■ docker ps --format "table {{.Names}}\t{{.Ports}}"
appdefender_backend_jobs_1 8080/tcp
haproxy 0.0.0.0:1936->1936/tcp, 0.0.0.0:4321->4321/tcp, 0.0.0.0:8443-8444->8443-8444/tcp
rsyslog_defender 0.0.0.0:514->514/tcp, 0.0.0.0:1999->1999/tcp
appdefender_command_channel_1 0.0.0.0:32768->8080/tcp
appdefender_edge_1 0.0.0.0:32770->4321/tcp
appdefender_registrator_1
consul 53/tcp, 0.0.0.0:8300->8300/tcp, 0.0.0.0:8400->8400/tcp, 8301-8302/tcp, 0.0.0.0:8500->8500/tcp, 8301-8302/udp, 0.0.0.0:8600->53/udp
appdefender_kafka_1 0.0.0.0:9092->9092/tcp
appdefender_storm_supervisor_1 22/tcp, 6700-6703/tcp, 8000/tcp
storm_nimbus 22/tcp, 0.0.0.0:6627->6627/tcp
appdefender_zookeeper_1 0.0.0.0:2181->2181/tcp, 0.0.0.0:2888->2888/tcp, 0.0.0.0:3888->3888/tcp
appdefender_ui_customer_1 0.0.0.0:32769->8080/tcp
appdefender_cassandra_1 7001/tcp, 0.0.0.0:7000->7000/tcp, 7199/tcp, 0.0.0.0:9042->9042/tcp, 9160/tcp
postgres 0.0.0.0:5432->5432/tcp
■ docker ps | wc -l
15
■ 로그 확인 (최근 한달)
docker logs --since 44640m --details appdefender_backend_jobs_1 2>&1 | grep -E "ERR|FATAL"
docker logs --since 44640m --details haproxy 2>&1 | grep -E "ERR|FATAL"
docker logs --since 44640m --details rsyslog_defender 2>&1 | grep -E "ERR|FATAL"
docker logs --since 44640m --details appdefender_command_channel_1 2>&1 | grep -E "ERR|FATAL"
docker logs --since 44640m --details appdefender_edge_1 2>&1 | grep -E "ERR|FATAL"
docker logs --since 44640m --details appdefender_registrator_1 2>&1 | grep -E "ERR|FATAL"
docker logs --since 44640m --details consul 2>&1 | grep -E "ERR|FATAL"
docker logs --since 44640m --details topologies 2>&1 | grep -E "ERR|FATAL"
docker logs --since 44640m --details appdefender_kafka_1 2>&1 | grep -E "ERR|FATAL"
docker logs --since 44640m --details appdefender_storm_supervisor_1 2>&1 | grep -E "ERR|FATAL"
docker logs --since 44640m --details storm_nimbus 2>&1 | grep -E "ERR|FATAL"
docker logs --since 44640m --details appdefender_zookeeper_1 2>&1 | grep -E "ERR|FATAL"
docker logs --since 44640m --details appdefender_ui_customer_1 2>&1 | grep -E "ERR|FATAL"
docker logs --since 44640m --details db_migrations 2>&1 | grep -E "ERR|FATAL"
docker logs --since 44640m --details appdefender_cassandra_1 2>&1 | grep -E "ERR|FATAL"
docker logs --since 44640m --details postgres 2>&1 | grep -E "ERR|FATAL"
■ docker 컨테이너 쉘 진입
docker exec -it appdefender_backend_jobs_1 /bin/bash
docker exec -it haproxy /bin/bash
docker exec -it rsyslog_defender /bin/bash
docker exec -it appdefender_command_channel_1 /bin/bash
docker exec -it appdefender_edge_1 /bin/bash
docker exec -it appdefender_registrator_1 /bin/bash
docker exec -it consul /bin/bash
docker exec -it topologies /bin/bash
docker exec -it appdefender_kafka_1 /bin/bash
docker exec -it appdefender_storm_supervisor_1 /bin/bash
docker exec -it storm_nimbus /bin/bash
docker exec -it appdefender_zookeeper_1 /bin/bash
docker exec -it appdefender_ui_customer_1 /bin/bash
docker exec -it db_migrations /bin/bash
docker exec -it appdefender_cassandra_1 /bin/bash
docker exec -it postgres /bin/bash
■ docker 컨테이너 IP주소 알아내기
docker inspect appdefender_backend_jobs_1 | grep "IPAddress"
docker inspect haproxy | grep "IPAddress"
docker inspect rsyslog_defender | grep "IPAddress"
docker inspect appdefender_command_channel_1 | grep "IPAddress"
docker inspect appdefender_edge_1 | grep "IPAddress"
docker inspect appdefender_registrator_1 | grep "IPAddress"
docker inspect consul | grep "IPAddress"
docker inspect topologies | grep "IPAddress"
docker inspect appdefender_kafka_1 | grep "IPAddress"
docker inspect appdefender_storm_supervisor_1 | grep "IPAddress"
docker inspect storm_nimbus | grep "IPAddress"
docker inspect appdefender_zookeeper_1 | grep "IPAddress"
docker inspect appdefender_ui_customer_1 | grep "IPAddress"
docker inspect db_migrations | grep "IPAddress"
docker inspect appdefender_cassandra_1 | grep "IPAddress"
docker inspect postgres | grep "IPAddress"
■ postgreSQL
# docker ps | grep postgres
# docker exec -it postgres /bin/bash
###########################################################
#
# 여기부터 postgres의 docker 내부...
#
###########################################################
# su - postgres
$ psql db_appdefender -U postgres
-- Database 조회
\list
-- 현재 DB의 전체 스키마 조회
SELECT NSPNAME FROM PG_CATALOG.PG_NAMESPACE;
-- 전체 테이블 조회
SELECT TABLENAME FROM PG_TABLES;
-- 모든 스키마와 테이블 보기
SELECT TABLE_SCHEMA,TABLE_NAME FROM INFORMATION_SCHEMA.TABLES ORDER BY TABLE_SCHEMA,TABLE_NAME;
-- 끝내기
\q
-- Application Defender 테이블 조회
SELECT * FROM auth_data.hp_sso_license;
SELECT * FROM auth_data.integration;
SELECT * FROM auth_data.invalid_cat_door_token;
SELECT * FROM auth_data.nonce;
SELECT * FROM auth_data.role;
SELECT * FROM auth_data.tenant;
SELECT * FROM auth_data.tenant_metrics;
SELECT * FROM auth_data.user_account;
SELECT * FROM auth_data.user_role;
SELECT * FROM global_metadata.agent_binary_version;
SELECT * FROM global_metadata.blacklisted_domain;
SELECT * FROM global_metadata.category_snapshot;
SELECT * FROM global_metadata.certificate_config;
SELECT * FROM global_metadata.defender_version;
SELECT * FROM global_metadata.global_blobs;
SELECT * FROM global_metadata.language_snapshot;
SELECT * FROM global_metadata.rulepack_category;
SELECT * FROM global_metadata.rulepack_parameter;
SELECT * FROM global_metadata.rulepack_version;
SELECT * FROM global_metadata.schema_version;
SELECT * FROM global_metadata.snapshot_instance;
SELECT * FROM global_metadata.system_config;
SELECT * FROM global_metadata.tenant_snapshot;
SELECT * FROM td3f1a94d8560493cb65250f2358c0c3b.tenant_config;
SELECT * FROM td3f1a94d8560493cb65250f2358c0c3b.security_log_setting;
SELECT * FROM td3f1a94d8560493cb65250f2358c0c3b.ping_record;
SELECT * FROM td3f1a94d8560493cb65250f2358c0c3b.notification_aud;
SELECT * FROM td3f1a94d8560493cb65250f2358c0c3b.notification;
SELECT * FROM td3f1a94d8560493cb65250f2358c0c3b.licensed_agent_delta;
SELECT * FROM td3f1a94d8560493cb65250f2358c0c3b.alert_definition_aud;
SELECT * FROM td3f1a94d8560493cb65250f2358c0c3b.alert_condition_aud;
SELECT * FROM td3f1a94d8560493cb65250f2358c0c3b.agent_system_environment;
SELECT * FROM td3f1a94d8560493cb65250f2358c0c3b.agent_states;
SELECT * FROM td3f1a94d8560493cb65250f2358c0c3b.agent_log_file;
SELECT * FROM td3f1a94d8560493cb65250f2358c0c3b.agent_group_custom_rulepack_version;
SELECT * FROM td3f1a94d8560493cb65250f2358c0c3b.agent_config;
SELECT * FROM td3f1a94d8560493cb65250f2358c0c3b.active_agent_count;
■ Vertica Database
▣ 테이블 목록 출력
SELECT SCHEMA_NAME, TABLE_NAME FROM ALL_TABLES WHERE TABLE_TYPE='TABLE';
schema_version
security_events
security_events_map
security_events_flownode
security_events_fn_trace
monitor_events_count
security_events_unexpected
monitor_events_unexpected
vulnerability
▣ 테이블 내용 조회
-- SCHEMA_VERSION.TABLE_NAME으로 테이블을 명시하여 SELECT
SELECT EVENT_TIMESTAMP, INSERT_TIMESTAMP, CATEGORY, SEVERITY, REQUEST_IP, REQUEST_PATH FROM TD3F1A94D8560493CB65250F2358C0C3B.SECURITY_EVENTS;
-- 스키마 삭제 (주의!!)
DROP SCHEMA IF EXISTS td3f1a94d8560493cb65250f2358c0c3b CASCADE;
-- 기간을 설정하여 검색
SELECT COUNT(*)
FROM td3f1a94d8560493cb65250f2358c0c3b.SECURITY_EVENTS
WHERE EVENT_TIMESTAMP >= '2018-01-01 00:00:00' AND
EVENT_TIMESTAMP < '2050-12-31 23:59:59';