MongoDB等保测评脚本

Oneslide
34 阅读1分钟

添加审计

auditLog:
  destination: file
  path: /data/mongodb/audit/audit.log
  filter: '{ at : { $gte : new Date() - 24 * 60 * 60 * 1000 } }' # 仅记录过去24小时的操作
  • add-audit.sh
#!/bin/bash
export AUDIT_PATH=/data/mongodb/audit
mkdir -p $AUDIT_PATH
touch $AUDIT_PATH/audit.log
# 要追加的审计日志配置
AUDIT_LOG_CONFIG="auditLog:\n  destination: file\n  path: /data/mongodb/audit/audit.log\n  filter: '{ at : { \$gte : new Date() - 24 * 60 * 60 * 1000 } }'"
# 配置文件列表
CONFIG_FILES=(
        "$(pwd)/mongodb-cluster-shard1.conf"
        "$(pwd)/mongodb-cluster-shard2.conf"
        "$(pwd)/mongodb-cluster-shard3.conf"
)
# 循环遍历每个配置文件并追加配置
for CONFIG_FILE in "${CONFIG_FILES[@]}"; do
    echo -e "$AUDIT_LOG_CONFIG" >> "$CONFIG_FILE"
    echo "已将审计日志配置追加到 $CONFIG_FILE"
done
echo "所有配置文件更新完成!"

审计日志备份

  • audit-backup.sh
#!/bin/bash
# 设置源目录和目标目录
SOURCE_DIR="/data/mongodb/audit/"
DESTINATION_DIR="root@192.168.xx.xx:/data/audit_backup/192_168_xx_xx"
# 使用 rsync 命令进行备份
rsync -avz --delete "$SOURCE_DIR" "$DESTINATION_DIR"
# 检查 rsync 是否成功
if [ $? -eq 0 ]; then
    echo "备份成功: $SOURCE_DIR -> $DESTINATION_DIR"
else
    echo "备份失败!"
fi

日志备份

#!/bin/bash

echo [INFO] 日期: $(date +"%Y%m%d")

# 定义源目录数组
SOURCE_DIRS=(
    "/data/mongodb/shard1/log"
    "/data/mongodb/shard2/log"
    "/data/mongodb/shard3/log"
)
# 定义目标目录
DESTINATION_DIR="root@192.168.xx.x:/data/mongodb_log_backup/192_168_xx_xx"
# 遍历每个源目录并进行备份
for SOURCE_DIR in "${SOURCE_DIRS[@]}"; do
    # 使用 rsync 命令进行备份
    DIR_NAME=$(basename "$(dirname "$SOURCE_DIR")")
    rsync -avz --delete "$SOURCE_DIR" "$DESTINATION_DIR/$DIR_NAME"
    # 检查 rsync 是否成功
    if [ $? -eq 0 ]; then
        echo "备份成功: $SOURCE_DIR -> $DESTINATION_DIR"
    else
        echo "备份失败: $SOURCE_DIR"
    fi
done

数据备份

#!/bin/bash

echo "[备份日期] $(date +\%Y\%m\%d)"
echo "[备份日期] $(date)"

export BACKUP_FOLD=/data/mongodb/backup

export DATE_FOLD=$(date +\%Y\%m\%d)

/usr/local/mongotools/bin/mongodump --host skq --port 27017  --authenticationDatabase test_db --username 'admin' --password 'xxxx' --out $BACKUP_FOLD/$DATE_FOLD

# /usr/local/mongotools/bin/mongodump --out $BACKUP_FOLD/$DATE_FOLD

find $BACKUP_FOLD -type f -mtime +15 -exec rm -f {} \;
find $BACKUP_FOLD -type d -mtime +15 -exec rm -rf {} \;
echo "已删除BACKUP_FOLD 超过15天文件"

即使有,也能备份:

security:
  keyFile: /data/mongodb/key.file
avatar
文章
阅读
粉丝