Help Center/ Database Security Service/ Getting Started/ Purchasing and Enabling DBSS
Updated on 2024-11-13 GMT+08:00

Purchasing and Enabling DBSS

Database Security Service (DBSS) is an intelligent database security service. Based on the big data analytics technologies, it can audit your databases, detect SQL injection attacks, and identify high-risk operations.

The section describes how to purchase the starter edition to manage one database and enable DBSS. You can use the default audit rules to detect abnormal behavior through multi-dimensional analysis, real-time alarms, and reports.

Operation Process

Procedure

Description

Preparation

You need to register a HUAWEI ID and top up your account.

Step 1: Buy Starter Edition DBSS

Set the configuration items, such as the subnet, security group, and required duration, and purchase DBSS of the starter edition.

Step 2: Add a Database

Add a database. You can select agent-free or agent-installed based on the database type.

Step 3: Enabling Database Audit

Enable database audit and verify the audit result.

Related Operations

Customize audit rules and view audit results and monitoring information.

Preparation

Step 1: Buy Starter Edition DBSS

  1. Log in to the management console.
  2. Click and choose Security & Compliance > Database Security Service. The Dashboard page is displayed.
  3. In the upper right corner, click Buy Database Audit.
  4. On the DBSS purchase page, complete the following configurations.

    Table 1 Database audit instance parameters

    Parameter

    Example Value

    Description

    VPC

    default_vpc

    You can select an existing VPC, or click View VPC to create one on the VPC console.

    NOTE:
    • Select the VPC of the node (application or database side) where you plan to install the agent. For more information, see How Do I Determine Where to Install an Agent?
    • To change the VPC of a DBSS instance, unsubscribe from it and purchase a new one.

    For more information about VPC, see Virtual Private Cloud User Guide.

    Security Group

    default

    You can select an existing security group in the region or create a security group on the VPC console. Once a security group is selected for an instance, the instance is protected by the access rules of this security group.

    For more information about security groups, see Virtual Private Cloud User Guide.

    Subnet

    default_subnet

    You can select a subnet configured in the VPC or create a subnet on the VPC console.

    Name

    DBSS-test

    Instance name

    Remarks

    -

    You can add instance remarks.

    Enterprise Project

    default

    This parameter is provided for enterprise users.

    An enterprise project groups cloud resources, so you can manage resources and members by project. The default project is default.

    Required Duration

    1

    Select the validity period of DBSS.

    After you select Auto-renew, the system automatically renews the instance upon expiry if your account balance is sufficient. You can continue to use the instance.

  5. Confirm the configuration and click Next.

    For any doubt about the pricing, click Pricing details to understand more.

  6. On the Details page, read the Database Audit of Database Security Service Disclaimer, select I have read and agree to the Database Audit of Database Security Service Disclaimer, and click Submit.
  7. On the displayed page, select a payment method.
  8. After you pay for your order, you can view the creation status of your instances.

Step 2: Add a Database

Databases audited by DBSS support agent-free installation and agent installation. Table 2 lists the types and versions of databases that support agent-free installation. Table 3 lists the types and versions of databases that support agent installation. You can enable database audit without installing an agent or by installing an agent based on the database type and version.

Table 2 Agent-free database types and versions

Database Type

Supported Edition

GaussDB for MySQL

All editions are supported by default.

PostgreSQL

NOTICE:

If the size of an SQL statement exceeds 4 KB, the SQL statement will be truncated during auditing. As a result, the SQL statement is incomplete.

  • 14 (14.4 or later)
  • 13 (13.6 or later)
  • 12 (12.10 or later)
  • 11 (11.15 or later)
  • 9.6 (9.6.24 or later)
  • 9.5 (9.5.25 or later)

RDS for SQLServer

All editions are supported by default.

RDS for MySQL

  • 5.6 (5.6.51.1 or later)
  • 5.7 (5.7.29.2 or later)
  • 8.0 (8.0.20.3 or later)

GaussDB(DWS)

  • 8.2.0.100 or later

RDS for MariaDB

All editions are supported by default.

  1. In the navigation tree on the left, choose Databases.
  2. In the Instance drop-down list, select the instance whose database is to be added.
  3. Click Add Database.
  4. In the displayed dialog box, set the database parameters.
  5. Click OK. A database whose Audit Status is Disabled is added to the database list.
Table 3 Type and version of the database where the agent is to be installed

Database Type

Edition

MySQL

  • 5.0, 5.1, 5.5, 5.6, and 5.7
  • 8.0 (8.0.11 and earlier)
  • 8.0.30
  • 8.0.35
  • 8.1.0
  • 8.2.0

Oracle

(The Oracle database uses closed-source protocol and has complex adaptation versions. If you need to audit the Oracle database, contact customer service.)

  • 11g

    11.1.0.6.0, 11.2.0.1.0, 11.2.0.2.0, 11.2.0.3.0, and 11.2.0.4.0

  • 12c

    12.1.0.2.0, 12.2.0.1.0

  • 19c

PostgreSQL

  • 7.4
  • 8.0, 8.1, 8.2, 8.3, and 8.4
  • 9.0, 9.1, 9.2, 9.3, 9.4, 9.5, and 9.6
  • 10.0, 10.1, 10.2, 10.3, 10.4, and 10.5
  • 11
  • 12
  • 13
  • 14

SQLServer

  • 2008
  • 2012
  • 2014
  • 2016
  • 2017

GaussDB(for MySQL)

MySQL 8.0

DWS

  • 1.5
  • 8.1

DAMENG

DM8

KINGBASE

V8

SHENTONG

V7.0

GBase 8a

V8.5

GBase 8s

V8.8

Gbase XDM Cluster

V8.0

Greenplum

V6.0

HighGo

V6.0

GaussDB

  • 1.3 Enterprise Edition
  • 1.4 Enterprise Edition
  • 2.8 Enterprise Edition
  • 3.223 Enterprise Edition

MongoDB

V5.0

DDS

4.0

Hbase

(Supported by CTS 23.02.27.182148 and later versions)

  • 1.3.1
  • 2.2.3

Hive

(Supported by CTS 23.02.27.182148 and later versions)

  • 1.2.2
  • 2.3.9
  • 3.1.2
  • 3.1.3

MariaDB

10.6

TDSQL

10.3.17.3.0

Vastbase

G100 V2.2

TiDB

  • V4
  • V5
  • V6
  • V7
  • V8
  1. Add a database.

    1. In the navigation tree on the left, choose Databases.
    2. In the Instance drop-down list, select the instance whose database is to be added.
    3. Click Add Database.
    4. In the displayed dialog box, set the database parameters.
    5. Click OK. A database whose Audit Status is Disabled is added to the database list.

  2. Add an agent.

    1. In the navigation tree on the left, choose Databases.
    2. In the Instance drop-down list, select the instance whose agent is to be added.
    3. In the Agent column of the desired database, click Add.
    4. In the displayed dialog box, select an add mode.
    5. Click OK.

  3. Download and install an agent.

    1. In the navigation tree on the left, choose Databases.
    2. In the Instance drop-down list, select the instance whose agent is to be downloaded.
    3. Click in the lower part of the database list to expand the agent details. Locate the target agent and click Download Agent in the Operation column The agent installation package will be downloaded.
    4. Install an agent.
      1. Upload the downloaded agent installation package xxx.tar.gz to the node (for example, using WinSCP).
      2. Log in to the node as user root using SSH through a cross-platform remote access tool (for example, PuTTY).
      3. Run the following command to access the directory where the agent installation package xxx.tar.gz is stored:
        cd Directory_containing_agent_installation_package
      4. Run the following command to decompress the installation package xxx.tar.gz:
        tar -xvf xxx.tar.gz
      5. Run the following command to switch to the directory containing the decompressed files:
        cd Decompressed_package_directory
      6. Run the following command to install the agent:
        sh install.sh
      7. Run the following command to view the running status of the agent program:
        service audit_agent status

        If the following information is displayed, the agent is running properly:

        audit agent is running.

Step 3: Enabling Database Audit

  1. Enable database audit.

    1. In the navigation tree on the left, choose Databases.
    2. Select a database audit instance from the Instance drop-down list.
    3. In the database list, click Enable in the Operation column of the database you want to audit.

      The Audit Status of the database is Enabled. You do not need to restart the database.

  2. Verify the audit result.

    1. Run an SQL statement (for example, show databases) in the target database.
    2. In the navigation tree on the left, choose Data Reports. The Data Reports page is displayed.
    3. In the Instance drop-down list, select the instance that audits the target database.
    4. Click the Statements tab.
    5. Click on the right of Time, select the start time and end time, and click Submit. The SQL statement entered in Figure 1 is displayed in the list.
      Figure 1 Viewing SQL statements

Related Operations

To effectively audit the database, you can customize audit rules and view audit results and monitoring information. This helps you locate internal violations and improper operations and ensure data asset security. For details, see Configuring Audit Rules, Viewing Audit Results, and Viewing Monitoring Information.