GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → shouc → Daudit

shouc / Daudit

Licence: mit
🌲 Configuration flaws detector for Hadoop, MongoDB, MySQL, and more!

Programming Languages

python
139335 projects - #7 most used programming language

Labels

securityredismongodbbigdataauditing

Projects that are alternatives of or similar to Daudit

Shw server
使用SpringCloud和Spring WebFlux开发的学生作业管理系统服务端,前后端分离项目,微服务架构。支持Docker集群化部署,Redis集群化缓存,文件在线预览 压缩包预览 打包上传下载
Stars: ✭ 66 (-38.89%)
Mutual labels:  redis, mongodb
Mall
mall项目是一套电商系统,包括前台商城系统及后台管理系统,基于SpringBoot+MyBatis实现,采用Docker容器化部署。 前台商城系统包含首页门户、商品推荐、商品搜索、商品展示、购物车、订单流程、会员中心、客户服务、帮助中心等模块。 后台管理系统包含商品管理、订单管理、会员管理、促销管理、运营管理、内容管理、统计报表、财务管理、权限管理、设置等模块。
Stars: ✭ 54,797 (+50637.96%)
Mutual labels:  redis, mongodb
Bankflix
Aplicação que simula um banco digital, contendo a área do cliente e administrativa, permitindo depósitos e transferências entre contas do mesmo banco. | Application that simulates a digital bank, containing the customer and administrative areas, allowing deposits and transfers between accounts of the same bank.
Stars: ✭ 82 (-24.07%)
Mutual labels:  redis, mongodb
Nodbi
Document DBI connector for R
Stars: ✭ 56 (-48.15%)
Mutual labels:  redis, mongodb
Production Ready Expressjs Server
Express.js server that implements production-ready error handling and logging following latest best practices.
Stars: ✭ 101 (-6.48%)
Mutual labels:  redis, mongodb
Zaneperfor
前端性能监控系统,消息队列,高可用,集群等相关架构
Stars: ✭ 1,085 (+904.63%)
Mutual labels:  redis, mongodb
Spring 5 Examples
This repository is contains spring-boot 2 / spring framework 5 project examples. Using reactive programming model / paradigm and Kotlin
Stars: ✭ 87 (-19.44%)
Mutual labels:  redis, mongodb
Phalcon Vm
Vagrant configuration for PHP7, Phalcon 3.x and Zephir development.
Stars: ✭ 43 (-60.19%)
Mutual labels:  redis, mongodb
Springboot Templates
springboot和dubbo、netty的集成,redis mongodb的nosql模板, kafka rocketmq rabbit的MQ模板, solr solrcloud elasticsearch查询引擎
Stars: ✭ 100 (-7.41%)
Mutual labels:  redis, mongodb
Vue Family Bucket Ssr Koa2 Full Stack Development From Meituan
🚀🚀2020最新Vue全家桶+SSR+Koa2全栈开发☁
Stars: ✭ 100 (-7.41%)
Mutual labels:  redis, mongodb
Vue Element Responsive Demo
基于 Vue + Element 的响应式后台模板
Stars: ✭ 54 (-50%)
Mutual labels:  redis, mongodb
Spring Boot 2.x Examples
Spring Boot 2.x code examples
Stars: ✭ 104 (-3.7%)
Mutual labels:  redis, mongodb
Springboot
SpringBoot 整合各类框架和应用
Stars: ✭ 54 (-50%)
Mutual labels:  redis, mongodb
Mall Learning
mall学习教程,架构、业务、技术要点全方位解析。mall项目(40k+star)是一套电商系统,使用现阶段主流技术实现。涵盖了SpringBoot 2.3.0、MyBatis 3.4.6、Elasticsearch 7.6.2、RabbitMQ 3.7.15、Redis 5.0、MongoDB 4.2.5、Mysql5.7等技术,采用Docker容器化部署。
Stars: ✭ 10,236 (+9377.78%)
Mutual labels:  redis, mongodb
Aclify
🔒 Node Access Control Lists (ACL).
Stars: ✭ 49 (-54.63%)
Mutual labels:  redis, mongodb
Dataengineeringproject
Example end to end data engineering project.
Stars: ✭ 82 (-24.07%)
Mutual labels:  redis, mongodb
Bibi
An e-commerce fullstack solution for Flask 出口电商全栈解决方案
Stars: ✭ 914 (+746.3%)
Mutual labels:  redis, mongodb
Docker Vue Node Nginx Mongodb Redis
🐉 An awesome boilerplate, Integrated Docker, Vue, Node, Nginx, Mongodb and Redis in one, Designed to develop & build your web applications more efficient and elegant.
Stars: ✭ 34 (-68.52%)
Mutual labels:  redis, mongodb
Go Sniffer
🔎Sniffing and parsing mysql,redis,http,mongodb etc protocol. 抓包截取项目中的数据库请求并解析成相应的语句。
Stars: ✭ 1,281 (+1086.11%)
Mutual labels:  redis, mongodb
Pythonstudy
Python related technologies used in work: crawler, data analysis, timing tasks, RPC, page parsing, decorator, built-in functions, Python objects, multi-threading, multi-process, asynchronous, redis, mongodb, mysql, openstack, etc.
Stars: ✭ 103 (-4.63%)
Mutual labels:  redis, mongodb
View All Similar Projects ➔

DAudit

Identify security risks in your configurations for databases and big data platforms.

Output

Installation

$ git clone https://github.com/shouc/daudit.git && cd daudit
$ python3 -m pip install -r requirements.txt

Supported Softwares

NoSQL DB:

  • Redis
  • MongoDB
  • CouchDB [TODO]
  • Cassandra [TODO]
  • HBase [TODO]
  • LevelDB [TODO]

Relational DB:

Other DB:

  • Neo4j [TODO]
  • Elasticsearch [TODO]
  • InfluxDB [TODO]

Big Data Platform:

Usage

You can use the following command to print the help message

$ python3 main.py -h
==============================================
      _____                   _ _      
     (____ \   /\            | (_)_    
      _   \ \ /  \  _   _  _ | |_| |_  
     | |   | / /\ \| | | |/ || | |  _) 
     | |__/ / |__| | |_| ( (_| | | |__ 
     |_____/|______|\____|\____|_|\___)
      https://github.com/shouc/daudit
==============================================

usage: main.py [-h] {redis,mongodb,mysql,hadoop,spark} ...

This is a tool for detecting configuration issues of Redis, MySQL, etc!

positional arguments:
  {redis,mongodb,mysql,hadoop,spark}
                        commands
    redis               Check configurations of redis
    mongodb             Check configurations of mongodb
    mysql               Check configurations of mysql
    hadoop              Check configurations of hadoop
    spark               Check configurations of spark

optional arguments:
  -h, --help  show this help message and exit

Redis

Advisory

$ python3 main.py redis -h
usage: main.py redis [-h] [--dir DIR]

optional arguments:
  -h, --help  show this help message and exit
  --dir DIR   the dir of redis configuration files, leave blank if you wish the program to automatically detect the location.

An example of checking Redis with configuration file /etc/redis/redis.conf

$ # both commands are equivalent
$ sudo python3 main.py redis
$ sudo python3 main.py redis --dir /etc/redis 
[INFO]    Evaluating /etc/redis/redis.conf
[INFO]    Checking exposure...
[DEBUG]   Redis is only exposed to internal network (127.0.0.1)
[DEBUG]   Redis is only exposed to internal network (::1)
[INFO]    Checking setting of password...
[ISSUE]   No password has been set. 
[RECOMM]  Consider setting requirepass [your_password] in configuration file(s) based on your context.
[INFO]    Checking commands...
[ISSUE]   config command is exposed to every user.
[RECOMM]  Consider setting rename-command config [UUID] in configuration file(s) based on your context.
[ISSUE]   debug command is exposed to every user.
[RECOMM]  Consider setting rename-command debug [UUID] in configuration file(s) based on your context.
[ISSUE]   shutdown command is exposed to every user.
[RECOMM]  Consider setting rename-command shutdown [UUID] in configuration file(s) based on your context.
[ISSUE]   flushdb command is exposed to every user.
[RECOMM]  Consider setting rename-command flushdb [UUID] in configuration file(s) based on your context.
[ISSUE]   flushall command is exposed to every user.
[RECOMM]  Consider setting rename-command flushall [UUID] in configuration file(s) based on your context.
[ISSUE]   eval command is exposed to every user.
[RECOMM]  Consider setting rename-command eval [UUID] in configuration file(s) based on your context.

Checks:

  • exposure
  • weak/no password
  • command renaming

MongoDB

Advisory

$ python3 main.py mongodb -h
usage: main.py mongodb [-h] [--dir DIR] [--file FILE]

optional arguments:
  -h, --help   show this help message and exit
  --dir DIR    the dir of configuration files, leave blank if you wish the program to automatically detect it. (e.g. --dir /etc/)
  --file FILE  the name of the configuration file, leave blank if you wish the program to automatically detect it. (e.g. --file xxx.conf)

An example of checking MongoDB with configuration file /etc/mongodb.conf

$ # both commands are equivalent
$ sudo python3 main.py mongodb
$ sudo python3 main.py mongodb --dir '/etc' --file mongodb.conf 
[INFO]    Evaluating /etc/mongodb.conf
[DEBUG]   Using MongoDB <= 2.4 conf file format (INI)
[INFO]    Checking exposure...
[DEBUG]   The instance is only exposed on internal IP: 127.0.0.1
[INFO]    Checking setting of authentication...
[ISSUE]   No authorization is enabled in configuration file. 
[RECOMM]  Consider setting auth = true in configuration file(s) based on your context.
[INFO]    Checking code execution issue...
[ISSUE]   JS code execution is enabled in configuration file.
[RECOMM]  Consider setting noscripting = true in configuration file(s) based on your context.
[INFO]    Checking object check issue...
[ISSUE]   Object check is not enabled in configuration file.
[RECOMM]  Consider setting noscripting = true in configuration file(s) based on your context.

Checks:

  • exposure
  • authorization
  • js code execution
  • object check

MySQL / MariaDB

$ python3 main.py mysql -h
usage: main.py mysql [-h] [--password PASSWORD] [--username USERNAME] [--host HOST] [--port PORT]

optional arguments:
  -h, --help           show this help message and exit
  --password PASSWORD  Password of root account []
  --username USERNAME  Username of root account [root]
  --host HOST          Username of root account [127.0.0.1]
  --port PORT          Port of MySQL server [3306]

An example of checking MySQL:

$ # both commands are equivalent
$ python3 main.py mysql
$ python3 main.py mysql --host "127.0.0.1" --port 3306 --username root --password ""
[INFO]    Checking authentication...
[WARNING] User na3 is exposed to the internet (0.0.0.0)
[INFO]    Would you like to perform weak-password check? This may create high traffic load for MySQL server. (i.e. Do not perform this when there is already high traffic.)
Type Y/y to perform this action and anything else to skip [Y]x
[WARNING] User root is exposed to the internet (0.0.0.0)
[INFO]    Would you like to perform weak-password check? This may create high traffic load for MySQL server. (i.e. Do not perform this when there is already high traffic.)
Type Y/y to perform this action and anything else to skip [Y]x
[WARNING] User shou is exposed to the internet (0.0.0.0)
[INFO]    Would you like to perform weak-password check? This may create high traffic load for MySQL server. (i.e. Do not perform this when there is already high traffic.)
Type Y/y to perform this action and anything else to skip [Y]y
[WARNING] Weak password 123 set by user shou with host %
[INFO]    Checking obsolete accounts...
[DEBUG]   Obsolete account 'test' is deleted
[DEBUG]   Obsolete account '' is deleted
[INFO]    Checking useless database...
[DEBUG]   All useless DBs are deleted
[INFO]    Checking load file func...
[DEBUG]   --secure-file-priv is enabled
[INFO]    Checking global grants...
[WARNING] Setting references_priv = N is for user shou with host %
...
[DEBUG]   Skipping privilege checking for root/internal account
[DEBUG]   Skipping privilege checking for root/internal account
[DEBUG]   Skipping privilege checking for root/internal account
[DEBUG]   Skipping privilege checking for root/internal account
[DEBUG]   Skipping privilege checking for root/internal account
[INFO]    Checking database grants...
[DEBUG]   Skipping database privilege checking for root/internal account
[DEBUG]   Skipping database privilege checking for root/internal account

Checks:

  • authentication (exposure + weak password)
  • obsolete accounts
  • useless database
  • load file func
  • global grants
  • db grants

Hadoop

$ python3 main.py hadoop -h
usage: main.py hadoop [-h] [--dir]

optional arguments:
  -h, --help           show this help message and exit
  --dir DIR    the dir of configuration files, leave blank if you wish the program to automatically detect it. (e.g. --dir /etc/)

An example of checking Hadoop:

$ # both commands are equivalent
$ python3 main.py hadoop
$ python3 main.py hadoop --dir "/etc/hadoop/"
[INFO]    Evaluating directory /etc/hadoop/
[INFO]    /etc/hadoop/mapred-site.xml not found, skipped.
[INFO]    /etc/hadoop/yarn-site.xml not found, skipped.
[INFO]    Checking web portal cross origin policy
[DEBUG]   CORS is off
[INFO]    Checking SSL
[ISSUE]   SSL is disabled.
[RECOMM]  Consider setting hadoop.ssl.enabled = true in configuration file(s) based on your context.
[INFO]    Checking global access control
[ISSUE]   Everyone can access the instance
[RECOMM]  Consider setting hadoop.security.authentication = kerberos in configuration file(s) based on your context.
[ISSUE]   Authorization is not enabled
[RECOMM]  Consider setting hadoop.security.authorization = true in configuration file(s) based on your context.
[INFO]    Checking web portal access control
[ISSUE]   Everyone can access the web portal
[RECOMM]  Consider setting hadoop.http.authentication.type = kerberos in configuration file(s) based on your context.
[ISSUE]   Anonymous is allowed to access web portal.
[RECOMM]  Consider setting hadoop.http.authentication.simple.anonymous.allowed = false in configuration file(s) based on your context.
[INFO]    Checking registry access control
[DEBUG]   Registry is not enabled. 
[INFO]    Checking hdfs permission
[DEBUG]   HDFS permission system is enabled.
[ISSUE]   HDFS ACLs is not enabled.
[RECOMM]  Consider setting dfs.namenode.acls.enabled = true in configuration file(s) based on your context.
[INFO]    Checking export range
[ISSUE]   NFS is exposed to internet for read and write.
[RECOMM]  Consider setting  / qualify nfs.exports.allowed.hosts in configuration file(s) based on your context.

Checks:

  • CORS policy
  • SSL
  • global access control
  • web portal access control
  • registry access control
  • hdfs access control
  • hdfs exposure

Spark

Advisory

$ python3 main.py spark -h
usage: main.py spark [-h] [--file FILE]

optional arguments:
  -h, --help   show this help message and exit
  --file FILE  the name of the configuration file, leave blank if you wish the program to automatically detect it. (e.g. --file /etc/xxx.conf)

An example of checking Spark:

$ # both commands are equivalent
$ python3 main.py spark
$ python3 main.py spark --file "/etc/spark/spark-defaults.conf"
[INFO]    Assuming no configuration property has been changed by CLI or SparkConf object
[INFO]    Evaluating file /etc/spark/spark-defaults.conf
[INFO]    Checking ACL
[ISSUE]   Access control not enabled for web portal
[RECOMM]  Consider setting spark.acls.enable = true in configuration file(s) based on your context.
[ISSUE]   Access control not enabled for history server
[RECOMM]  Consider setting spark.history.ui.acls.enable = true in configuration file(s) based on your context.
[INFO]    Checking XSS
[DEBUG]   XSS protection is enabled
[DEBUG]   CORB protection is enabled
[INFO]    Checking SSL
[ISSUE]   SSL is not enabled
[RECOMM]  Consider setting spark.ssl.enable = true in configuration file(s) based on your context.
[INFO]    Checking encryption
[ISSUE]   Network encryption is not enabled
[RECOMM]  Consider setting spark.network.crypto.enable = true in configuration file(s) based on your context.
[ISSUE]   Disk encryption is not enabled
[RECOMM]  Consider setting spark.io.encryption.enable = true in configuration file(s) based on your context.
[INFO]    Checking web ui authentication
[ISSUE]   Everyone can visit the instance
[RECOMM]  Consider setting spark.authenticate = true in configuration file(s) based on your context.
[INFO]    Checking logging
[ISSUE]   Logging is not enabled
[RECOMM]  Consider setting spark.eventLog.enabled = true in configuration file(s) based on your context.

Checks:

  • ACL
  • XSS protection
  • CORB protection
  • SSL
  • network encryption
  • disk encryption
  • web ui authentication
  • logging
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].