Purchasing and Enabling DBSS
Database Security Service (DBSS) is an intelligent database security service. Based on the big data analytics technologies, it can audit your databases, detect SQL injection attacks, and identify high-risk operations.
The section describes how to purchase the starter edition to manage one database and enable DBSS. You can use the default audit rules to detect abnormal behavior through multi-dimensional analysis, real-time alarms, and reports.
Operation Process
Procedure |
Description |
---|---|
You need to register a HUAWEI ID and top up your account. |
|
Set the configuration items, such as the subnet, security group, and required duration, and purchase DBSS of the starter edition. |
|
Add a database. You can select agent-free or agent-installed based on the database type. |
|
Enable database audit and verify the audit result. |
|
Customize audit rules and view audit results and monitoring information. |
Preparation
- Before purchasing WAF, create a Huawei account and subscribe to Huawei Cloud. For details, see Registering a Huawei ID and Enabling Huawei Cloud Services and Real-Name Authentication.
If you have enabled Huawei Cloud and completed real-name authentication, skip this step.
- Make sure that your account has sufficient balance, or you may fail to pay to your WAF orders.
Step 1: Buy Starter Edition DBSS
- Log in to the management console.
- Click and choose . The Dashboard page is displayed.
- In the upper right corner, click Buy Database Audit.
- On the DBSS purchase page, complete the following configurations.
Table 1 Database audit instance parameters Parameter
Example Value
Description
VPC
default_vpc
You can select an existing VPC, or click View VPC to create one on the VPC console.
NOTE:- Select the VPC of the node (application or database side) where you plan to install the agent. For more information, see How Do I Determine Where to Install an Agent?
- To change the VPC of a DBSS instance, unsubscribe from it and purchase a new one.
For more information about VPC, see Virtual Private Cloud User Guide.
Security Group
default
You can select an existing security group in the region or create a security group on the VPC console. Once a security group is selected for an instance, the instance is protected by the access rules of this security group.
For more information about security groups, see Virtual Private Cloud User Guide.
Subnet
default_subnet
You can select a subnet configured in the VPC or create a subnet on the VPC console.
Name
DBSS-test
Instance name
Remarks
-
You can add instance remarks.
Enterprise Project
default
This parameter is provided for enterprise users.
An enterprise project groups cloud resources, so you can manage resources and members by project. The default project is default.
Required Duration
1
Select the validity period of DBSS.
After you select Auto-renew, the system automatically renews the instance upon expiry if your account balance is sufficient. You can continue to use the instance.
- Confirm the configuration and click Next.
For any doubt about the pricing, click Pricing details to understand more.
- On the Details page, read the Database Audit of Database Security Service Disclaimer, select I have read and agree to the Database Audit of Database Security Service Disclaimer, and click Submit.
- On the displayed page, select a payment method.
- After you pay for your order, you can view the creation status of your instances.
Step 2: Add a Database
Databases audited by DBSS support agent-free installation and agent installation. Table 2 lists the types and versions of databases that support agent-free installation. Table 3 lists the types and versions of databases that support agent installation. You can enable database audit without installing an agent or by installing an agent based on the database type and version.
Database Type |
Supported Edition |
---|---|
GaussDB for MySQL |
All editions are supported by default. |
PostgreSQL
NOTICE:
If the size of an SQL statement exceeds 4 KB, the SQL statement will be truncated during auditing. As a result, the SQL statement is incomplete. |
|
RDS for SQLServer |
All editions are supported by default. |
RDS for MySQL |
|
GaussDB(DWS) |
|
RDS for MariaDB |
All editions are supported by default. |
- In the navigation tree on the left, choose Databases.
- In the Instance drop-down list, select the instance whose database is to be added.
- Click Add Database.
- In the displayed dialog box, set the database parameters.
- Click OK. A database whose Audit Status is Disabled is added to the database list.
Database Type |
Edition |
---|---|
MySQL |
|
Oracle (The Oracle database uses closed-source protocol and has complex adaptation versions. If you need to audit the Oracle database, contact customer service.) |
|
PostgreSQL |
|
SQLServer |
|
GaussDB(for MySQL) |
MySQL 8.0 |
DWS |
|
DAMENG |
DM8 |
KINGBASE |
V8 |
SHENTONG |
V7.0 |
GBase 8a |
V8.5 |
GBase 8s |
V8.8 |
Gbase XDM Cluster |
V8.0 |
Greenplum |
V6.0 |
HighGo |
V6.0 |
GaussDB |
|
MongoDB |
V5.0 |
DDS |
4.0 |
Hbase (Supported by CTS 23.02.27.182148 and later versions) |
|
Hive (Supported by CTS 23.02.27.182148 and later versions) |
|
MariaDB |
10.6 |
TDSQL |
10.3.17.3.0 |
Vastbase |
G100 V2.2 |
TiDB |
|
- Add a database.
- In the navigation tree on the left, choose Databases.
- In the Instance drop-down list, select the instance whose database is to be added.
- Click Add Database.
- In the displayed dialog box, set the database parameters.
- Click OK. A database whose Audit Status is Disabled is added to the database list.
- Add an agent.
- In the navigation tree on the left, choose Databases.
- In the Instance drop-down list, select the instance whose agent is to be added.
- In the Agent column of the desired database, click Add.
- In the displayed dialog box, select an add mode.
- Click OK.
- Download and install an agent.
- In the navigation tree on the left, choose Databases.
- In the Instance drop-down list, select the instance whose agent is to be downloaded.
- Click in the lower part of the database list to expand the agent details. Locate the target agent and click Download Agent in the Operation column The agent installation package will be downloaded.
- Install an agent.
- Upload the downloaded agent installation package xxx.tar.gz to the node (for example, using WinSCP).
- Log in to the node as user root using SSH through a cross-platform remote access tool (for example, PuTTY).
- Run the following command to access the directory where the agent installation package xxx.tar.gz is stored:
cd Directory_containing_agent_installation_package
- Run the following command to decompress the installation package xxx.tar.gz:
tar -xvf xxx.tar.gz
- Run the following command to switch to the directory containing the decompressed files:
cd Decompressed_package_directory
- Run the following command to install the agent:
sh install.sh
- Run the following command to view the running status of the agent program:
service audit_agent status
If the following information is displayed, the agent is running properly:
audit agent is running.
Step 3: Enabling Database Audit
- Enable database audit.
- In the navigation tree on the left, choose Databases.
- Select a database audit instance from the Instance drop-down list.
- In the database list, click Enable in the Operation column of the database you want to audit.
The Audit Status of the database is Enabled. You do not need to restart the database.
- Verify the audit result.
- Run an SQL statement (for example, show databases) in the target database.
- In the navigation tree on the left, choose Data Reports. The Data Reports page is displayed.
- In the Instance drop-down list, select the instance that audits the target database.
- Click the Statements tab.
- Click on the right of Time, select the start time and end time, and click Submit. The SQL statement entered in Figure 1 is displayed in the list.
Related Operations
To effectively audit the database, you can customize audit rules and view audit results and monitoring information. This helps you locate internal violations and improper operations and ensure data asset security. For details, see Configuring Audit Rules, Viewing Audit Results, and Viewing Monitoring Information.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.