Database monitoring method and system and server

Abstract

The invention discloses a database monitoring method and system and a server, the method is applied to the server, and the method comprises the steps that first data written into a first pipeline file by a terminal is read, and the first data comprises operation information of a database; performing protocol analysis on the first data to obtain a first database statement, copying the first data, and sending the copied first data to a database auditing system for auditing; performing permission matching on the first database statement, and if the permission matching fails, changing the first database statement to obtain a second database statement; performing protocol conversion on the second database statement to obtain second data, and writing the second data into the first pipeline file, so that the terminal operates the database according to the second data. On one hand, the first data is copied and sent to the database auditing system for auditing to prevent missed auditing; and on the other hand, the first database statement is subjected to permission matching and insufficient permission changing operation, so that permission control is carried out, and the security of the database is improved.

Description

technical field [0001] The invention relates to the technical field of data security, in particular to a database monitoring method, system and server. Background technique [0002] In recent years, with the rapid development of Internet technology, the application of databases has become more and more extensive. As an important part of the Internet system, how to protect the security of database use has become more and more important. [0003] InterProcess Communication (IPC) refers to the dissemination or exchange of information between different processes. Simply put, processes can send data to each other. The IPC method usually has pipes, including unnamed pipes and named pipes, message queues, semaphores, shared storage unnamed pipes, and unnamed pipes are special files of the Linux system kernel. The characteristics are: (1), it is half-duplex, that is, data can only flow in one direction, and has a fixed read end and write end. (2), it can only be used for communic...

AI Technical Summary

Problems solved by technology

(2), it can only be used for communication between processes with kinship, that is, between parent-child processes or sibling processes, and the realization of file sharing depends on parent-child processes

However, when the DBA uses the SQLPlus tool that comes with the Oracle database for local interaction, the interaction is not through the nonlinear output (line out) port and network port, but through the local IPC nameless pipe, and the data flow cannot be captured through the network protocol stack. Therefore, the existing database audit, database firewall, and dynamic desensitization products cannot obtain this part of the access data traffic, which eventually leads to missing audits and the inability to effectively control and control permissions. data desensitization

[0005] Although the existing technology can obtain the flow of SQLPlus through the HOOK technology for auditing, it only has the auditing function and cannot perform authority control. Moreover, data acquisition and data rewriting are performed by injecting HOOK into the relevant API of the operating system, and the database operation log is output. Not only is it difficult, but it also has a large intrusion into the operating system and insufficient security. Therefore, in the process of invention and creation, the inventor found it necessary to propose a database security monitoring method to monitor database operations performed by database administrators through local anonymous channels. Monitor and enhance database security

Images