siemens

Compliance Service

export database

pg_dump.exe -h localhost -U <user name> <database name>><路径>/pg.sql

import database

psql -U <user name> <database name> < <路径>/pg.sql

connect to database

format

https://blog.csdn.net/mxw968/article/details/90900433

insert data example

ALTER TABLE config ALTER COLUMN cid SET default nextval('public.cid');
INSERT INTO config 
	(timestamp, id, os, lang, rule_id, data, type, param)
VALUES
	(now(),	2, 'debain10',	'Chinese', 'BL999_8949', '{masked}',	0,	'{"systemctl is-enabled ctrl-alt-del.target"}'),
	(now(), 2, 'debain10',	'Chinese', 'BL999_7387', '{"fs.protected_symlinks = 1","fs.protected_hardlinks = 1"}',	0,	'{"sysctl fs.protected_symlinks","sysctl fs.protected_hardlinks"}'),
    (now(), 2, 'debain10',	'Chinese', 'BL999_3597', '{""}',	0,	$${"if echo $PATH | grep -q \\''::\\'' ; thenntecho \\''Empty Directory in PATH (::)\\''n  fin  if echo $PATH | grep -q \\'':$\\'' ; thenntecho \\''Trailing : in PATH\\''n  fin  for x in $(echo $PATH | tr \\'':\\'' \\'' \\'') ; dontif [ -d \\''$x\\'' ] ; thennt  ls -ldH \\''$x\\'' | awk nt  $9 == \\''.\\'' {print \\''PATH contains current working directory (.)\\''}nt  $3 != \\''root\\'' {print $9, \\''is not owned by root\\''}nt  substr($1,6,1) != \\''-\\'' {print $9, \\''is group writable\\''}nt  substr($1,9,1) != \\''-\\'' {print $9, \\''is world writable\\''} ntelsent  echo \\''$x is not a directory\\''ntfin  done"}$$),
	(now(), 2, 'debain10',	'Chinese', 'BL999_4000', '{""}',	0,	'{"mount | grep -E ''\\\\s/dev/shm\\\\s'' | grep -v nosuid"}'),
	(now(), 2, 'debain10',	'Chinese', 'BL999_6629', '{0644,0,0}',	1,	'{"stat /etc/issue"}'),
	(now(), 2, 'windows10',	'Chinese', 'BL696_0086', '{1}',	0,	'{"Machine\\\\System\\\\CurrentControlSet\\\\Control\\\\SCMConfig:EnableSvchostMitigationPolicy"}'),
	(now(), 2, 'windows10',	'Chinese', 'BL696_7921', '{1,2}',	0,	'{"Machine\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\SettingSync:DisableCredentialsSettingSync", "Machine\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\SettingSync:DisableCredentialsSettingSyncUserOverride"}'),   
	(now(),	2, 'windows10',	'Chinese', 'BL696_0461', null,	0,	'{"Xbox Live 网络服务"}'),
	(now(),	2, 'windows10',	'Chinese', 'BL696-0711', '{1,AllSigned}',	0,	'{"Machine\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\PowerShell:EnableScripts","Machine\\\\Software\\\\Policies\\\\Microsoft\\\\Windows\\\\PowerShell:ExecutionPolicy"}');

key Sequence

ALTER TABLE table_nam ALTER COLUMN table_column SET default nextval('sequence_name');
eg.ALTER TABLE config ALTER COLUMN cid SET default nextval('public.cid');

TRUNCATE table_name RESTART IDENTITY;
eg.TRUNCATE config RESTART IDENTITY;

remote getCS

PostgreSQL\13\data\pg_hba.conf add: host all all IP Address/24 scram-sha-256

remote getES

elasticsearch.yml add: network.host: 0.0.0.0

注意

sql文件（插入到数据库中的脚本文件）和本地的基线配置文件中的服务都是基于windows系统中的显示决定的， 即根据显示名称而非服务名称，这是beat采用cmd命令的采集方法所导致的