Recently, the library deletion event made a lot of public, quickly on the B to have a look, eat, at the same time also read some DBA related knowledge, to share with you, incidentally write a script to change the RM command to achieve the Linux Recycle Bin mechanism.
Construction of data security guarantee system
How to effectively avoid and reduce the impact of similar events, the following are some suggestions for the construction of safety assurance system:
1. Account classification, authority and system setting
For example, researchers cannot operate the database itself, but can only update data items and carry out simple operation and maintenance operations through the page-level console. The operation of some sensitive tables or data items needs the approval of the supervisor.
2. Production environment management system
Ensure that every step of the operation is implemented and regulated. For example, when accessing the production environment, the general technical staff can only log in by specifying the machine and account number, and some logins need to be approved by the supervisor.
3. Machine room management system
4. Backup mechanism
Backup mechanism of different levels and dimensions, especially core data, can guarantee at least 2~3 copies of different machines and remote backups.
5. Data snapshot mechanism
Enforce data snapshots that the average person cannot directly modify or interfere with.
6. Real-time monitoring and alarm
For example, the use of big data and AI to achieve intelligent risk control, when frequently involved in the operation of sensitive data, give alarm, pause (5~30 minutes), go through the approval process and other risk control strategies.
7. Safety awareness and warning training
Periodically conduct publicity and warning training, especially the presentation of real cases.
8. Online security assessment
By the company’s own questions, in the form of multiple single choice and multiple choice for the online full examination. In fact, this system has been very common in some big companies, such as the well-known several Internet giants.
Author: He Dingyuan
Link: https://www.zhihu.com/questio…
Source: Zhihu
Realize the Recycle Bin mechanism under Linux
Write a script to replace the rm command by moving the file to the Recycle Bin (a specified folder) when the rm command is executed. Set the alias to the.bashrc file instead of the rm command. Set the timer task to clean up the Recycle Bin on a regular basis.
.
The function of the bashrc file:Mainly save some personal personalization Settings, such as command alias, path, etc. That is, on the same server, only the personalization of a user is relevant. Each time you modify.bashrc, use source ~/.bashrc (or.~ /.bashrc) to immediately load the modified Settings into effect. Typically,.bashrc is called explicitly in the.bash_profile file. When you log on to Linux and start bash, the first thing you do is read the ~/.bash_profile file, so that the ~/.bashrc is executed and the user’s personalization takes effect.
1. Create a hidden Recycle Bin folder
mkdir ~/.recycleBin
Write Recyclebin.sh script for recycling station
#! /bin/bash if [[ $1 != '/' && $1 ]]; then mv $1 ~/.recycleBin/ echo '['$1'] put into the recycle bin! '; else echo 'false:can not rm /'; fiGive scripts executable permissions
chmod a+x recycleBin.sh3, realize the rm command and recycleBin. Sh scripts of binding
vim ~/.bashrc
Recyclebin.sh: Recyclebin.sh: Recyclebin.sh: Recyclebin.sh: Recyclebin.sh: Recyclebin.sh: Recyclebin.sh
Enter the source ~/.bashrc command to make the alias effective immediately.
Then let’s test it out, try deleting a file with rm, and go to the Recycle Bin folder
Every Monday, clean up the 7 day old files in the Recycle Bin
0 3 * * 1 find ~/.recycleBin/ -type f -mtime +7 -exec rm -rf {} \; > /dev/null 2>&1Alias expands little knowledge:
Careful readers may have found that in the automatic cleaning of the Recycle Bin file command: used the rm command, this is not we changed to move the file command, so that can also realize the function of cleaning the Recycle Bin? The answer is: yes!
Because the Alias extension is enabled by default in interactive mode,Script mode is off by default.
If you want to use an alias in your script, you need to execute: source ~/.bash_rc first
Check if the alias extension is enabled in the shell script by default:
shopt expand_aliasesAlias extension is enabled in the shell:
shopt -s expand_aliases
* Use SAFE – RM instead of unsafe RM *
If the above steps are cumbersome, there is a simple way to implement the above basic functions. Install SAFE – RM. The steps are as follows:
1. Download
Official website to download address: https://launchpad.net/safe-rm
2. Install
1) unzip the safe – rm
Tar ZXF safe - rm - 0.12. Tar. Gz(2) Copy safe-rm to /usr/local/bin
Cp safe - rm 0.12 / safe - rm/usr/local/bin/rm3. Add environment variables
vim /etc/profileAdd it on the last line
PATH=/usr/local/bin:$PATHSave to allow it to take effect
source /etc/profile4. Configuration
Configure path blacklist
vim /etc/safe-rm.conf/ /* /bin /boot /dev /etc /home /initrd /lib/proc/root /sbin /sys/usr/usr/bin/usr/include/usr/usr/lib/usr/bin/usr/include/usr/lib/usr/bin/usr/include /usr/local /usr/local/bin /usr/local/include /usr/local/sbin /usr/local/share /usr/sbin /usr/share /usr/src /var5. Test
The test deletes the Test folder
mkdir /root/test Display cannot be deleted
safe-rm: skipping /root/test
Refer to the article
1, the micro union system is deleted by the staff library, how serious is this matter? He Dingyuan’s answer – Zhihu
https://www.zhihu.com/questio…
2. Recycle bin mechanism under Linux:
https://cloud.tencent.com/dev…
3, Linux terminal command rm to delete the file into the recycle bin implementation method:
https://www.iteye.com/blog/ye…
Wish you success in your work and cheer up.
[program ape hard core popular science] series is the use of leisure time in the evening in half an hour to an hour to complete the popular science type article, do not understand to search information, learn to make notes, aimed at overcoming procrastination. The article may have many omissions, please correct!
Hao Coding public number
Java, database, front-end related
[program ape hard core science] series
2020 interview bible, Linux tutorial
Long press to identify the QR code attention
▼
Highlights from the past
▼
[program ape hard core popular science] Linux Shell programming miscellaneous notes
[program ape core science] recommended a very easy to use terminal tools Xshell and its use tutorial
Linux command Crontab – timed tasks
2020Java interview bible – JavaSE basics
Every “like” you point, I take it seriously