通过ARM模板在Azure SQL数据库上启用审核设置

时间:2018-10-04 04:57:16

标签: azure azure-sql-database azure-resource-manager

我一直在研究用于部署SQL / XSS注入检测的模板。除了启用审核设置以外,其他一切都很好。 summary api 

{
  "name": "default",
  "type": "Microsoft.Sql/servers/databases/auditingSettings",
  "apiVersion": "2017-03-01-preview",
  "properties": {
    "state": "string",
    "storageEndpoint": "string",
    "storageAccountAccessKey": "string",
    "retentionDays": "integer",
    "auditActionsAndGroups": [
      "string"
    ],
    "storageAccountSubscriptionId": "string",
    "isStorageSecondaryKeyInUse": boolean
  }
}

我相信我已经遵循了这种结构。在这里查看我的In the docs I see the following:或代码段:

  - apiVersion: 2017-03-01-preview
    type: Microsoft.Sql/servers/auditingSettings
    name: "[concat(parameters('sqlServerName'), '/auditing-default')]"
    dependsOn:
      - "[resourceId('Microsoft.Sql/servers', parameters('sqlServerName'))]"
    properties:
      state: Enabled
      storageEndpoint: "[reference(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')),
        '2018-03-01-preview').PrimaryEndpoints.Blob]"
      storageAccountAccessKey: "[listKeys(resourceId('Microsoft.Storage/storageAccounts',
        parameters('storageAccountName')), '2018-03-01-preview').keys[0].value]"
      retentionDays: 0
      storageAccountSubscriptionId: "[subscription().subscriptionId]"
      isStorageSecondaryKeyInUse: false'

我看到服务器/数据库与类型的只是/ servers之间存在差异,但是我实际上是从Azure快速入门和full code here借用了以下代码,其中代码如下:< / p> 

{
        "apiVersion": "2017-03-01-preview",
        "type": "Microsoft.Sql/servers/auditingSettings",
        "name": "[concat(parameters('sqlServerName'), '/', 'default')]",
        "properties": {
          "state": "Enabled",
          "storageEndpoint": "[reference(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2018-03-01-preview').PrimaryEndpoints.Blob]",
          "storageAccountAccessKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName')), '2018-03-01-preview').keys[0].value]",
          "retentionDays": 0,
          "auditActionsAndGroups": null,
          "storageAccountSubscriptionId": "[subscription().subscriptionId]",
          "isStorageSecondaryKeyInUse": false
        }
      }

官方文档似乎没有有关在服务器级别添加auditingSettings的信息,但是这里的类型直接在服务器之下,所以我有点迷失了。我还没有研究过架构,但是对于这里可能发生的事情的任何帮助/指导将不胜感激!

3 个答案:

答案 0 :(得分:1)

我们最近发布了一个模板,该模板显示了如何在启用服务器审核的情况下部署Azure SQL Server。

完整的示例在这里:https://github.com/Azure/azure-quickstart-templates/tree/master/201-sql-auditing-server-policy-to-blob-storage

答案 1 :(得分:0)

对于那些寻求对Log Analytics工作区启用服务器级审核的指导的人,我发现了这个github link

答案 2 :(得分:0)

当其他答案返回 404 时,这里有一个完整的指令列表,用于获取在 ARM 中工作以在 SQL Server 级别进行审计的基础知识。因此,这将审核 SQL Server 中的所有数据库。

首先,为您的 SQL Server 和存储帐户的名称创建一个参数:

"sqlServerName": {
  "type": "string"
},
"auditingStorageAccountName": {
  "type": "string"
}

然后在您的资源部分创建一个存储帐户来存储您的审核记录,此示例将审核 blob 复制到配对区域 (RA-GRS)。有必要如图所示显式添加网络 ACL,以便 Azure 可以写入审核日志。此示例还使用存储帐户分配的密钥,但也可以使用托管标识:

{
  "type": "Microsoft.Storage/storageAccounts",
  "apiVersion": "2019-06-01",
  "name": "[parameters('auditingStorageAccountName')]",
  "location": "[resourceGroup().location]",
  "sku": {
    "name": "Standard_RAGRS",
    "tier": "Standard"
  },
  "kind": "StorageV2",
  "properties": {
    "networkAcls": {
      "bypass": "AzureServices",
      "virtualNetworkRules": [],
      "ipRules": [],
      "defaultAction": "Allow"
    },
    "supportsHttpsTrafficOnly": true,
    "allowBlobPublicAccess": false,
    "encryption": {
      "services": {
        "blob": {
          "keyType": "Account",
          "enabled": true
        }
      },
      "keySource": "Microsoft.Storage"
    },
    "accessTier": "Hot"
  }
},
...

最后自己添加审计设置——这个例子是针对在根添加的资源(即直接在“资源”:{}中),要将其作为子资源添加到 SQL Server 本身,类型需要只是“审核设置”。保留天数为零意味着审计记录将被无限期保留。有必要明确添加订阅 ID,否则在门户中查看时设置不会正确显示:

{
  "type": "Microsoft.Sql/servers/auditingSettings",
  "name": "default",
  "apiVersion": "2020-11-01-preview",
  "dependsOn": [
    "[resourceId('Microsoft.Sql/servers/', parameters('sqlServerName'))]",
    "[resourceId('Microsoft.Storage/storageAccounts', parameters('auditingStorageAccountName'))]"
  ],
  "properties": {
    "retentionDays": 0,
    "state": "Enabled",
    "storageEndpoint": "[reference(resourceId('Microsoft.Storage/storageAccounts', parameters('auditingStorageAccountName'))).primaryEndpoints.blob]",
    "storageAccountAccessKey": "[listKeys(parameters('auditingStorageAccountName'), '2019-06-01').keys[0].value]",
    "storageAccountSubscriptionId": "[subscription().subscriptionId]"
  }
},
...
相关问题
最新问题