 (INCLUDE):
  Syntax Warning in cmake code at

    /opt/inception-master/cmake/ssl.cmake:207:55

  Argument not separated from preceding token by whitespace.
This warning is for project developers.  Use -Wno-dev to suppress it.

-- MySQL Inception2.1.50
-- Packaging as: mysql-Inception2.1.50-Linux-x86_64
-- HAVE_VISIBILITY_HIDDEN
-- HAVE_VISIBILITY_HIDDEN
-- HAVE_VISIBILITY_HIDDEN
-- Configuring done
-- Generating done
-- Build files have been written to: /opt/inception-master
make: *** No rule to make target `install.  Stop.
-----------------------------------------------------------

æ£ç¡®çç¼è¯æ¹æ³

cmake -DWITH_DEBUG=OFF \
-DCMAKE_INSTALL_PREFIX=/usr/local/inception \
-DMYSQL_DATADIR=/usr/local/inception/data \
-DWITH_SSL=yes \
-DCMAKE_BUILD_TYPE=RELEASE \
-DWITH_ZLIB=bundled \
-DMY_MAINTAINER_C_WARNINGS="-Wall -Wextra -Wunused -Wwrite-strings -Wno-strict-aliasing -Wdeclaration-after-statement" \
-DMY_MAINTAINER_CXX_WARNINGS="-Wall -Wextra -Wunused -Wwrite-strings -Wno-strict-aliasing -Wno-unused-parameter -Woverloaded-virtual"


make && make install

Inception éç½®æä»¶ï¼/etc/inc.cnfï¼è®¾ç½®

# Inception éç½®æä»¶è®¾ç½®
# vim /etc/inc.cnf

# doc: https://github.com/weiyanwei412/inception-document/blob/master/docs/variables.md
[inception]
port=6669
socket=/usr/local/inception/data/inc.socket
character-set-server=utf8
general_log=1 								#å¯ç¨Inceptionè¯å¥æ§è¡è®°å½
general_log_file=/usr/local/inception/data/inception.log

#Inception å®¡æ ¸è§å
inception_check_autoincrement_datatype=1 	#å»ºè¡¨æ¶ï¼èªå¢åçç±»åä¸ä¸ºintæèbigint
inception_check_autoincrement_init_value=1	#å»ºè¡¨æ¶ï¼èªå¢åçå¼æå®çä¸ä¸º1ï¼åæ¥é
inception_check_autoincrement_name=1		#å»ºè¡¨æ¶ï¼å¦ææå®çèªå¢åçååä¸ä¸ºID
inception_check_column_comment=1			#å»ºè¡¨æ¶ï¼åæ²¡ææ³¨é
inception_check_column_default_value=0		#æ£æ¥å¨å»ºè¡¨ãä¿®æ¹åãæ°å¢åæ¶ï¼åå±æ§æ¯å¦æé»è®¤å¼
inception_check_dml_limit=1					#å¨DMLè¯å¥ä¸ä½¿ç¨äºLIMIT
inception_check_dml_orderby=1				#å¨DMLè¯å¥ä¸ä½¿ç¨äºOrder By
inception_check_dml_where=1					#å¨DMLè¯å¥ä¸æ²¡æWHEREæ¡ä»¶
inception_check_identifier=1				#SQLè¯å¥ååæ£æ¥ï¼å¦æåç°ååä¸åå¨é¤æ°åãåæ¯ãä¸åçº¿ä¹å¤çåç¬¦æ¶ï¼ä¼æ¥Identifier "invalidname" is invalid, valid options: [a-z,A-Z,0-9,_].
inception_check_index_prefix=1				#æ¯å¦æ£æ¥ç´¢å¼åååç¼ä¸º"idx_"ï¼æ£æ¥å¯ä¸ç´¢å¼åç¼æ¯ä¸æ¯"uniq_"
inception_check_insert_field=1				#æ¯å¦æ£æ¥æå¥è¯å¥ä¸çåé¾è¡¨çåå¨æ§
inception_check_primary_key=1				#æ£æ¥æ¯å¦æä¸»é®
inception_check_table_comment=0				#æ£æ¥è¡¨æ¯å¦ææ³¨é
inception_check_timestamp_default=0			#æ£æ¥è¡¨æ¯å¦ætimestampç±»åæå®é»è®¤å¼
inception_enable_autoincrement_unsigned=1	#æ£æ¥èªå¢åæ¯ä¸æ¯ä¸ºæ ç¬¦å·å
inception_enable_blob_type=0				#æ£æ¥æ¯ä¸æ¯æ¯æBLOBåæ®µï¼åæ¬å»ºè¡¨ãä¿®æ¹åãæ°å¢åæä½ é»è®¤å¼å¯
inception_enable_column_charset=0			#åè®¸åèªå·±è®¾ç½®åç¬¦é
inception_enable_enum_set_bit=0				#æ¯å¦æ¯æenum,set,bitæ°æ®ç±»å
inception_enable_foreign_key=0				#æ¯å¦æ¯æå¤é®
inception_enable_identifer_keyword=0		#SQLè¯å¥æ¯å¦ææ è¯ç¬¦è¢«åæMySQLçå³é®å
inception_enable_not_innodb=0				#åå¨å¼ææ¯å¦æå®ä¸ºInnodb
inception_enable_nullable=0					#åå»ºæèæ°å¢åæ¯å¦åè®¸ä¸ºNULL
inception_enable_orderby_rand=0				#æ¯å¦åè®¸order by rand
inception_enable_partition_table=0			#æ¯å¦æ¯æååºè¡¨
inception_enable_select_star=0				#æ¯å¦åè®¸ Select* 
inception_enable_sql_statistic=1			#å¤åºå®ä¾æ¯å¦åå¨sqlç»è®¡ä¿¡æ¯
inception_max_char_length=16				#å½charç±»åçé¿åº¦å¤§äºè¿ä¸ªå¼æ¶ï¼æ¯å¦æç¤ºè½¬æ¢ä¸ºVARCHAR
inception_max_key_parts=5					#ä¸ä¸ªç´¢å¼ä¸ï¼åçæå¤§ä¸ªæ°ï¼è¶è¿è¿ä¸ªæ°ç®åæ¥é
inception_max_keys=16						#ä¸ä¸ªè¡¨ä¸ï¼æå¤§çç´¢å¼æ°ç®ï¼è¶è¿è¿ä¸ªæ°åæ¥é
inception_max_update_rows=10000				#å¨ä¸ä¸ªä¿®æ¹è¯å¥ä¸ï¼é¢è®¡å½±åçæå¤§è¡æ°ï¼è¶è¿è¿ä¸ªæ°å°±æ¥é
inception_merge_alter_table=1				#å¨å¤ä¸ªæ¹åä¸ä¸ªè¡¨çè¯å¥åºç°æ¯ï¼æ¯å¦æç¤ºåæä¸ä¸ª

#inception æ¯æ OSC åæ°(pt-online-schema-change)
inception_osc_bin_dir=/usr/bin				#ç¨äºæå®pt-online-schema-changeèæ¬çä½ç½®ï¼ä¸å¯ä¿®æ¹ï¼å¨éç½®æä»¶ä¸è®¾ç½®
inception_osc_check_interval=5				#å¯¹åºOSCåæ°--check-intervalï¼æä¹æ¯Sleep time between checks for --max-lag.
inception_osc_chunk_size=1000				#å¯¹åºOSCåæ°--chunk-size
inception_osc_chunk_size_limit=4			#å¯¹åºOSCåæ°--chunk-size-limit
inception_osc_chunk_time=0.1				#å¯¹åºOSCåæ°--chunk-time
inception_osc_critical_thread_connected=1000 #å¯¹åºåæ°--critical-loadä¸çthread_connectedé¨å
inception_osc_critical_thread_running=80	#å¯¹åºåæ°--critical-loadä¸çthread_runningé¨å
inception_osc_drop_new_table=1				#å¯¹åºåæ°--[no]drop-new-table
inception_osc_drop_old_table=1				#å¯¹åºåæ°--[no]drop-old-table
inception_osc_max_lag=3						#å¯¹åºåæ°--max-lag
inception_osc_max_thread_connected=1000		#å¯¹åºåæ°--max-loadä¸çthread_connectedé¨å
inception_osc_max_thread_running=80			#å¯¹åºåæ°--max-loadä¸çthread_runningé¨å
inception_osc_min_table_size=0				# è¿ä¸ªåæ°å®éä¸æ¯ä¸ä¸ªOSCçå¼å³ï¼å¦æè®¾ç½®ä¸º0ï¼åå¨é¨ALTERè¯å¥é½èµ°OSCï¼å¦æè®¾ç½®ä¸ºé0ï¼åå½è¿ä¸ªè¡¨å ç¨ç©ºé´å¤§å°å¤§äºè¿ä¸ªå¼æ¶æä½¿ç¨OSCæ¹å¼ãåä½ä¸ºMï¼è¿ä¸ªè¡¨å¤§å°çè®¡ç®æ¹å¼æ¯éè¿è¯å¥ï¼"select (DATA_LENGTH + INDEX_LENGTH)/1024/1024 from information_schema.tables where table_schema = 'dbname' and table_name = 'tablename'"æ¥å®ç°ç
inception_osc_on=0							#ä¸ä¸ªå¨å±çOSCå¼å³ï¼é»è®¤æ¯æå¼çï¼å¦ææ³è¦å³éåè®¾ç½®ä¸ºOFFï¼è¿æ ·å°±ä¼ç´æ¥ä¿®æ¹
inception_osc_print_none=1					#ç¨æ¥è®¾ç½®å¨Inceptionè¿åç»æéä¸ï¼å¯¹äºåæ¥OSCå¨æ§è¡è¿ç¨çæ åè¾åºä¿¡æ¯æ¯ä¸æ¯è¦æå°å°ç»æéå¯¹åºçéè¯¯ä¿¡æ¯åä¸ï¼å¦æè®¾ç½®ä¸º1ï¼å°±ä¸æå°ï¼å¦æè®¾ç½®ä¸º0ï¼å°±æå°ãèå¦æåºç°éè¯¯äºï¼åé½ä¼æå°
inception_osc_print_sql=1					#å¯¹åºåæ°--print

#å¤ä»½æå¡å¨ä¿¡æ¯ï¼è®°å½ç¨äºåæ»ï¼éè¦æé CREATEãINSERTï¼åªå¤ä»½æ´æ¹çæ°æ®ï¼
#çº¿ä¸åååºå¯è½å²çªï¼æææ¤å¤åºå½åè§åå¦ï¼IP_Port_dbnameï¼éé¢çè¡¨ä¸å¯¹åºçº¿ä¸è¡¨é½æ¯ä¸ä¸å¯¹åºç
inception_remote_backup_host=10.10.10.10
inception_remote_backup_port=3307
inception_remote_system_user=root
inception_remote_system_password=mysql
inception_support_charset=utf8

å¯å¨åè¿æ¥ Inception

# å¯å¨åè¿æ¥ Inception
nohup /usr/local/inception/bin/Inception --defaults-file=/etc/inc.cnf &

/usr/local/inception/bin/mysql -h10.10.10.10 -P6669

# è¿æ¥åæµè¯æ¥çåé
mysql> inception get variables;
mysql> inception get variables 'connect_timeout';
mysql> inception set connect_timeout=15;

éªè¯SQLèæ¬çåºæ¬è¯æ³

/*--user=root;--password=mysql;--host=10.10.10.10.10;--enable-check;--port=3306;*/ #ç®æ æ°æ®åºè¿æ¥åç¬¦ä¸²
inception_magic_start;  #å¿é¡»ï¼è¯å¥åå¼å§ï¼å¼å§ç»æé´ä¸ºsqlèæ¬ï¼
use test;  
CREATE TABLE inc_table(id int);  
inception_magic_commit;	#å¿é¡»ï¼è¯å¥åç»æ

#!/usr/bin/python
#-*- coding: utf-8 -*-
#Python 2.7.5

import MySQLdb

sql="""/*--user=root;--password=mysql;--host=10.10.10.10;--enable-check;--port=3306;*/  
inception_magic_start;  
use test;  
CREATE TABLE inc_table(id int);  
inception_magic_commit;"""
try:
    conn=MySQLdb.connect(host='10.10.10.10',user='',passwd='',db='',port=6669)
    cur=conn.cursor()
    ret=cur.execute(sql)
    result=cur.fetchall()
    num_fields = len(cur.description) 
    field_names = [i[0] for i in cur.description]
    print field_names
    for row in result:
        print row[0], "|",row[1],"|",row[2],"|",row[3],"|",row[4],"|",row[5],"|",row[6],"|",row[7],"|",row[8],"|",row[9],"|",row[10]
    cur.close()
    conn.close()
except MySQLdb.Error,e:
    print "Mysql Error %d: %s" % (e.args[0], e.args[1])

è¿åç»æä¸ºï¼

['ID', 'stage', 'errlevel', 'stagestatus', 'errormessage', 'SQL', 'Affected_rows', 'sequence', 'backup_dbname', 'execute_time', 'sqlsha1']
1 | CHECKED | 0 | Audit completed | None | use test | 0 | '0_0_0' | None | 0 | 
2 | CHECKED | 1 | Audit completed | Set engine to innodb for table 'inc_table'.
Set charset to one of 'utf8' for table 'inc_table'.
Column 'id' in table 'inc_table' have no comments.
Column 'id' in table 'inc_table' is not allowed to been nullable.
Set a primary key for table 'inc_table'. | CREATE TABLE inc_table(id int) | 0 | '0_0_1' | 10_10_10_10_3306_test | 0 |

æ¥ä¸æ¥Yearning é¨ç½²åèï¼ MySQL å®¡æ ¸å¹³å° Yearning é¨ç½²

MySQL 审核工具 Inception

继续阅读

MySQL 审核平台 Yearning 部署