Я пишу сценарий аудита, который сначала собирает информацию на сервере Linux, а затем подключается к экземпляру DB2 v10 через CLI db2 для выполнения запросов. Отлично работает с одной базой данных на сервере. Я создал другую базу данных и запустил скрипт. Теперь мои результаты смешивают ответы из обеих баз данных.

Я попытался подключиться к первой базе данных через DB2 CLI и запустить сценарий, но результаты все еще неоднозначны. Как я могу получить результаты для каждой базы данных или иным образом четко указать, какой результат из какой базы данных, когда это необходимо? У меня не будет заранее названий баз данных, потому что я внешний аудитор.

Ниже приведен фрагмент кода, который я запускаю после того, как получил информацию о локальном сервере Linux/AIX и начал подключаться к DB2:

echo "=============================="  >> $working_dir/$logfile ;

for i in `db2 list db directory | grep 'Database name' | awk '{print $4}'`;

do

echo "=============================="  >> $working_dir/$logfile ;
echo "Checking Database State"      >> $working_dir/$logfile ;
echo "==============================="  >> $working_dir/$logfile ;

state=$(db2 get db cfg for $i | grep 'HADR database role' | awk '{print $5}');

echo "Current state is $state"  >> $working_dir/$logfile ;

if [ $state = "STANDBY"  ]

then

echo "THIS DATABASE IS THE STANDBY, THIS OPERATION SHOULD BE PERFORMED ON THE PRIMARY"  >> $working_dir/$logfile

else
echo "========================="  >> $working_dir/$logfile ;
echo "CONNECTING TO DATABASE "    >> $working_dir/$logfile ;
echo "========================="  >> $working_dir/$logfile ;

db2  connect to $i  >> $working_dir/$logfile ;

echo "===================================="  >> $working_dir/$logfile ;
echo "5. NODE DIRECTORIES"                   >> $working_dir/$logfile ;
echo "===================================="  >> $working_dir/$logfile ;

db2 list node directory show detail  >>$working_dir/$logfile ;


echo "=============================="  >> $working_dir/$logfile ;
echo "6. DATABASES ON THIS SERVER"     >> $working_dir/$logfile ;
echo "=============================="  >> $working_dir/$logfile ;

db2 list db directory  >>$working_dir/$logfile ;

echo "===================================="  >> $working_dir/$logfile ;
echo "7. AUDIT PARAMETERS IN THE DATABASE"  >> $working_dir/$logfile ;
echo "===================================="  >> $working_dir/$logfile ;

db2audit describe  >> $working_dir/$logfile ;

echo "================================================"  >> $working_dir/$logfile ;
echo "8. CURRENT LEVEL OF INSTALLED DATABASE SOFTWARE"  >> $working_dir/$logfile ;
echo "================================================"  >> $working_dir/$logfile ;

db2level  >> $working_dir/$logfile ;

echo "================================================="  >> $working_dir/$logfile ;
echo "9. APPLICATIONS CURRENTLY ACCESSING THE DATABASE"  >> $working_dir/$logfile ;
echo "================================================="  >> $working_dir/$logfile ;

db2 list applications  >> $working_dir/$logfile ;

echo "===================================="  >> $working_dir/$logfile ;
echo  "10. DATABASE DBA-LEVEL ASSIGNMENTS"   >> $working_dir/$logfile ;
echo "===================================="  >> $working_dir/$logfile ;

db2 "select char(grantee,15) as grantee, char(granteetype,1) as type, char(dbadmauth,1) as dbadmin,
char(securityadmauth,1) as secadmin, char(sqladmauth,1) as sqladmin, char(dataaccessauth,1) as
 access, char(accessctrlauth,1) as accessctrl, char(wlmadmauth,1) as wlmadmin, char(loadauth,1) as load, 
char(createtabauth,1) as createtable, char(bindaddauth,1) as bindadd, char(connectauth,1) as connect, 
char(implschemaauth,1) as implschema, char(libraryadmauth,1) as libadmin from syscat.dbauth" order by grantee  >> $working_dir/$logfile ;

echo "=============================================="  >> $working_dir/$logfile ;
echo " 11. PASSTHROUGH ACCESS FROM OTHER DATABASES"  >> $working_dir/$logfile ;
echo "=============================================="  >> $working_dir/$logfile ;

db2 "select char(grantor,8) as grantor, char(grantortype,1) as type,
char (grantee,15) as grantee, char (granteetype,1) as grantee_type, char(servername,8) as servername
from SYSCAT.PASSTHRUAUTH"  >> $working_dir/$logfile ;

echo "============================================="  >> $working_dir/$logfile ;
echo " 12. ROLES AND MEMBERS IN THE DATABASE"  >> $working_dir/$logfile ;
echo "============================================="  >> $working_dir/$logfile ;

db2 "select char(grantor,8) as grantor, char(grantortype,1) as type,
char(grantee,8) as grantee, char(granteetype,1) as grantee_type, char(rolename,15) as role_name, char(admin,1) as admin from SYSCAT.ROLEAUTH" order by grantee  >> $working_dir/$logfile ;

echo "==============================================================="  >> $working_dir/$logfile ;
echo "13. DISTINCT OWNERS OF TABLES (Should Not Be Public or Users)"  >> $working_dir/$logfile ;
echo "==============================================================="  >> $working_dir/$logfile ;

db2 "select distinct owner from SYSCAT.TABLES"  >> $working_dir/$logfile ;

echo "=================================="  >> $working_dir/$logfile ;
echo "14. ACCESS LEVEL TO SYSTEM TABLES"  >> $working_dir/$logfile ;
echo "=================================="  >> $working_dir/$logfile ;

db2 "select char(grantor,8) as grantor, char(grantee,8) as grantee, char(ttname,33) as tablename, char(controlauth,1) as control, char(alterauth,1) as alter, char(deleteauth,1) as delete, char(insertauth,1) as insert, char(selectauth,1) as select, char(granteetype,1) as grantee_type from sysibm.systabauth 
where grantee not in ('DB2INST1')"  order by grantee  >> $working_dir/$logfile ; 

echo "====================="  >> $working_dir/$logfile ;
echo "15. LIST ALL SCHEMAS"  >> $working_dir/$logfile ;
echo "====================="  >> $working_dir/$logfile ;

db2 "select char(schemaname,15) as name, char(owner,10) as owner, char(auditpolicyname,12) as auditpolicy from syscat.schemata" >> $working_dir/$logfile ;

echo "======================="  >> $working_dir/$logfile ;
echo "16. ACCESS TO SCHEMAS"    >> $working_dir/$logfile ;
echo "======================="  >> $working_dir/$logfile ;

db2 "SELECT char(GRANTOR,8) as grantor, char(grantee,12) as grantee, char(granteetype,1) as type, 
char(schemaname, 10) as schema_name, char(alterinauth,1) as alter, char(createinauth,1) as create, 
char(dropinauth,1) as drop from syscat.schemaauth" order by grantee >> $working_dir/$logfile ;

echo "==================================="  >> $working_dir/$logfile ;
echo "17. DATABASE CONFIGURATION"           >> $working_dir/$logfile ;
echo "===================================="  >> $working_dir/$logfile ;

db2 get db cfg  >>$working_dir/$logfile ;

echo "==================================="  >> $working_dir/$logfile ;
echo "18. DATABASE MANAGER CONFIGURATION"   >> $working_dir/$logfile ;
echo "===================================="  >> $working_dir/$logfile ;

db2 get database manager configuration  >>$working_dir/$logfile ;

echo "=========================================="  >> $working_dir/$logfile ;
echo "19. PUBLIC ACCESS TO SYSTEM CATALOG VIEWS"   >> $working_dir/$logfile ;
echo "=========================================="  >> $working_dir/$logfile ;

db2 "select char(grantee,8) as grantee, char(ttname,30) as table from sysibm.systabauth where tcreator='SYSCAT' and grantee='PUBLIC'"  >>$working_dir/$logfile ;

echo "================================"  >> $working_dir/$logfile ;
echo "20. ACCESS TO SYSTEM TABLESPACE"   >> $working_dir/$logfile ;
echo "================================"  >> $working_dir/$logfile ;

db2 "select char(grantee,8) as grantee, char(tbspace,10) as tablespace from sysibm.systbspaceauth where grantee='PUBLIC'"  >>$working_dir/$logfile ;

echo "=============================="  >> $working_dir/$logfile ;
echo "21. USE OF SYSTEM TABLESPACE"    >> $working_dir/$logfile ;
echo "=============================="  >> $working_dir/$logfile ;

db2 "select char(tabschema,8)as tableschema, char(tabname,8) as tablename, char(tbspace,10) as tablespace from syscat.tables where tabschema not in ('ADMINISTRATOR','SYSIBM','SYSTOOLS') and tbspace in ('SYSCATSPACE','SYSTOOLSPACE','SYSTOOLSTMPSPACE','TEMPSPACE')"  >>$working_dir/$logfile ;



echo "++++++++++++++++++++++++++++++SCRIPT COMPLETED+++++++++++++++++++++++++++++"  >> $working_dir/$logfile ;

db2 terminate 


fi


echo "";

done

echo "Audit Ended `date`" >> $working_dir/$logfile

2 ответа2

0

Если вы просто хотите записать имя базы данных в отчетах ($ logfile), тогда у вас уже есть имя базы данных в вашем скрипте (в переменной управления циклом $ i).

Если вам нужен один $ logfile (включающий все базы данных, что представляется сомнительным решением), тогда эхо-колонтитулы выводятся в $ logfile после успешного соединения db и после отсоединения /connect-reset из этой базы данных. Все, что находится между заголовком и нижним колонтитулом, будет относиться к этой базе данных

Другой вариант - иметь один $ logfile на базу данных, например, $ dbname. $ Logfile, что может быть проще, особенно если владельцы баз данных предназначены для разных групп / сфер ответственности в организации.

0

Один из способов, которые я сделал, заключается в следующем.

os_info=$h_name,$os_name,$os_mversion


# paragraph grep'ing is not possible in Linux, use Perl version
db2 list db directory | perl -00ne 'if ($_ =~ /Indirect/) {chomp($_); printf "%s\n",$_}' | grep -i alias|awk {'print $4'} | while read DB_NAME
do

    db2 connect to $DB_NAME >>/dev/null
    is_connected=$(db2 connect to $DB_NAME | awk {'print $1'} | head -1)
    #echo $is_connected
    if [ "$is_connected" = "SQL1776N" ]; then
            echo '-1, *HADR Secondary*' > xcvsfdgerwersdfs.dat
    else
            db2 "CALL GET_DBSIZE_INFO(?, ?, ?, -1)" | grep "Parameter Value" | head -2 | tail -1 | awk '{print $4}' > xcvsfdgerwersdfs.dat
    fi

    db_size=$(cat xcvsfdgerwersdfs.dat)
    echo $os_info,$db2_version,$DB2INSTANCE,$DB_NAME,$db_size

done

У меня есть базы данных в Linux и AIX, поэтому я использую фрагменты Perl для определенных вещей. Я использую каталог DB2, чтобы найти / идентифицировать доступные БД и собрать их информацию.

Всё ещё ищете ответ? Посмотрите другие вопросы с метками .