Managing Database Assets
After a database is added, you can check its information, enable or disable audit for it, or delete it. SSL encryption audit is supported for PostgreSQL databases.
For details about how to add a database and enable audit, see Adding a Database and Enabling Database Audit.
Prerequisites
- The database audit instance is in the Running state.
- Before disabling a database, ensure that Audit Status of the database is Enabled.
Constraints and Limitations
Before deleting a database, delete all the agents associated with its audit configuration.
Managing Database Assets
- Log in to the DBSS console.
- Click
in the upper left corner on the displayed page and select a region. - In the navigation tree on the left, choose Databases.
- In the Instance drop-down list, select an instance.
Viewing the Database Information
| Parameter | Description |
|---|---|
| Database Information | Name, type, and version of a database |
| Character Set | Encoding character set of the database |
| IP Address (Domain Name)/Port | The IP address and port number of the database. |
| Instance | Database instance name |
| OS | Operating system of the database |
| Audit Status | Audit status of the database. The options are as follows:
|
| Agent |
|
| Operation | Operation that can be performed on a database.
|
Disabling Database Audit
When a database is disabled, database audit will be stopped for the database.
- In the row containing the desired database, click Disable in the Operation column.
- In the displayed dialog box, click OK. The Audit Status of the database is Disabled.
Deleting a Database
Deleted database audit configuration cannot be restored. After the configuration is deleted, the security audit of the database will be stopped. To resume auditing, you must add the database back to the instance.
- In the Operation column of a database, click Delete.
- In the displayed dialog box, click OK.
Encrypted Audit
Encrypted audit is only supported for PostgreSQL databases. For details about the supported cipher suites, see Constraints.
- Click Upload Private Key in the Operation column.
- Uploading a private key: Click Upload Private Key, select a local private key, and click OK.
- Copying a private key: Copy a local private key, paste it in the text box, and click OK.
After the private key is uploaded, Update Private Key will be displayed in the Operation column. The procedure for updating a private key is the same as that for uploading a private key.
- Upload the SSL private key of the database server, not the certificate file.
- Uploading a new private key will overwrite the existing one. If the uploaded private key is empty, the previous private key will be deleted.
- Algorithm restrictions: The private key must use the RSA algorithm. ECC and ECDSA algorithms are not supported for certificates.
- Configuration restrictions: The ECDHE/DHE cipher suite and TLS 1.3 must be disabled for the database.
- Format requirements: Only the PEM format is supported, and password protection cannot be configured.
- Handshake requirements: Parsing can be performed only after audit is enabled and a handshake is generated.
- Security enhancement: You are advised to periodically replace the certificate. (After the replacement, a handshake is required for parsing.) (Uploading private keys may expose the system to information leakage or man-in-the-middle attacks. To mitigate security risks, it is advised to replace the private key periodically according to site requirements.)
- Note: To implement non-intrusive bypass parsing of TLS traffic, the preceding cryptographic algorithm restrictions may reduce the security of TLS encryption.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot