最新要闻

广告

手机

iphone11大小尺寸是多少?苹果iPhone11和iPhone13的区别是什么?

iphone11大小尺寸是多少?苹果iPhone11和iPhone13的区别是什么?

警方通报辅警执法直播中被撞飞:犯罪嫌疑人已投案

警方通报辅警执法直播中被撞飞:犯罪嫌疑人已投案

家电

热讯:DBSAT脚本快速收集方法

来源:博客园


【资料图】

DBSAT是Oracle官方提供的脚本,用于数据库的安全评估检查,用户可以放心下载使用。下载链接具体参见MOS:

  • Oracle Database Security Assessment Tool (DBSAT) (Doc ID 2138254.1)

下面介绍DBSAT脚本快速收集方法:

  • 1.上传dbsat脚本并解压到指定目录
  • 2.使用dbsat采集必要信息
  • 3.生成报告文件(可选)

1.上传dbsat脚本并解压到指定目录

将从官方下载的DBSAT工具上传到数据库服务器主机,并创建相应的目录:

使用Oracle用户登录数据库服务器,创建相应目录

mkdir -p /home/oracle/dbsat

将DBSAT工具包进行解压

unzip dbsat.zip -d /home/oracle/dbsat

2.使用dbsat采集必要信息

DBSAT只对数据库执行查询,不会在数据库中创建对象。之前文档写的示例是用system用户收集,但需要用户提供system用户密码。但实际情况,很多客户或实际操作人员并不清楚system用户的密码,或是需要时间去确认,这会严重影响收集效率。所以,更好的方法是可以使用SYS用户,实现免密码采集。这里的前提是客户环境支持 `sqlplus / as sysdba` 登陆的情况下(大部分客户默认都适用),否则还是需要提供密码。
$ ./dbsat collect sys output_DEMO

实际执行如下:

[oracle@bogon dbsat]$ ./dbsat collect sys output_DEMODatabase Security Assessment Tool version 2.2.2 (June 2021)This tool is intended to assist you in securing your Oracle databasesystem. You are solely responsible for your system and the effect andresults of the execution of this tool (including, without limitation,any damage or data loss). Further, the output generated by this tool mayinclude potentially sensitive system configuration data and informationthat could be used by a skilled attacker to penetrate your system. Youare solely responsible for ensuring that the output of this tool,including any generated reports, is handled in accordance with yourcompany"s policies.Connecting to the target Oracle database...SQL*Plus: Release 19.0.0.0.0 - Production on Thu Mar 30 16:08:50 2023Version 19.16.0.0.0Copyright (c) 1982, 2022, Oracle.  All rights reserved.Enter password: <--- 这里只需要输入 as sysdba 回车即可。Connected to:Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - ProductionVersion 19.16.0.0.0Setup complete.SQL queries complete.Warning: Exit status 256 from OS rule: dbcs_statusOS commands complete.Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - ProductionVersion 19.16.0.0.0DBSAT Collector completed successfully.Calling /u01/app/oracle/product/19.3.0/db_1/bin/zip to encrypt output_DEMO.json...Enter password: <--- 这里需要指定压缩包的密码,随意,我这里就用oracleVerify password: <--- 这里再次输入密码确认  adding: output_DEMO.json (deflated 82%)zip completed successfully.[oracle@bogon dbsat]$ lsdbsat  dbsat.bat  Discover  output_DEMO.zip  sat_analysis.py  sat_collector.sql  sat_reporter.py  xlsxwriter

3.生成报告文件(可选)

这一步不需要在服务端执行,只需把上一步生成的文件拿到自己的机器解析,或是直接发给我们即可。当然要记得把上面设置的压缩密码也告诉我们。

生成报告文件需要Python 2.6以上的环境。

执行报告的生成:

$ ./dbsat report output_DEMO

我这里环境具备,直接执行,实际执行过程如下:

[oracle@bogon dbsat]$ ./dbsat report output_DEMODatabase Security Assessment Tool version 2.2.2 (June 2021)This tool is intended to assist you in securing your Oracle databasesystem. You are solely responsible for your system and the effect andresults of the execution of this tool (including, without limitation,any damage or data loss). Further, the output generated by this tool mayinclude potentially sensitive system configuration data and informationthat could be used by a skilled attacker to penetrate your system. Youare solely responsible for ensuring that the output of this tool,including any generated reports, is handled in accordance with yourcompany"s policies.Archive:  output_DEMO.zip[output_DEMO.zip] output_DEMO.json password: <--- 这里需要输入前面压缩包的密码oracle  inflating: output_DEMO.json        DBSAT Reporter ran successfully.Calling /usr/bin/zip to encrypt the generated reports...Enter password: <--- 这里需要指定压缩包的密码,随意,我这里示例就还用oracleVerify password: <--- 这里再次输入密码确认        zip warning: output_DEMO_report.zip not found or empty  adding: output_DEMO_report.txt (deflated 77%)  adding: output_DEMO_report.html (deflated 83%)  adding: output_DEMO_report.xlsx (deflated 3%)  adding: output_DEMO_report.json (deflated 81%)zip completed successfully.

最后将这个output_DEMO_report.zip和对应解压密码发给我们即可。

关键词: