해당 스크립트는 회사에서 자동화를 위해 직접 작성한 것이고, 작성 시기는 3년전 입니다.
(현재의 회사에서는 AWS를 사용하지 않아요.)
사용 할 경우 검토하여 수정해서 사용하시기 바랍니다.
첨부파일은 확장자는 sh로 변경해서 사용하시면 됩니다.
#!/bin/bash
# Made By KSM
#----------------------------------------------------------------------------------------------#
# macOS에서 실행할 경우 필요한 설치 프로그램: coreutils, jq, aws cli #
# 사용법.txt 파일을 반드시 확인해 주시기 바랍니다. #
# 재배포는 상관 없지만, 작성자는 꼭 남겨주시기 바랍니다. #
#----------------------------------------------------------------------------------------------#
TODAY=`gdate +%Y%m%d`
YESTERDAY=`gdate +%Y%m%d -d yesterday`
#REGION_ID=("us-east-1" "us-east-2" "us-west-1" "us-west-2" "ap-south-1" "ap-northeast-2" "ap-northeast-1" "ap-southeast-2" "ap-southeast-1" "ca-central-1" "eu-central-1" "eu-west-1" "eu-west-2" "eu-west-3" "eu-north-1" "sa-east-1")
REGION_ID=("ap-northeast-2")
ADMIN=`aws iam list-virtual-mfa-devices | grep root-account-mfa-device -A 8 | grep UserName | sed -e 's/,//g' | sed -e 's/"//g' | awk '{ print $2 }'`
mkdir -p ${TODAY}/${ACCOUNT}/${REGION_ID}
touch ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "체크리스트 항목" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "[EC2 공통영역 - 계정보안] / (중요도)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ AWS-001: 키 페어 / (상)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ AWS-002: AWS 접근 패스워드 설정 / (상)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ AWS-003: Multi Factor 인증 / (중)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ AWS-004: 액세스 키 / (상)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ AWS-005: IAM(자격 증명 기반 정책) 계정 보안 / (하)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ AWS-006: IAM(자격 증명 기반 정책) 보안 정책 설정 (EC2/ECS/ECR) / (상)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "[EC2 공통영역 - 네트워크 보안] / (중요도)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ VPC-001: Security Group / (중)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ VPC-002: ACL / (중)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ VPC-003: NAT Gateway / (하)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ VPC-004: Internet Gateway / (하)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ VPC-005: Routing Tables / (중)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ VPC-006: Elastic IP / (하)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "[RDS 공통영역] / (중요도)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ RDS-001: RDS 리소스 액세스 권한 관리 / (중)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ RDS-002: RDS API 작업 권한 부여 / (중)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ RDS-003: 서브넷 가용 영역 / (하)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ RDS-004: IAM(자격 증명 기반 정책) 보안 정책 설정(RDS) / (상)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "[RDS 옵션정책 / (중요도)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ RDS-101: RDS 파라미터 관리 영역 설정 / (하)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ RDS-102: MariaDB/MySQL 감사 플러그인 설정 / (하) - 설정되어 있지 않아 점검 하지 않음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "[RDS 로깅] / (중요도)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ RDS-201: MariaDB/MySQL 보안 로그 설정 / (하) - 점검하지 않음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ RDS-202: MSSQL 보안 로그 설정 / (하) - 점검하지 않음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ RDS-203: Oracle 보안 로그 설정 / (하) - 해당되지 않아 점검하지 않음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ RDS-204: PostgreSQL 보안 로그 설정 / (하) - 점검하지 않음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "[S3 데이터보안] / (중요도)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ S3-001: 버킷 접근 보안 / (중)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ S3-002: 기본 암호화 설정 / (상)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ S3-003: 로그 파일의 수집 및 권한 설정 / (중)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ S3-004: IAM(자격 증명 기반 정책) 보안 정책 설정(S3) / (상)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "[중요도 설명]" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 상: 관리자 계정 및 주요 정보 유출로 인한 치명적인 피해 발생" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 중: 노출된 정보를 통해 서비스/시스템 관련 추가 정보 유출 발생 우려" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 하: 타 취약점과 연계 가능한 잠재적인 위협 내재" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "EC2 공통영역 - 계정보안" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "EC2 공통영역 - 계정보안"
#키 페어 점검
echo "AWS-001. 키 페어"
echo "AWS-001. 키 페어" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 키 페어를 관리하고 있는 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " - 키 페어의 삭제 기준 수립" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " - 사용하지 않고 있는 키 페어의 삭제" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 키 페어를 관리하고 있지 않은 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "AWS-001. 키 페어 점검 중"
#키 페어 정리 파일 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-001"
aws ec2 describe-key-pairs --output text > ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-001/key_pare.txt
KEY_PARE_COUNT=(`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-001/key_pare.txt | wc -l`)
KEY_PARE_ARR=(`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-001/key_pare.txt | awk -F " " '{print $3}'`)
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-001/key_pare.txt | awk -F " " '{print $3}' > ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-001/key_pare_diff1.txt
echo " ㅇ 키 페어 수량: ${KEY_PARE_COUNT}개" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
for i in ${KEY_PARE_ARR[@]}
do
echo " -" ${i} >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
done
aws ec2 describe-instances | grep KeyName | sed -e 's/\"//g' | sed -e 's/\,//g' | awk -F ": " '{ print $2 }' | sed -e 's/" "//g' | sort -f | uniq > ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-001/key_pare_diff2.txt
KEY_PARE_DIFF3_COUNT=(`diff -wu ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-001/key_pare_diff1.txt ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-001/key_pare_diff2.txt | grep -E "^\-[0-9,a-z,A-Z]" | sed 's/^-//g' | wc -l`)
KEY_PARE_DIFF3_ATRR=(`diff -wu ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-001/key_pare_diff1.txt ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-001/key_pare_diff2.txt | grep -E "^\-[0-9,a-z,A-Z]" | sed 's/^-//g'`)
echo "키 페어 전체 수량 확인 완료"
echo " ㅇ 사용하지 않는 키: ${KEY_PARE_DIFF3_COUNT}개" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "사용하지 않는 키 확인 중"
for i in ${KEY_PARE_DIFF3_ATRR[@]}
do
echo " -" ${i} >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
done
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "사용 하지 않는 키 확인 완료"
echo "AWS-001. 키 페어 점검 완료"
#패스워드 설정 정책
echo "AWS-002. AWS 접근 패스워드 설정"
echo "AWS-002. AWS 접근 패스워드 설정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 패스워드 복잡성 기준을 준수하였을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " - AWS Root Account의 패스워드 복잡성 기준 준수" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " - IAM 계정의 패스워드 복잡성 기준 준수" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 패스워드 복잡성 기준을 준수하지 않았을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " - AWS Root Account의 패스워드 복잡성 기준 미준수" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " - IAM 계정의 패스워드 복잡성 기준 미준수" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "AWS-002. AWS 접근 패스워드 설정 정책 점검 중"
#패스워드 정책 정리 파일 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002"
aws iam get-account-password-policy | grep " " | sed -e 's/^ //g' | sed -e 's/\"//g' | sed -e 's/\,//g' > ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep AllowUsersToChangePassword | wc -l ` ]; then
echo " ㅇ IAM 사용자가 자신의 암호를 변경할 수 있는가?(AllowUsersToChangePassword):" `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep AllowUsersToChangePassword | awk -F ": " '{ print $2 }'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep RequireLowercaseCharacters | wc -l ` ]; then
echo " ㅇ IAM 사용자 암호에 소문자를 요구하는가?(RequireLowercaseCharacters):" `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep RequireLowercaseCharacters | awk -F ": " '{ print $2 }'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep RequireUppercaseCharacters | wc -l ` ]; then
echo " ㅇ IAM 사용자 암호에 대문자를 요구하는가?(RequireUppercaseCharacters):" `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep RequireUppercaseCharacters | awk -F ": " '{ print $2 }'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep MinimumPasswordLength | wc -l ` ]; then
echo " ㅇ IAM 사용자 암호에 필요한 최소 길이는?(MinimumPasswordLength):" `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep MinimumPasswordLength | awk -F ": " '{ print $2 }'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep RequireNumbers | wc -l ` ]; then
echo " ㅇ IAM 사용자 암호에 숫자를 요구하는가?(RequireNumbers):" `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep RequireNumbers | awk -F ": " '{ print $2 }'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep PasswordReusePrevention | wc -l ` ]; then
echo " ㅇ IAM 사용자가 재사용 할 수없는 이전 암호의 수는?(PasswordReusePrevention):" `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep PasswordReusePrevention | awk -F ": " '{ print $2 }'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep HardExpiry | wc -l ` ]; then
echo " ㅇ IAM 사용자가 암호가 만료 된 후 새 암호를 설정할 수 없는가?(HardExpiry):" `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep HardExpiry | awk -F ": " '{ print $2 }'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep RequireSymbols | wc -l ` ]; then
echo " ㅇ IAM 사용자 암호에 특수기호를 요구하는가?(RequireSymbols):" `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep RequireSymbols | awk -F ": " '{ print $2 }'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep MaxPasswordAge | wc -l ` ]; then
echo " ㅇ IAM 사용자 암호가 유효한 일 수는?(MaxPasswordAge):" `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep MaxPasswordAge | awk -F ": " '{ print $2 }'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep ExpirePasswords | wc -l ` ]; then
echo " ㅇ 계정의 암호가 만료되는지 여부를 표시하는가?(ExpirePasswords):" `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-002/password_policy.txt | grep ExpirePasswords | awk -F ": " '{ print $2 }'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
echo "패스워드 정책 점검 완료"
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#Multi Factor 인증
echo "AWS-003. Multi Factor 인증"
echo "AWS-003. Multi Factor 인증" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ AWS 계정 및 IAM 사용자 계정 로그인 시 MFA가 활성화되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ AWS 계정 및 IAM 사용자 계정 로그인 시 MFA가 활성화되어 있지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#MULTI FACOTR 정책 정리 파일 폴더
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-003"
aws iam list-users | grep UserName | sed -e 's/^ //g' | sed -e 's/\"//g' | sed -e 's/\,//g' | awk -F " " '{ print $2 }' | sort -f > ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-003/user_list.txt
aws iam list-virtual-mfa-devices > ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-003/ori_mfa_user_list.txt
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-003/ori_mfa_user_list.txt | grep "Arn" | grep -v root | sed -e 's/\"//g' | awk -F "/" '{ print $2 }' | sort -f > ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-003/mfa_user_list.txt
USER_LIST_ATTR=(`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-003/user_list.txt`)
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-003/ori_mfa_user_list.txt | grep root-account-mfa-device | wc -l` ]; then
echo " ㅇ Root Account: "`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-003/ori_mfa_user_list.txt | grep root-account-mfa-device -A 8 | grep UserName | sed -e 's/,//g' | sed -e 's/"//g' | awk '{ print $2 " / MFA 설정되어 있음" }'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
else
echo " ㅇ Root Account: "`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-003/ori_mfa_user_list.txt | grep root-account-mfa-device -A 8 | grep UserName | sed -e 's/,//g' | sed -e 's/"//g' | awk '{ print $2 " / MFA 설정되어 있지 않음" }'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
echo " ㅇ 전체 사용자 리스트: `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-003/user_list.txt | wc -l | sed -e 's/^ //g'`명" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 전체 사용자 리스트 확인 중"
for i in ${USER_LIST_ATTR[@]}
do
echo " -" ${i} >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
done
MFA_NOT_USE_USER_COUNT=(`diff -wu ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-003/user_list.txt ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-003/mfa_user_list.txt | grep -E "^\-[0-9,a-z,A-Z]" | sed 's/^-//g' | wc -l`)
MFA_NOT_USE_USER_ATTR=(`diff -wu ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-003/user_list.txt ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-003/mfa_user_list.txt | grep -E "^\-[0-9,a-z,A-Z]" | sed 's/^-//g'`)
echo " ㅇ 전체 사용자 리스트 확인 완료"
echo " ㅇ MFA 사용하지 않는 사용자 리스트: ${MFA_NOT_USE_USER_COUNT}명" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ MFA 사용하지 않는 사용자 리스트 확인 중"
for i in ${MFA_NOT_USE_USER_ATTR[@]}
do
echo " -" ${i} >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
done
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ MFA 사용하지 않는 사용자 리스트 확인 완료"
#엑세스 키 점검
echo "AWS-004. 액세스 키"
echo "AWS-004. 액세스 키" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ AWS Root Account에 액세스 키가 존재하지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 액세스 키가 존재하는 IAM User Account에 AWS 전체권한(Administrator IAM 관련)이 할당되어 있지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ IAM User Account 액세스 키를 주기에 맞게 관리하고 있을 경우(60일) / 스크립트 개선 필요" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ AWS Root Account에 액세스 키가 존재할 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 액세스 키가 존재하는 IAM User Account에 AWS 전체권한(Administrator IAM 관련)이 할당되어 있는 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ IAM User Account 액세스 키를 주기에 맞게 관리하고 있지 않을 경우(60일) / 스크립트 개선 필요" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ AWS Root Account에 액세스 키가 존재하는가?" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ AWS Root Account에 액세스 키가 존재 확인 중"
#ACCESS_KEY 정책 정리 파일 폴더
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004"
touch ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ROOT_ACCESS_KEY.txt
for i in ${ADMIN[@]}
do
aws iam list-access-keys --user-name ${i} >> ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${i}_AccessKey.txt
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${i}_AccessKey.txt | grep AccessKeyId | wc -l` ]; then
ROOT_ACCESS_KEY_ATTR=(`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${i}_AccessKey.txt | grep AccessKeyId | sed -e 's/\"//g' | awk -F ": " '{ print $2 }'`)
for j in ${ROOT_ACCESS_KEY_ATTR[@]}
do
echo " -" ${i}의 Key 존재: ${j} >> ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ROOT_ACCESS_KEY.txt
done
fi
done
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ROOT_ACCESS_KEY.txt | wc -l` ]; then
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ROOT_ACCESS_KEY.txt >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
else
echo " - root 계정의 Access_Key가 존재하지 않음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
echo " ㅇ AWS Root Account에 액세스 키가 존재 확인 완료"
ADMIN_POLICY_ATTR=("AdministratorAccess")
aws iam get-account-authorization-details > ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL.json
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL.json | jq '.UserDetailList[]' > ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json
USER_GROUP_LIST=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL.json | jq '.UserDetailList[]|.GroupList[]' | sed -e 's/"//g' | sort -f | uniq`
for i in ${ADMIN_POLICY_ATTR[@]}
do
echo " ㅇ ${i} 권한을 가지고 있는 계정이 있는가?" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ ${i} 전체 권한을 가지고 있는 계정이 있는 지 확인 중"
echo " - AWS 관리형 권한을 가진 계정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
touch ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${i}_USER_LIST.txt
for j in ${USER_GROUP_LIST[@]}
do
aws iam list-attached-group-policies --group-name ${j} > ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${j}.json
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${j}.json | grep ${i} | wc -l` ]; then
aws iam get-group --group-name ${j} | grep UserName | sed -e 's/"//g' | sed -e 's/,//g' | sort -f | awk -F ": " '{print " · " $2}' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${i}_USER_LIST.txt
fi
done
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${i}_USER_LIST.txt | wc -l` ]; then
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${i}_USER_LIST.txt | sort -f | uniq >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
else
echo " · ${i} 권한을 가지고 있는 계정이 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
touch ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_USER_LIST_2.txt
echo " - 계정에 직접 ${i} 권한을 가진 계정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -ne "\"PolicyName\": \"${i}\"\," | wc -l` ]; then
ADMIN_DOCS_NUM=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -ne "\"PolicyName\": \"${i}\"" | awk -F ":" '{print $1}'`
for k in ${ADMIN_DOCS_NUM[@]}
do
LINE_NUM=100
while [ 0 -lt ${LINE_NUM} ]
do
if [ 1 -eq `cat -b ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -B ${LINE_NUM} ${k} | grep UserName | wc -l` ]; then
cat -b ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -B ${LINE_NUM} ${k} | grep UserName | sed -e 's/\"//g' | sed -e 's/\,//g' | awk -F ": " '{ print " · " $2 }' | sort -f | uniq >> ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_USER_LIST_2.txt
break;
else
LINE_NUM=`expr ${LINE_NUM} - 1`
fi
done
done
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_USER_LIST_2.txt >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
else
echo " · ${i} 권한을 직접 가지고 있는 계정이 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
touch ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_USER_LIST_3.txt
echo " - 계정에 직접 ${i} 권한을 Custom으로 가진 계정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -nE "\"Action\": \"\*\"\," -A 2 | grep -E "\"Resource\": \"\*\"\," -A 1 | grep -E "\"Effect\": \"Allow\"" | awk -F "-" '{print $1}' | wc -l` ]; then
ADMIN_DOCS_NUM2=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -nE "\"Action\": \"\*\"\," -A 2 | grep -E "\"Resource\": \"\*\"\," -A 1 | grep -E "\"Effect\": \"Allow\"" | awk -F "-" '{print $1}'`
for l in ${ADMIN_DOCS_NUM2[@]}
do
LINE_NUM=100
while [ 0 -lt ${LINE_NUM} ]
do
if [ 1 -eq `cat -b ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -B ${LINE_NUM} " ${l}" | grep UserName | wc -l` ]; then
cat -b ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -B ${LINE_NUM} " ${l}" | grep UserName | sed -e 's/\"//g' | sed -e 's/\,//g' | awk -F ": " '{ print " · " $2 }' | sort -f | uniq >> ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_USER_LIST_3.txt
break;
else
LINE_NUM=`expr ${LINE_NUM} - 1`
fi
done
done
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_USER_LIST_3.txt >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
else
echo " · ${i} 권한을 Custom으로 가지고 있는 계정이 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
done
echo " - AdministratorAccess권한을 가지고 있으면서 AccessKey를 가지고 있는 계정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
touch ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_TOTAL_USER_LIST.txt
touch ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_AccessKey_USER_LIST.txt
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_USER_LIST.txt >> ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_TOTAL_USER_LIST.txt
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_USER_LIST_2.txt >> ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_TOTAL_USER_LIST.txt
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_USER_LIST_3.txt >> ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_TOTAL_USER_LIST.txt
AdministratorAccess_TOTAL_USER_LIST=(`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_TOTAL_USER_LIST.txt | awk '{ print $2}'`)
for i in ${AdministratorAccess_TOTAL_USER_LIST[@]}
do
if [ 1 -ge `aws iam list-access-keys --user-name ${i} | grep AccessKeyId | wc -l` ]; then
echo " · ${i}" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_AccessKey_USER_LIST.txt
fi
done
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_AccessKey_USER_LIST.txt | wc -l` ]; then
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/AdministratorAccess_AccessKey_USER_LIST.txt >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
else
echo " · AdministratorAccess권한을 가지고 있으면서 AccessKey를 가지고 있는 계정 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
echo " ㅇ ${i} 권한을 가지고 있는 계정이 있는 지 확인 완료"
IAM_POLICY_ATTR=("IAMFullAccess")
for i in ${IAM_POLICY_ATTR[@]}
do
echo " ㅇ ${i} 권한을 가지고 있는 계정이 있는가?" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " - AWS 관리형 권한을 가진 계정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
touch ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${i}_ADMIN_USER_LIST.txt
for j in ${USER_GROUP_LIST[@]}
do
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${j}.json | grep ${i} | wc -l` ]; then
aws iam get-group --group-name ${j} | grep UserName | sed -e 's/"//g' | sed -e 's/,//g' | sort -f | awk -F ": " '{print " · " $2}' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${i}_ADMIN_USER_LIST.txt
fi
done
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${i}_ADMIN_USER_LIST.txt | wc -l` ]; then
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${i}_ADMIN_USER_LIST.txt | sort -f | uniq >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
else
echo " · ${i} 권한을 가지고 있는 계정이 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
echo " - 계정에 직접 ${i} 권한을 가진 계정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -ne "\"PolicyName\": \"${i}\"\," | wc -l` ]; then
ADMIN_DOCS_NUM=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -ne "\"PolicyName\": \"${i}\"" | awk -F ":" '{print $1}'`
for k in ${ADMIN_DOCS_NUM[@]}
do
LINE_NUM=100
while [ 0 -lt ${LINE_NUM} ]
do
if [ 1 -eq `cat -b ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -B ${LINE_NUM} ${k} | grep UserName | wc -l` ]; then
cat -b ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -B ${LINE_NUM} ${k} | grep UserName | sed -e 's/\"//g' | sed -e 's/\,//g' | awk -F ": " '{ print " · " $2 }' | sort -f | uniq >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
break;
else
LINE_NUM=`expr ${LINE_NUM} - 1`
fi
done
done
else
echo " · ${i} 권한을 직접 가지고 있는 계정이 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
echo " ㅇ ${i} 권한을 가지고 있는 계정이 있는 지 확인 완료"
done
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#IAM(자격 증명 기반 정책) 계정 보안
echo "AWS-005. IAM(자격 증명 기반 정책)계정 보안"
echo "AWS-005. IAM(자격 증명 기반 정책)계정 보안" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ IAM Group이 보유하고 있는 정책이 역할에 맞게 설정되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ IAM Group이 보유하고 있는 정책이 역할에 맞지 않게 설정되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ IAM Group이 보유하고 있는 정책이 역할에 맞게 설정되어 있는지 수동 검토 필요: 결과 AWS-006 참조"
echo " ㅇ IAM Group이 보유하고 있는 정책이 역할에 맞게 설정되어 있는지 수동 검토 필요: 결과 AWS-006 참조" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#IAM 정책 정리 파일 폴더
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-006"
#IAM(자격 증명 기반 정책) 보안 정책 설정
echo "AWS-006. IAM(자격 증명 기반 정책) 보안 정책 설정(EC2/ECS/ECR)"
echo "AWS-006. IAM(자격 증명 기반 정책) 보안 정책 설정(EC2/ECS/ECR)" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 1명의 사용자가 다수의 IAM 계정을 사용하지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ EC2/ECS/ECR 서비스의 IAM 계정 사용 권한이 각각 서비스 역할에 맞게 설정되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 1명의 사용자가 다수의 IAM 계정을 사용할 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ EC2/ECS/ECR 서비스의 IAM 계정 사용 권한이 각각 서비스 역할에 맞게 설정되어 있지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
FULL_POLICY_ATTR=("AmazonEC2ContainerRegistryFullAccess" "AmazonEC2ContainerServiceFullAccess" "AmazonEC2FullAccess")
for i in ${FULL_POLICY_ATTR[@]}
do
touch ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-006/${i}_ADMIN_USER_LIST.txt
echo " ㅇ ${i} 권한을 가지고 있는 계정이 있는가?" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " - AWS 관리형 권한을 가진 계정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
for j in ${USER_GROUP_LIST[@]}
do
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${j}.json | grep ${i} | wc -l` ]; then
aws iam get-group --group-name ${j} | grep UserName | sed -e 's/"//g' | sed -e 's/,//g' | sort -f | awk -F ": " '{print " · " $2}' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-006/${i}_ADMIN_USER_LIST.txt
fi
done
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-006/${i}_ADMIN_USER_LIST.txt | wc -l` ]; then
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-006/${i}_ADMIN_USER_LIST.txt >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
else
echo " · ${i} 권한을 가지고 있는 계정이 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
echo " - 계정에 직접 ${i} 권한을 가진 계정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -ne "\"PolicyName\": \"${i}\"\," | wc -l` ]; then
ADMIN_DOCS_NUM=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -ne "\"PolicyName\": \"${i}\"" | awk -F ":" '{print $1}'`
for k in ${ADMIN_DOCS_NUM[@]}
do
LINE_NUM=100
while [ 0 -lt ${LINE_NUM} ]
do
if [ 1 -eq `cat -b ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -B ${LINE_NUM} ${k} | grep UserName | wc -l` ]; then
cat -b ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -B ${LINE_NUM} ${k} | grep UserName | sed -e 's/\"//g' | sed -e 's/\,//g' | awk -F ": " '{ print " · " $2 }' | sort -f | uniq >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
break;
else
LINE_NUM=`expr ${LINE_NUM} - 1`
fi
done
done
else
echo " · ${i} 권한을 직접 가지고 있는 계정이 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
echo " ㅇ ${i} 권한을 가지고 있는 계정이 있는 지 확인 완료"
done
echo " ㅇ 현재 사용 중인 권한 리스트 목록" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep PolicyName | sed -e 's/"//g' | sed -e 's/,//g' | awk '{print " - " $2}' | sort -f | uniq >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 현재 사용 중인 권한 그룹 목록" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | jq '.GroupList[]' | sed -e 's/"//g' | awk '{print " - " $1}' | sort -f | uniq >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "EC2 공통영역 - 네트워크 보안" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "EC2 공통영역 - 네트워크 보안"
# 날짜별 리전 폴더 생성
for i in ${REGION_ID[@]};
do
#전체 리전에 대한 전체 Security Group 추출 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL"
# 리전별 전체 Security Group ID 추출
aws ec2 describe-security-groups --region=${i} --query 'SecurityGroups[*].GroupId' --output text | tr '\t' '\n' | sort -f | uniq > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL_SECURITY_GROUP_LIST.txt
ALL_SECURITY_GROUP_ID=(`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL_SECURITY_GROUP_LIST.txt`)
for j in ${ALL_SECURITY_GROUP_ID[@]}
do
# 리전별 EC2의 Security-Group을 json으로 추출
aws ec2 describe-security-groups --region=${i} --group-id=${j} > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL/${j}.json
echo "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL/${j}.json 추출 성공"
done
#전체 리전 중 EC2에서 사용중인 Security Group 추출 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/USE"
#EC2에서 사용 중인 Security Group ID 추출
aws ec2 describe-instances --region=${i} --query 'Reservations[*].Instances[*].SecurityGroups[*].GroupId' --output text | tr '\t' '\n' | sort -f | uniq > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/EC2_USE_SECURITY_GROUP_LIST.txt
EC2_USE_SECURITY_GROUP_ID=(`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/EC2_USE_SECURITY_GROUP_LIST.txt`)
for k in ${EC2_USE_SECURITY_GROUP_ID[@]}
do
#EC2에서 사용 중인 Security Group을 json으로 추출
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL/${k}.json > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/USE/${k}.json
echo "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL/${k}.json 추출 성공"
# brew install jq 실행
# Security-Gorup별 유입 정책 Count 확인
IpPermissions_Policy_Count=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/USE/${k}.json | jq '.SecurityGroups[].IpPermissions[] | length'| wc -l`
# 출력시 탭 한칸 추가 여부
VAR=${k}
# Security-Group별 유입 정책 Count 만큼 반복으로 정책 확인
for (( n = 0; n < ${IpPermissions_Policy_Count}; n++))
do
IpPermissions=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/USE/${k}.json | jq '.SecurityGroups[].IpPermissions['$n'] | .IpProtocol, .FromPort, .ToPort, .IpRanges[].CidrIp, .UserIdGroupPairs[].GroupId' | sed -e 's/"//g' | tr "\n" "\t"`
# Security-Group별 유입 정책 로깅 처리
if [ 14 -gt ${#VAR} ]; then
echo " ㅇ EC2 ${i} ${k} ${IpPermissions[@]}" > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/06_SECURITY_IN_POLICY.txt
else
echo " ㅇ EC2 ${i} ${k} ${IpPermissions[@]}" > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/06_SECURITY_IN_POLICY.txt
fi
done
done
#전체 리전에 대한 네트워크 인터페이스에 할당된 Security Group 추출 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/NETWORK_SECURITY_GROUP"
aws ec2 describe-network-interfaces --query 'NetworkInterfaces[].Groups[].GroupId' --output text | tr '\t' '\n' | sort -f | uniq > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/NETWORK_SECURITY_GROUP/NETWORK_SECURITY_GROUP_LIST.txt
# 리전별 Network Interface에서 사용 중인 Security Group의 Group ID 추출, 단, EC2에서 사용중인 Security Group은 제외.
comm -13 <(cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/EC2_USE_SECURITY_GROUP_LIST.txt) <(cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/NETWORK_SECURITY_GROUP/NETWORK_SECURITY_GROUP_LIST.txt) > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/NETWORK_SECURITY_GROUP/NETWORK_USE_SECURITY_GROUP_LIST.txt
NETWORK_USE_SECURITY_GROUP=(`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/NETWORK_SECURITY_GROUP/NETWORK_USE_SECURITY_GROUP_LIST.txt`)
for l in ${NETWORK_USE_SECURITY_GROUP[@]}
do
# 리전별 Network Interface의 Security-Group을 json으로 추출
aws ec2 describe-security-groups --region=${i} --group-id=${l} > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/NETWORK_SECURITY_GROUP/${l}.json
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/NETWORK_SECURITY_GROUP/${l}.json > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/USE/${l}.json
echo "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/NETWORK_SECURITY_GROUP/${l}.json 추출 성공"
IpPermissions_Policy_Count=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/NETWORK_SECURITY_GROUP/${l}.json | jq '.SecurityGroups[].IpPermissions[] | length'| wc -l`
# Security-Group별 유입 정책 Count 만큼 반복으로 정책 확인
for (( n = 0; n < ${IpPermissions_Policy_Count}; n++))
do
IpPermissions=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/NETWORK_SECURITY_GROUP/${l}.json | jq '.SecurityGroups[].IpPermissions['$n'] | .IpProtocol, .FromPort, .ToPort, .IpRanges[].CidrIp, .UserIdGroupPairs[].GroupId' | sed -e 's/"//g' | tr "\n" "\t"`
# Security-Group별 유입 정책 로깅 처리
echo " ㅇ NETWORK ${i} ${l} ${IpPermissions[@]}" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/06_SECURITY_IN_POLICY.txt
done
done
#EC2와 네트워크에서 사용 중인 Security Group을 제외한 나머지 정책 추출 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/REST_SECURITY_GROUP"
#EC2와 Network Interface의 Security-Group을 제외한 Security Group
comm -23 <(cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL_SECURITY_GROUP_LIST.txt) <(cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/NETWORK_SECURITY_GROUP/NETWORK_SECURITY_GROUP_LIST.txt) > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/REST_SECURITY_GROUP/REST_SECURITY_GROUP_LIST.txt
REST_SECURITY_GROUP=(`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/REST_SECURITY_GROUP/REST_SECURITY_GROUP_LIST.txt`)
# 리전별 사용하지 않는 Security-Group을 json으로 추출
for m in ${REST_SECURITY_GROUP[@]}
do
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL/${m}.json > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/REST_SECURITY_GROUP/${m}.json
echo "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/REST_SECURITY_GROUP/${m}.json 추출 성공"
# Security-Gorup별 유입 정책 Count 확인
IpPermissions_Policy_Count=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/REST_SECURITY_GROUP/${m}.json | jq '.SecurityGroups[].IpPermissions[] | length'| wc -l`
# Security-Group별 유입 정책 Count 만큼 반복으로 정책 확인
for (( n = 0; n < ${IpPermissions_Policy_Count}; n++))
do
IpPermissions=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/REST_SECURITY_GROUP/${m}.json | jq '.SecurityGroups[].IpPermissions['$n'] | .IpProtocol, .FromPort, .ToPort, .IpRanges[].CidrIp, .UserIdGroupPairs[].GroupId' | sed -e 's/"//g' | tr "\n" "\t"`
# Security-Group별 유입 정책 로깅 처리
echo " ㅇ REST ${i} ${m} ${IpPermissions[@]}" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/06_SECURITY_IN_POLICY.txt
done
done
# elasticbeanstalk 환경 추출 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/EB"
# 리전별 elasticbeanstalk에서 사용 중인 EnvironmentId 추출
aws elasticbeanstalk describe-environments --region=${i} --query 'Environments[].EnvironmentId' --output text | tr '\t' '\n' > "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/EB/EB_LIST.txt"
EB_ID=(`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/EB/EB_LIST.txt`)
for o in ${EB_ID[@]}; do
# 리전별 elasticbeanstalk에서 사용 중인 EnvironmentId를 이용하여 사용 중인 Security Group ID를 추출
EB_SECURITY_GROUP=`find ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL/ -name "*" | xargs grep -nr "\"${o}\"" | cut -d "/" -f 8 | awk -F"." '{print $1}' | sort -f | uniq`
for p in ${EB_SECURITY_GROUP[@]}; do
# Security-Gorup별 유입 정책 Count 확인
IpPermissions_Policy_Count=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL/${p}.json | jq '.SecurityGroups[].IpPermissions[] | length'| wc -l`
# Security-Group별 유입 정책 Count 만큼 반복으로 정책 확인
for (( n = 0; n < ${IpPermissions_Policy_Count}; n++))
do
IpPermissions=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL/${p}.json | jq '.SecurityGroups[].IpPermissions['$n'] | .IpProtocol, .FromPort, .ToPort, .IpRanges[].CidrIp, .UserIdGroupPairs[].GroupId' | sed -e 's/"//g' | tr "\n" "\t"`
# Security-Group별 유입 정책 로깅 처리
echo " ㅇ EB ${i} ${p} ${IpPermissions[@]}" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/06_SECURITY_IN_POLICY.txt
echo "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL/${p}.json 추출 성공"
done
done
done
# VPC 환경 추출 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/VPC"
# 리전별 VPC에서 사용 중인 VPC ID 추출
aws ec2 describe-vpcs --region=${i} --query 'Vpcs[].VpcId' --output text | tr '\t' '\n' | sort -f | uniq > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/VPC/VPC_ID_LIST.txt
VPC_ID=(`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/VPC/VPC_ID_LIST.txt`)
# 리전별 VPC에서 사용 중인 VPC ID를 이용하여 사용 중인 Security Group ID를 추출
for q in ${VPC_ID[@]}; do
#VPC를 가지고 있지만 사용하지 않고 있는 Security Group을 추출
USE_VPC_SECURITY_GROUP=`comm -13 <(cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/EC2_USE_SECURITY_GROUP_LIST.txt) <(grep -r . ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL/* | grep \"${q}\" | cut -d "/" -f 8 | awk -F"." '{print $1}' | sort -f | uniq)`
for r in ${USE_VPC_SECURITY_GROUP[@]}
do
# Security-Gorup별 유입 정책 Count 확인
IpPermissions_Policy_Count=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL/${r}.json | jq '.SecurityGroups[].IpPermissions[] | length'| wc -l`
# Security-Group별 유입 정책 Count 만큼 반복으로 정책 확인
for (( n = 0; n < ${IpPermissions_Policy_Count}; n++))
do
IpPermissions=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL/${r}.json | jq '.SecurityGroups[].IpPermissions['$n'] | .IpProtocol, .FromPort, .ToPort, .IpRanges[].CidrIp, .UserIdGroupPairs[].GroupId' | sed -e 's/"//g' | tr "\n" "\t" | awk '{ print $1 "\t" $2 "\t" $3 "\t" $4 "\t" $5 }'`
# Security-Group별 유입 정책 로깅 처리
echo " ㅇ VPC ${i} ${r} ${IpPermissions[@]}" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/06_SECURITY_IN_POLICY.txt
echo "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/SECURITY_GROUP/ALL/${r}.json 추출 성공"
done
done
done
done
#Security Group 점검
echo "VPC-001. Security Group"
echo "VPC-001. Security Group" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ EC2 인스턴스에 대한 IN/OUT BOUND의 Port가 Any로 허용되어 있지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ EC2 인스턴스에 대한 IN/OUT BOUND Source와 Destination의 설정 규칙이 Any로 허용되어 있지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ EC2 인스턴스에 대한 IN/OUT BOUND의 Port가 Any로 허용되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ EC2 인스턴스에 대한 IN/OUT BOUND Source와 Destination의 설정 규칙이 Any로 허용되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "Security Group 점검 진행 중"
echo "* 제외항목: 80 Port, 443 Port, ICMP, OUT Bound" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "ResourceTYPE Region S/G Proto From To Target" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-001/06_SECURITY_IN_POLICY.txt | grep -v "\t80\t80\t" | grep -v "\t443\t443\t" | grep -v icmp | grep "\t0.0.0.0/0" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "Security Group 점검 완료"
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#Network ACL 점검
#Network ACL 환경 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-002"
#NETWORK_ACL_LIST 확인
aws ec2 describe-network-acls | jq '.NetworkAcls[].Associations[].NetworkAclId' | sed -e 's/"//g' | sort -f | uniq > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-002/NETWORK_ACL_LIST.txt
NETWORK_ACL_LIST=(`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-002/NETWORK_ACL_LIST.txt`)
echo "VPC-002. ACL"
echo "VPC-002. ACL" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ IN/OUT BOUND에 대한 모든 트래픽이 허용되어 있지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ IN/OUT BOUND에 대한 모든 트래픽이 허용되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "NETWORK ACL 점검 중"
echo "NETWORK_ACL_ID RuleNumber Protocol Egress CidrBlock RuleAction" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#NETWORK ACL ID별 ACL 확인
for i in ${NETWORK_ACL_LIST[@]}
do
#NETWORK ACL별 정책 Count 확인
aws ec2 describe-network-acls --network-acl-ids ${i} > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-002/${i}.json
NETWORK_ACL_COUNT=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-002/${i}.json | jq '.NetworkAcls[].Entries[] | length' | wc -l`
#탭 1번 or 2번 여부 결정
VAR=${i}
#NETWORK ACL 정책 Count 만큼 반복으로 확인
for (( n = 0; n < $NETWORK_ACL_COUNT; n++))
do
NETWORK_ACL_POLICY=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-002/${i}.json | jq '.NetworkAcls[].Entries['$n'] | .RuleNumber, .Protocol, .Egress, .CidrBlock, .RuleAction' | sed -e 's/"//g' | tr "\n" "\t" | awk '{ print $1 "\t\t" $2 "\t\t" $3 "\t\t" $4 "\t\t" $5 }'`
if [ 14 -gt ${#VAR} ]; then
echo " ㅇ ${i} ${NETWORK_ACL_POLICY[@]}" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-002/${i}.txt
else
echo " ㅇ ${i} ${NETWORK_ACL_POLICY[@]}" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-002/${i}.txt
fi
done
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-002/${i}.txt >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
done
echo "NETWORK ACL 점검 완료"
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#NAT GATEWAY 점검
echo "VPC-003. NAT GATEWAY"
echo "VPC-003. NAT GATEWAY" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ NAT Gateway가 설정되어 있지 않거나 실사용 중인 Private 서브넷 인스턴스가 연결되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ NAT Gateway를 사용할 경우 사용하지 않는 Private 서브넷 인스턴스가 연결되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "VPC-003. NAT GATEWAY 점검 중"
#NAT GATEWAY 관련 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-003/NAT_GATEWAY_LIST"
aws ec2 describe-nat-gateways | jq '.NatGateways[].NatGatewayId' | sed -e 's/\"//g' > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-003/NAT_GATEWAY_LIST.txt
NAT_GATEWAY_LIST=(`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-003/NAT_GATEWAY_LIST.txt`)
aws ec2 describe-instances | jq '.Reservations[].Instances[].SubnetId' | grep -v null | sed -e 's/"//g' | sort -f | uniq > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-003/USE_SUBNET_LIST.txt
USE_SUBNET_LIST=(`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-003/USE_SUBNET_LIST.txt`)
for i in ${NAT_GATEWAY_LIST[@]}
do
aws ec2 describe-nat-gateways --nat-gateway-ids=${i} > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-003/NAT_GATEWAY_LIST/${i}.json
done
for i in ${NAT_GATEWAY_LIST[@]}
do
for j in ${USE_SUBNET_LIST[@]}
do
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-003/NAT_GATEWAY_LIST/${i}.json | grep ${j} | wc -l` ]; then
echo " ㅇ NAT-GATEWAY: ${i} / Subnet: ${j} 사용 중" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-003/USE_NAT_GATEWAY.txt
fi
done
if [ 0 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-003/USE_NAT_GATEWAY.txt | grep ${i} | wc -l` ]; then
echo " ㅇ NAT-GATEWAY: ${i}에서 사용하는 Subnet 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-003/USE_NAT_GATEWAY.txt
fi
done
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-003/USE_NAT_GATEWAY.txt >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "NAT GATEWAY 점검 완료"
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#INTERNET GATEWAY 점검
echo "VPC-004. INTERNET GATEWAY"
echo "VPC-004. INTERNET GATEWAY" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 다수의 Internet Gateway 관리 시 연결된 VPC 내 인스턴스가 존재할 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 다수의 Internet Gateway 관리 시 연결된 VPC 내 인스턴스가 존재하지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "VPC-004. INTERNET GATEWAY 점검 중"
#INTERNET GATEWAY 관련 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-004"
touch ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-004/USE_INTERNET_GATEWAY_LIST.txt
aws ec2 describe-internet-gateways | jq '.InternetGateways[] | .InternetGatewayId' | sed -e 's/\"//g' > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-004/INTERNET_GATEWAY_LIST.txt
INTERNET_GATEWAY_LIST=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-004/INTERNET_GATEWAY_LIST.txt`
aws ec2 describe-instances | jq '.Reservations[] | .Instances[] | .VpcId' | sed -e 's/\"//g' | sort -f | uniq | grep -v null > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-004/USE_VPC_LIST.txt
USE_VPC_LIST=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-004/USE_VPC_LIST.txt`
for i in ${INTERNET_GATEWAY_LIST[@]}
do
aws ec2 describe-internet-gateways --internet-gateway-ids=${i} > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-004/${i}.json
done
for i in ${INTERNET_GATEWAY_LIST[@]}
do
for j in ${USE_VPC_LIST[@]}
do
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-004/${i}.json | jq '.InternetGateways[] | .Attachments[] | .VpcId' | sed -e 's/\"//g' | grep ${j} | wc -l` ]; then
echo " ㅇ INTERNET_GATEWAY: ${i} / VPC:${j} = 인스턴스 존재" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-004/USE_INTERNET_GATEWAY_LIST.txt
fi
done
if [ 0 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-004/USE_INTERNET_GATEWAY_LIST.txt | grep ${i} | wc -l` ]; then
echo " ㅇ INTERNET_GATEWAY: ${i}에서 사용하는 VPC 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-004/USE_INTERNET_GATEWAY_LIST.txt
fi
done
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-004/USE_INTERNET_GATEWAY_LIST.txt >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "INTERNET GATEWAY 점검 완료"
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#Routing Tables 점검
echo "VPC-005. Routing Tables"
echo "VPC-005. Routing Tables" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 목적지가 Any로 설정되어 있지 않고, 서비스 타깃별로 설정 및 활성화되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 목적지가 Any로 설정되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "VPC-005. Routing Tables 점검 중"
#Routing Tables 관련 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-ID"
touch ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-TOTAL.txt
#Routing Table ID 확인
aws ec2 describe-route-tables --query 'RouteTables[].RouteTableId' | awk -F "\"" '{print $2}' | grep rtb > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/ROUTE_TABLE_ID.txt
#Routing Table ID 변수화
ROUTE_TABLE_ID=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/ROUTE_TABLE_ID.txt`
for i in ${ROUTE_TABLE_ID[@]}
do
aws ec2 describe-route-tables --route-table-ids ${i} --output text > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-ID/${i}.txt
echo " ㅇ Routing Table ID: ${i}" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-TOTAL.txt
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-ID/${i}.txt | grep ROUTETABLES | awk '{print " - VPC: " $4}' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-TOTAL.txt
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-ID/${i}.txt | grep ASSOCIATIONS | awk '{print " - Subnet: " $5}' | grep subnet- >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-TOTAL.txt
echo " - Routing Tables" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-TOTAL.txt
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-ID/${i}.txt | grep ROUTES | grep local | awk '{print " · " $2 "\t\t" $5 "\t" $3}' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-TOTAL.txt
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-ID/${i}.txt | grep ROUTES | grep -v local | grep -v 0.0.0.0/0 | awk '{print " · " $2 "\t\t" $4 "\t" $5}' | grep -v blackhole | grep -v " · [a-z]" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-TOTAL.txt
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-ID/${i}.txt | grep ROUTES | grep -v local | grep -v 0.0.0.0/0 | awk '{print $2 "\t\t" $3 "\t" $4 "\t" $5}' | grep "^[a-z,A-Z]" | wc -l` ]; then
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-ID/${i}.txt | grep ROUTES | grep -v local | grep -v 0.0.0.0/0 | awk '{print " · " $2 "\t\t" $5 "\t" $3}' | grep " · [a-z]" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-TOTAL.txt
fi
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-ID/${i}.txt | grep ROUTES | grep -v local | grep -v 0.0.0.0/0 | awk '{print " · " $2 "\t\t" $4 "\t" $5}' | grep blackhole >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-TOTAL.txt
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-ID/${i}.txt | grep ROUTES | grep 0.0.0.0/0 | grep -v eni- | awk '{print " · " $2 "\t\t" $5 "\t" $3}' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-TOTAL.txt
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-ID/${i}.txt | grep ROUTES | grep 0.0.0.0/0 | grep eni- | awk '{print " · " $2 "\t\t" $7 "\t" $5}' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-TOTAL.txt
done
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-005/RTB-TOTAL.txt >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "Routing Tables 점검 완료"
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#Elastic IP 점검
echo "VPC-006. Elastic IP"
echo "VPC-006. Elastic IP" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ Elastic IP 주소를 사용 중인 EC2 인스턴스의 Open Port가 Any로 허용되어 있지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ Elastic IP 주소를 사용 중인 EC2 인스턴스의 Open Port가 Any로 허용되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "VPC-006. Elastic IP 점검 중"
#Elastic IP 관련 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-006"
aws ec2 describe-addresses --query 'Addresses[].InstanceId' | grep i- | awk -F "\"" '{print $2}' > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-006/INSTANCE_ID.txt
INSTANCE_ID=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-006/INSTANCE_ID.txt`
for i in ${REGION_ID[@]};
do
for j in ${INSTANCE_ID[@]}
do
mkdir ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-006/${j}
touch ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-006/${j}/${j}.txt
echo " ㅇ Instance_ID: ${j}" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-006/${j}/${j}.txt
aws ec2 describe-instances --instance-ids=${j} | grep GroupId | awk -F "\"" '{print $4}' | sort -f | uniq > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-006/${j}/${j}_SG.txt
SECURITY_GROUP_ID=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-006/${j}/${j}_SG.txt`
for k in ${SECURITY_GROUP_ID[@]}
do
aws ec2 describe-security-groups --region=${i} --group-id=${k} > ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-006/${j}/${k}.json
IpPermissions_Policy_Count=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-006/${j}/${k}.json | jq '.SecurityGroups[].IpPermissions[] | length'| wc -l`
for (( n = 0; n < ${IpPermissions_Policy_Count}; n++))
do
IpPermissions=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-006/${j}/${k}.json | jq '.SecurityGroups[].IpPermissions['$n'] | .IpProtocol, .FromPort, .ToPort, .IpRanges[].CidrIp, .UserIdGroupPairs[].GroupId' | sed -e 's/"//g' | tr "\n" "\t"`
echo " - ${j} ${k} ${IpPermissions[@]}" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-006/${j}/${j}.txt
done
done
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/VPC-006/${j}/${j}.txt >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
done
done
echo "VPC-006. Elastic IP 점검 완료"
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "RDS 공통영역"
#RDS 리소스 액세스 권한 관리 점검
echo "RDS-001. RDS 리소스 액세스 권한 관리"
echo "RDS-001. RDS 리소스 액세스 권한 관리" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ AWS Root 계정 관리자가 다수 사용자에게 RDS 리소스 생성 권한을 설정하지 않았을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 역할에 교차 계정 권한을 부여하지 않았을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ AWS Root 계정 관리자가 다수 사용자에게 RDS 리소스 생성 권한을 설정했을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 역할에 교차 계정 권한을 부여했을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "RDS-001. RDS 리소스 액세스 권한 관리 점검 중"
RDS_ADMIN_POLICY_ATTR=("AmazonRDSDataFullAccess" "AmazonRDSFullAccess")
#RDS IP 관련 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-001"
for i in ${RDS_ADMIN_POLICY_ATTR[@]}
do
echo " ㅇ ${i} 권한을 가지고 있는 계정이 있는가?" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " - AWS 관리형 권한을 가진 계정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
touch ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-001/${i}_USER_LIST.txt
for j in ${USER_GROUP_LIST[@]}
do
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${j}.json | grep ${i} | wc -l` ]; then
aws iam get-group --group-name ${j} | grep UserName | sed -e 's/"//g' | sed -e 's/,//g' | sort -f | awk -F ": " '{print " · " $2}' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-001/${i}_USER_LIST.txt
fi
done
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-001/${i}_USER_LIST.txt | wc -l` ]; then
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-001/${i}_USER_LIST.txt | sort -f | uniq >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
else
echo " · ${i} 권한을 가지고 있는 계정이 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
echo " - 계정에 직접 ${i} 권한을 가진 계정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -ne "\"PolicyName\": \"${i}\"\," | wc -l` ]; then
ADMIN_DOCS_NUM=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -ne "\"PolicyName\": \"${i}\"" | awk -F ":" '{print $1}'`
for k in ${ADMIN_DOCS_NUM[@]}
do
LINE_NUM=100
while [ 0 -lt ${LINE_NUM} ]
do
if [ 1 -eq `cat -b ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -B ${LINE_NUM} ${k} | grep UserName | wc -l` ]; then
cat -b ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -B ${LINE_NUM} ${k} | grep UserName | sed -e 's/\"//g' | sed -e 's/\,//g' | awk -F ": " '{ print " · " $2 }' | sort -f | uniq >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
break;
else
LINE_NUM=`expr ${LINE_NUM} - 1`
fi
done
done
else
echo " · ${i} 권한을 직접 가지고 있는 계정이 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
done
echo "RDS-001. RDS 리소스 액세스 권한 관리 점검 완료"
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#RDS 리소스 액세스 권한 관리 점검
echo "RDS-002. RDS API 작업 권한 부여"
echo "RDS-002. RDS API 작업 권한 부여" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ IAM 일반 사용자 권한에 RDS API 기능을 사용할 수 있는 권한이 부여되어 있지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ IAM 일반 사용자 권한에 RDS API 기능을 사용할 수 있는 권한이 부여되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "RDS-002. RDS API 작업 권한 점검 중"
#RDS IP 관련 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-002"
RDS_AUTH_POLICY_ATTR=("AmazonRDSDataFullAccess" "AmazonRDSFullAccess" "AmazonRDSReadOnlyAccess" "AWSApplicationAutoscalingRDSClusterPolicy" "AmazonRDSBetaServiceRolePolicy" "AmazonRDSDirectoryServiceAccess" "AmazonRDSEnhancedMonitoringRole" "AmazonRDSPreviewServiceRolePolicy" "AmazonRDSServiceRolePolicy" "AWSQuickSightDescribeRDS" "RDSCloudHsmAuthorizationRole")
for i in ${RDS_AUTH_POLICY_ATTR[@]}
do
echo " ㅇ ${i} 권한을 가지고 있는 계정이 있는가?" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " - AWS 관리형 권한을 가진 계정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
touch ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-002/${i}_USER_LIST.txt
for j in ${USER_GROUP_LIST[@]}
do
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${j}.json | grep ${i} | wc -l` ]; then
aws iam get-group --group-name ${j} | grep UserName | sed -e 's/"//g' | sed -e 's/,//g' | sort -f | awk -F ": " '{print " · " $2}' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-002/${i}_USER_LIST.txt
fi
done
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-002/${i}_USER_LIST.txt | wc -l` ]; then
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-002/${i}_USER_LIST.txt >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
else
echo " · ${i} 권한을 가지고 있는 계정이 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
echo " - 계정에 직접 ${i} 권한을 가진 계정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -ne "\"PolicyName\": \"${i}\"\," | wc -l` ]; then
ADMIN_DOCS_NUM=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -ne "\"PolicyName\": \"${i}\"" | awk -F ":" '{print $1}'`
for k in ${ADMIN_DOCS_NUM[@]}
do
LINE_NUM=100
while [ 0 -lt ${LINE_NUM} ]
do
if [ 1 -eq `cat -b ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -B ${LINE_NUM} ${k} | grep UserName | wc -l` ]; then
cat -b ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -B ${LINE_NUM} ${k} | grep UserName | sed -e 's/\"//g' | sed -e 's/\,//g' | awk -F ": " '{ print " · " $2 }' | sort -f | uniq >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
break;
else
LINE_NUM=`expr ${LINE_NUM} - 1`
fi
done
done
else
echo " · ${i} 권한을 직접 가지고 있는 계정이 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
done
echo "RDS-002. RDS 리소스 액세스 권한 관리 점검 완료"
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#서브넷 가용 영역
echo "RDS-003. 서브넷 가용 영역"
echo "RDS-003. 서브넷 가용 영역" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ EC2 인스턴스와 RDS 연결간의 서브넷이 설정되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ EC2 인스턴스와 RDS 연결간의 불필요한 서브넷이 설정되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "RDS-003. 서브넷 가용 영역 점검 중"
#RDS IP 관련 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-003/RDS_SUBNET_LIST"
DB_DBSUBNET_GROUP=`aws rds describe-db-subnet-groups | jq '.DBSubnetGroups[].DBSubnetGroupName' | sed -e 's/\"//g'`
for i in ${DB_DBSUBNET_GROUP[@]}
do
aws rds describe-db-subnet-groups --db-subnet-group-name ${i} > ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-003/RDS_SUBNET_LIST/${i}.json
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-003/RDS_SUBNET_LIST/${i}.json | grep DBSubnetGroupName | sed -e 's/\"//g' | awk '{print " ㅇ " $1 " " $2}' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-003/RDS_SUBNET_LIST/${i}.json | grep VpcId | sed -e 's/\"//g' | sed -e 's/\,//g' | awk '{print " - " $1 " " $2}' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-003/RDS_SUBNET_LIST/${i}.json | grep SubnetIdentifier | sed -e 's/\"//g' | sed -e 's/\,//g' | awk '{print " · " $1 " " $2}' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
done
echo "RDS-003. 서브넷 가용 영역 점검 완료"
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#RDS IAM(자격 증명 기반 정책) 보안 정책 설정
echo "RDS-004. IAM(자격 증명 기반 정책) 보안 정책 설정"
echo "RDS-004. IAM(자격 증명 기반 정책) 보안 정책 설정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 1명의 사용자가 다수의 IAM 계정을 사용하지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ RDS 서비스의 IAM 계정 사용 권한이 각각 서비스 역할에 맞게 설정되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 1명의 사용자가 다수의 IAM 계정을 사용할 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ RDS 서비스의 IAM 계정 사용 권한이 각각 서비스 역할에 맞게 설정되어 있지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ RDS-002. RDS API 작업 권한 부여 내역 검토 필요" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ RDS-002. RDS API 작업 권한 부여 내역 검토 필요"
echo "RDS-004. IAM(자격 증명 기반 정책) 보안 정책 점검 완료"
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#RDS 옵션정책
echo "RDS-101. RDS 파라미터 관리 영역 설정"
echo "RDS-101. RDS 파라미터 관리 영역 설정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ RDS(MariaDB/MySQL/Oracle/PostgreSQL) 파라미터 값이 Default 값으로 설정되어 있는 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ RDS(MariaDB/MySQL/Oracle/PostgreSQL) 파라미터 값이 Default 값 외 다른 값으로 설정되어 있는 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " => 신규 파라미터 추가 및 변경 시 담당자 확인이 필요함" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#파라미터 관리 점검 폴
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP"
aws rds describe-db-instances > ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/describe-db-instances.json
RDS_PARAMETER_GROUPNAME=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/describe-db-instances.json | jq '.DBInstances[].DBParameterGroups[].DBParameterGroupName' | sed -e 's/\"//g' | sort -f | uniq`
for i in ${RDS_PARAMETER_GROUPNAME[@]}
do
aws rds describe-db-parameters --db-parameter-group-name ${i} --source system > ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json
done
for i in ${RDS_PARAMETER_GROUPNAME[@]}
do
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep mysql | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterValue": "/rdsdbbin/oscar"' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "binlog_cache_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "binlog_cache_size",' -A 1 -B 1 | grep '"ParameterValue": "32768",' | wc -l` ]; then
echo ' - "ParameterName": "binlog_cache_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 트랜잭션 중에 이진 로그에 대한 SQL 문을 보유하는 캐시의 크기' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "binlog_cache_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "32768"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "binlog_cache_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "binlog_format",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "binlog_format",' -A 1 -B 1 | grep '"ParameterValue": "MIXED",' | wc -l` ]; then
echo ' - "ParameterName": "binlog_format": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json'
else
echo ' * 행 또는 혼합 복제' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "binlog_format"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json'
echo ' - 기본설정: "ParameterValue": "MIXED"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "binlog_format",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "default_password_lifetime",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "default_password_lifetime",' -A 1 -B 1 | grep '"ParameterValue": "0",' | wc -l` ]; then
echo ' - "ParameterName": "default_password_lifetime": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 자동 암호 만료 정책 정의' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "default_password_lifetime"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "0"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "default_password_lifetime",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "explicit_defaults_for_timestamp",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "explicit_defaults_for_timestamp",' -A 1 -B 1 | grep '"ParameterValue": "1",' | wc -l` ]; then
echo ' - "ParameterName": "explicit_defaults_for_timestamp": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 5.6.7에 필요한 필수 요소' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "explicit_defaults_for_timestamp"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "explicit_defaults_for_timestamp",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "gtid-mode",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "gtid-mode",' -A 1 -B 1 | grep '"ParameterValue": "OFF_PERMISSIVE",' | wc -l` ]; then
echo ' - "ParameterName": "gtid-mode": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * GTID 기반 로깅을 사용할지 여부와 로그에 포함할 수 있는 트랜잭션 유형 설명' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "gtid-mode"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "OFF_PERMISSIVE"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "gtid-mode",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_buffer_pool_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_buffer_pool_size",' -A 1 -B 1 | grep '"ParameterValue": "{DBInstanceClassMemory\*3/4}",' | wc -l` ]; then
echo ' - "ParameterName": "innodb_buffer_pool_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * Innodb가 테이블의 데이터와 인덱스를 캐시하기 위해 사용하는 메모리 버퍼의 크기(Byte)' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "innodb_buffer_pool_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "{DBInstanceClassMemory\*3/4}"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_buffer_pool_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_file_per_table",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_file_per_table",' -A 1 -B 1 | grep '"ParameterValue": "1",' | wc -l` ]; then
echo ' - "ParameterName": "innodb_file_per_table": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * Innodb에 테이블 스페이스/파일을 선택' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "innodb_file_per_table"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_file_per_table",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_flush_method",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_flush_method",' -A 1 -B 1 | grep '"ParameterValue": "O_DIRECT",' | wc -l` ]; then
echo ' - "ParameterName": "innodb_flush_method": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * Innodb의 플러시 메소드를 결정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "innodb_flush_method"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "O_DIRECT"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_flush_method",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_buffer_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_buffer_size",' -A 1 -B 1 | grep '"ParameterValue": "8388608",' | wc -l` ]; then
echo ' - "ParameterName": "innodb_log_buffer_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * Innodb가 디스크의 로그 파일에 쓰는 데 사용하는 버퍼의 크기(Byte)' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "innodb_log_buffer_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "8388608"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_buffer_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_file_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_file_size",' -A 1 -B 1 | grep '"ParameterValue": "134217728",' | wc -l` ]; then
echo ' - "ParameterName": "innodb_log_file_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 로그 그룹의 각 로그 파일 크기(Byte)' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "innodb_log_file_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "134217728"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_file_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "key_buffer_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "key_buffer_size",' -A 1 -B 1 | grep '"ParameterValue": "16777216",' | wc -l` ]; then
echo ' - "ParameterName": "key_buffer_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 인덱스 블록(모든 읽기 및 다중 쓰기의 경우)에 사용되는 향상된 인덱스 처리를 얻으려면 버퍼 크기를 늘릴 것' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "key_buffer_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "16777216"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "key_buffer_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "local_infile",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "local_infile",' -A 1 -B 1 | grep '"ParameterValue": "1",' | wc -l` ]; then
echo ' - "ParameterName": "local_infile": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * LOAD DATA INFILE에 대해 LOCAL 컨트롤 지원' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "local_infile"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "local_infile",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_output",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_output",' -A 1 -B 1 | grep '"ParameterValue": "FILE",' | wc -l` ]; then
echo ' - "ParameterName": "log_output": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 쿼리 로그를 저장할 위치 제어' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log_output"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "FILE"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_output",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "master-info-repository",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "master-info-repository",' -A 1 -B 1 | grep '"ParameterValue": "TABLE",' | wc -l` ]; then
echo ' - "ParameterName": "master-info-repository": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 이 옵션을 사용하면 서버가 마스터 정보 로그를 파일이나 테이블에 기록' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "master-info-repository"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "TABLE"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "master-info-repository",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_connections",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_connections",' -A 1 -B 1 | grep '"ParameterValue": "GREATEST' | wc -l` ]; then
echo ' - "ParameterName": "max_connections": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 허용되는 동시 클라이언트 연결 수' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "max_connections"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "GREATEST"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_connections",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "performance_schema",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "performance_schema",' -A 1 -B 1 | grep '"ParameterValue": "0",' | wc -l` ]; then
echo ' - "ParameterName": "performance_schema": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 성능 스키마를 사용하거나 사용하지 않도록 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "performance_schema"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "0"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "performance_schema",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_buffer_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_buffer_size",' -A 1 -B 1 | grep '"ParameterValue": "262144",' | wc -l` ]; then
echo ' - "ParameterName": "read_buffer_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 순차 스캔을 수행하는 각 스레드는 이 버퍼를 할당. 많은 순차적 스캔을 수행하여 값이 증가하면 성능 향상에 도움' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "read_buffer_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "262144"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_buffer_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_only",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_only",' -A 1 -B 1 | grep '"ParameterValue": "{TrueIfReplica}",' | wc -l` ]; then
echo ' - "ParameterName": "read_only": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 활성화되면 서버는 슬레이브 스레드가 수행한 업데이트를 제외하고 업데이트를 비허용' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "read_only"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "{TrueIfReplica}"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_only",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_rnd_buffer_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_rnd_buffer_size",' -A 1 -B 1 | grep '"ParameterValue": "524288",' | wc -l` ]; then
echo ' - "ParameterName": "read_rnd_buffer_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 키 정렬 작업 후에 정렬된 순서로 행을 읽을 때 디스크 읽기를 방지. 큰 값은 ORDER BY 성능을 향상시킬 수 있음' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "read_rnd_buffer_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "524288"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_rnd_buffer_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay_log_info_repository",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay_log_info_repository",' -A 1 -B 1 | grep '"ParameterValue": "TABLE",' | wc -l` ]; then
echo ' - "ParameterName": "relay_log_info_repository": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 이 옵션을 사용하면 서버가 릴레이 로그 정보를 파일이나 테이블에 기록' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "relay_log_info_repository"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "TABLE"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay_log_info_repository",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "sync_binlog",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "sync_binlog",' -A 1 -B 1 | grep '"ParameterValue": "1",' | wc -l` ]; then
echo ' - "ParameterName": "sync_binlog": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * binlog 동기화 (MySQL이 디스크로 플러시되거나 OS에 의존)' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "sync_binlog"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "sync_binlog",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "table_open_cache_instances",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "table_open_cache_instances",' -A 1 -B 1 | grep '"ParameterValue": "16",' | wc -l` ]; then
echo ' - "ParameterName": "table_open_cache_instances": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 열린 테이블 캐시 인스턴스의 수' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "table_open_cache_instances"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "16"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "table_open_cache_instances",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "thread_stack",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "thread_stack",' -A 1 -B 1 | grep '"ParameterValue": "262144",' | wc -l` ]; then
echo ' - "ParameterName": "thread_stack": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 스레드 스택 크기가 너무 작으면 서버가 처리 할 수 있는 SQL 문의 복잡성, 저장프로시저의 재귀 수준 및 기타 메모리 소비 작업을 제한' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "thread_stack"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "262144"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "thread_stack",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "basedir",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "basedir",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbbin/oscar",' | wc -l` ]; then
echo ' - "ParameterName": "basedir": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * MySQL 설치베이스 디렉토리' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "basedir"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbbin/oscar"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "basedir",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "datadir",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "datadir",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/db/",' | wc -l` ]; then
echo ' - "ParameterName": "datadir": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * MySQL 데이터 디렉토리' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "datadir"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/db/"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "datadir",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "default_storage_engine",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "default_storage_engine",' -A 1 -B 1 | grep '"ParameterValue": "InnoDB",' | wc -l` ]; then
echo ' - "ParameterName": "default_storage_engine": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 기본 저장소 엔진(테이블 형식)' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "default_storage_engine"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "InnoDB"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "default_storage_engine",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "general_log_file",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "general_log_file",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/log/general/mysql-general.log",' | wc -l` ]; then
echo ' - "ParameterName": "general_log_file": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * MySQL 일반 로그의 위치' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "general_log_file"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/log/general/mysql-general.log"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "general_log_file",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_data_home_dir",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_data_home_dir",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/db/innodb",' | wc -l` ]; then
echo ' - "ParameterName": "innodb_data_home_dir": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * Innodb 파일이 저장된 디렉토리' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "innodb_data_home_dir"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/db/innodb"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_data_home_dir",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_group_home_dir",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_group_home_dir",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/log/innodb",' | wc -l` ]; then
echo ' - "ParameterName": "innodb_log_group_home_dir": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * Innodb 로그 파일의 디렉토리 경로' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "innodb_log_group_home_dir"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/log/innodb"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_group_home_dir",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log-bin",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log-bin",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/log/binlog/mysql-bin-changelog",' | wc -l` ]; then
echo ' - "ParameterName": "log-bin": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 바이너리 로깅 제어' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log-bin"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/log/binlog/mysql-bin-changelog"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log-bin",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_error",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_error",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/log/error/mysql-error.log",' | wc -l` ]; then
echo ' - "ParameterName": "log_error": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 오류 로그의 위치' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log_error"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/log/error/mysql-error.log"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_error",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_slave_updates",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_slave_updates",' -A 1 -B 1 | grep '"ParameterValue": "1",' | wc -l` ]; then
echo ' - "ParameterName": "log_slave_updates": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 체인 복제 허용' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log_slave_updates"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_slave_updates",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_binlog_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_binlog_size",' -A 1 -B 1 | grep '"ParameterValue": "134217728",' | wc -l` ]; then
echo ' - "ParameterName": "max_binlog_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 이 크기에 도달하면 서버가 binlog를 변경' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "max_binlog_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "134217728"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_binlog_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "pid_file",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "pid_file",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/log/mysql-{EndPointPort}.pid",' | wc -l` ]; then
echo ' - "ParameterName": "pid_file": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 프로세스 ID 파일의 경로 이름. 이 파일은 mysqld_safe와 같은 다른 프로그램에서 서버의 프로세스 ID를 결정하는 데 사용' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "pid_file"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/log/mysql-{EndPointPort}.pid"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "pid_file",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "port",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "port",' -A 1 -B 1 | grep '"ParameterValue": "{EndPointPort}",' | wc -l` ]; then
echo ' - "ParameterName": "port": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 서버가 TC/IP 연결을 청취하는 포트의 번호' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "port"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "{EndPointPort}"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "port",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay-log",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay-log",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/log/relaylog/relaylog",' | wc -l` ]; then
echo ' - "ParameterName": "relay-log": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 릴레이 로그의 기본 이름' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "relay-log"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/log/relaylog/relaylog"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay-log",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay_log_recovery",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay_log_recovery",' -A 1 -B 1 | grep '"ParameterValue": "1",' | wc -l` ]; then
echo ' - "ParameterName": "relay_log_recovery": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 서버 시작 직후 자동 릴레이 로그 복구를 사용 가능하게 함' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "relay_log_recovery"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay_log_recovery",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "secure_file_priv",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "secure_file_priv",' -A 1 -B 1 | grep '"ParameterValue": "/tmp",' | wc -l` ]; then
echo ' - "ParameterName": "secure_file_priv": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * LOAD_FILE(), LOAD_DATA 및 SELECT의 효과 제한' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "secure_file_priv"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/tmp"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "secure_file_priv",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "server_id",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "server_id",' -A 1 -B 1 | grep '"ParameterValue": "{ServerId}",' | wc -l` ]; then
echo ' - "ParameterName": "server_id": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 복제 그룹에서 인스턴스를 식별하는데 사용되는 정수 값' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "server_id"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "{ServerId}"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "server_id",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "skip-slave-start",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "skip-slave-start",' -A 1 -B 1 | grep '"ParameterValue": "1",' | wc -l` ]; then
echo ' - "ParameterName": "skip-slave-start": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 슬레이브 서버가 서버를 시작할 때 슬레이브 스레드를 시작하지 못하게 함' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "skip-slave-start"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "skip-slave-start",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "slow_query_log_file",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "slow_query_log_file",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/log/slowquery/mysql-slowquery.log",' | wc -l` ]; then
echo ' - "ParameterName": "slow_query_log_file": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * MySQL 저속 질의 로그 파일의 위치' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "slow_query_log_file"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/log/slowquery/mysql-slowquery.log"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "slow_query_log_file",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "socket",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "socket",' -A 1 -B 1 | grep '"ParameterValue": "/tmp/mysql.sock",' | wc -l` ]; then
echo ' - "ParameterName": "socket": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * (UNIX) 소켓 파일 및 로컬 연결에 사용되는 (WINODWS) 명명 된 파이프' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "socket"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/tmp/mysql.sock"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "socket",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "tmpdir",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "tmpdir",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/tmp/",' | wc -l` ]; then
echo ' - "ParameterName": "tmpdir": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 임시 파일 및 임시 테이블에 사용되는 디렉토리' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "tmpdir"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/tmp/"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "tmpdir",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
else
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "binlog_cache_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "binlog_cache_size",' -A 1 -B 1 | grep '"ParameterValue": "32768",' | wc -l` ]; then
echo ' - "ParameterName": "binlog_cache_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 트랜잭션 중에 이진 로그에 대한 SQL 문을 보유하는 캐시의 크기' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "binlog_cache_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "32768"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "binlog_cache_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "binlog_format",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "binlog_format",' -A 1 -B 1 | grep '"ParameterValue": "MIXED",' | wc -l` ]; then
echo ' - "ParameterName": "binlog_format": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 행 또는 혼합 복제' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "binlog_format"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "MIXED"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "binlog_format",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "default_password_lifetime",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "default_password_lifetime",' -A 1 -B 1 | grep '"ParameterValue": "0",' | wc -l` ]; then
echo ' - "ParameterName": "default_password_lifetime": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 자동 암호 만료 정책 정의' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "default_password_lifetime"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "0"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "default_password_lifetime",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "explicit_defaults_for_timestamp",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "explicit_defaults_for_timestamp",' -A 1 -B 1 | grep '"ParameterValue": "1",' | wc -l` ]; then
echo ' - "ParameterName": "explicit_defaults_for_timestamp": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 5.6.7에 필요한 필수 요소' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "explicit_defaults_for_timestamp"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "explicit_defaults_for_timestamp",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "gtid-mode",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "gtid-mode",' -A 1 -B 1 | grep '"ParameterValue": "OFF_PERMISSIVE",' | wc -l` ]; then
echo ' - "ParameterName": "gtid-mode": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * GTID 기반 로깅을 사용할지 여부와 로그에 포함할 수 있는 트랜잭션 유형 설명' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "gtid-mode"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "OFF_PERMISSIVE"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "gtid-mode",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_buffer_pool_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_buffer_pool_size",' -A 1 -B 1 | grep '"ParameterValue": "{DBInstanceClassMemory\*3/4}",' | wc -l` ]; then
echo ' - "ParameterName": "innodb_buffer_pool_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * Innodb가 테이블의 데이터와 인덱스를 캐시하기 위해 사용하는 메모리 버퍼의 크기(Byte)' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "innodb_buffer_pool_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "{DBInstanceClassMemory\*3/4}"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_buffer_pool_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_file_per_table",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_file_per_table",' -A 1 -B 1 | grep '"ParameterValue": "1",' | wc -l` ]; then
echo ' - "ParameterName": "innodb_file_per_table": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * Innodb에 테이블 스페이스/파일을 선택' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "innodb_file_per_table"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_file_per_table",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_flush_method",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_flush_method",' -A 1 -B 1 | grep '"ParameterValue": "O_DIRECT",' | wc -l` ]; then
echo ' - "ParameterName": "innodb_flush_method": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * Innodb의 플러시 메소드를 결정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "innodb_flush_method"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "O_DIRECT"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_flush_method",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_buffer_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_buffer_size",' -A 1 -B 1 | grep '"ParameterValue": "8388608",' | wc -l` ]; then
echo ' - "ParameterName": "innodb_log_buffer_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * Innodb가 디스크의 로그 파일에 쓰는 데 사용하는 버퍼의 크기(Byte)' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "innodb_log_buffer_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "8388608"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_buffer_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_file_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_file_size",' -A 1 -B 1 | grep '"ParameterValue": "134217728",' | wc -l` ]; then
echo ' - "ParameterName": "innodb_log_file_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 로그 그룹의 각 로그 파일 크기(Byte)' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "innodb_log_file_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "134217728"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_file_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "key_buffer_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "key_buffer_size",' -A 1 -B 1 | grep '"ParameterValue": "16777216",' | wc -l` ]; then
echo ' - "ParameterName": "key_buffer_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 인덱스 블록(모든 읽기 및 다중 쓰기의 경우)에 사용되는 향상된 인덱스 처리를 얻으려면 버퍼 크기를 늘릴 것' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "key_buffer_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "16777216"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "key_buffer_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "local_infile",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "local_infile",' -A 1 -B 1 | grep '"ParameterValue": "1",' | wc -l` ]; then
echo ' - "ParameterName": "local_infile": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * LOAD DATA INFILE에 대해 LOCAL 컨트롤 지원' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "local_infile"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "local_infile",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_output",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_output",' -A 1 -B 1 | grep '"ParameterValue": "TABLE",' | wc -l` ]; then
echo ' - "ParameterName": "log_output": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 쿼리 로그를 저장할 위치 제어' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log_output"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "TABLE"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_output",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "master-info-repository",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "master-info-repository",' -A 1 -B 1 | grep '"ParameterValue": "TABLE",' | wc -l` ]; then
echo ' - "ParameterName": "master-info-repository": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 이 옵션을 사용하면 서버가 마스터 정보 로그를 파일이나 테이블에 기록' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "master-info-repository"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "TABLE"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "master-info-repository",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_connections",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_connections",' -A 1 -B 1 | grep '"ParameterValue": "{DBInstanceClassMemory/12582880}",' | wc -l` ]; then
echo ' - "ParameterName": "max_connections": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 허용되는 동시 클라이언트 연결 수' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "max_connections"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "{DBInstanceClassMemory/12582880}"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_connections",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "performance_schema",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "performance_schema",' -A 1 -B 1 | grep '"ParameterValue": "0",' | wc -l` ]; then
echo ' - "ParameterName": "performance_schema": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 성능 스키마를 사용하거나 사용하지 않도록 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "performance_schema"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "0"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "performance_schema",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_buffer_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_buffer_size",' -A 1 -B 1 | grep '"ParameterValue": "262144",' | wc -l` ]; then
echo ' - "ParameterName": "read_buffer_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 순차 스캔을 수행하는 각 스레드는 이 버퍼를 할당. 많은 순차적 스캔을 수행하여 값이 증가하면 성능 향상에 도움' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "read_buffer_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "262144"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_buffer_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_only",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_only",' -A 1 -B 1 | grep '"ParameterValue": "{TrueIfReplica}",' | wc -l` ]; then
echo ' - "ParameterName": "read_only": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 활성화되면 서버는 슬레이브 스레드가 수행한 업데이트를 제외하고 업데이트를 비허용' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "read_only"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "{TrueIfReplica}"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_only",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_rnd_buffer_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_rnd_buffer_size",' -A 1 -B 1 | grep '"ParameterValue": "524288",' | wc -l` ]; then
echo ' - "ParameterName": "read_rnd_buffer_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 키 정렬 작업 후에 정렬된 순서로 행을 읽을 때 디스크 읽기를 방지. 큰 값은 ORDER BY 성능을 향상시킬 수 있음' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "read_rnd_buffer_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "524288"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "read_rnd_buffer_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay_log_info_repository",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay_log_info_repository",' -A 1 -B 1 | grep '"ParameterValue": "TABLE",' | wc -l` ]; then
echo ' - "ParameterName": "relay_log_info_repository": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 이 옵션을 사용하면 서버가 릴레이 로그 정보를 파일이나 테이블에 기록' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "relay_log_info_repository"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "TABLE"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay_log_info_repository",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "sync_binlog",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "sync_binlog",' -A 1 -B 1 | grep '"ParameterValue": "1",' | wc -l` ]; then
echo ' - "ParameterName": "sync_binlog": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * binlog 동기화 (MySQL이 디스크로 플러시되거나 OS에 의존)' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "sync_binlog"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "sync_binlog",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "table_open_cache_instances",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "table_open_cache_instances",' -A 1 -B 1 | grep '"ParameterValue": "16",' | wc -l` ]; then
echo ' - "ParameterName": "table_open_cache_instances": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 열린 테이블 캐시 인스턴스의 수' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "table_open_cache_instances"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "16"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "table_open_cache_instances",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "thread_stack",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "thread_stack",' -A 1 -B 1 | grep '"ParameterValue": "262144",' | wc -l` ]; then
echo ' - "ParameterName": "thread_stack": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 스레드 스택 크기가 너무 작으면 서버가 처리 할 수 있는 SQL 문의 복잡성, 저장프로시저의 재귀 수준 및 기타 메모리 소비 작업을 제한' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "thread_stack"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "262144"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "thread_stack",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "basedir",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "basedir",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbbin/mysql",' | wc -l` ]; then
echo ' - "ParameterName": "basedir": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * MySQL 설치베이스 디렉토리' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "basedir"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbbin/mysql"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "basedir",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "datadir",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "datadir",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/db/",' | wc -l` ]; then
echo ' - "ParameterName": "datadir": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * MySQL 데이터 디렉토리' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "datadir"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/db/"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "datadir",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "default_storage_engine",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "default_storage_engine",' -A 1 -B 1 | grep '"ParameterValue": "InnoDB",' | wc -l` ]; then
echo ' - "ParameterName": "default_storage_engine": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 기본 저장소 엔진(테이블 형식)' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "default_storage_engine"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "InnoDB"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "default_storage_engine",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "general_log_file",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "general_log_file",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/log/general/mysql-general.log",' | wc -l` ]; then
echo ' - "ParameterName": "general_log_file": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * MySQL 일반 로그의 위치' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "general_log_file"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/log/general/mysql-general.log"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "general_log_file",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_data_home_dir",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_data_home_dir",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/db/innodb",' | wc -l` ]; then
echo ' - "ParameterName": "innodb_data_home_dir": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * Innodb 파일이 저장된 디렉토리' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "innodb_data_home_dir"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/db/innodb"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_data_home_dir",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_group_home_dir",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_group_home_dir",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/log/innodb",' | wc -l` ]; then
echo ' - "ParameterName": "innodb_log_group_home_dir": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * Innodb 로그 파일의 디렉토리 경로' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "innodb_log_group_home_dir"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/log/innodb"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "innodb_log_group_home_dir",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log-bin",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log-bin",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/log/binlog/mysql-bin-changelog",' | wc -l` ]; then
echo ' - "ParameterName": "log-bin": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 바이너리 로깅 제어' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log-bin"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/log/binlog/mysql-bin-changelog"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log-bin",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_error",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_error",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/log/error/mysql-error.log",' | wc -l` ]; then
echo ' - "ParameterName": "log_error": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 오류 로그의 위치' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log_error"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/log/error/mysql-error.log"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_error",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_slave_updates",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_slave_updates",' -A 1 -B 1 | grep '"ParameterValue": "1",' | wc -l` ]; then
echo ' - "ParameterName": "log_slave_updates": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 체인 복제 허용' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log_slave_updates"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_slave_updates",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_binlog_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_binlog_size",' -A 1 -B 1 | grep '"ParameterValue": "134217728",' | wc -l` ]; then
echo ' - "ParameterName": "max_binlog_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 이 크기에 도달하면 서버가 binlog를 변경' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "max_binlog_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "134217728"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_binlog_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "pid_file",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "pid_file",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/log/mysql-{EndPointPort}.pid",' | wc -l` ]; then
echo ' - "ParameterName": "pid_file": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 프로세스 ID 파일의 경로 이름. 이 파일은 mysqld_safe와 같은 다른 프로그램에서 서버의 프로세스 ID를 결정하는 데 사용' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "pid_file"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/log/mysql-{EndPointPort}.pid"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "pid_file",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "port",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "port",' -A 1 -B 1 | grep '"ParameterValue": "{EndPointPort}",' | wc -l` ]; then
echo ' - "ParameterName": "port": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 서버가 TC/IP 연결을 청취하는 포트의 번호' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "port"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "{EndPointPort}"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "port",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay-log",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay-log",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/log/relaylog/relaylog",' | wc -l` ]; then
echo ' - "ParameterName": "relay-log": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 릴레이 로그의 기본 이름' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "relay-log"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/log/relaylog/relaylog"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay-log",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay_log_recovery",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay_log_recovery",' -A 1 -B 1 | grep '"ParameterValue": "1",' | wc -l` ]; then
echo ' - "ParameterName": "relay_log_recovery": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 서버 시작 직후 자동 릴레이 로그 복구를 사용 가능하게 함' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "relay_log_recovery"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "relay_log_recovery",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "secure_file_priv",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "secure_file_priv",' -A 1 -B 1 | grep '"ParameterValue": "/tmp",' | wc -l` ]; then
echo ' - "ParameterName": "secure_file_priv": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * LOAD_FILE(), LOAD_DATA 및 SELECT의 효과 제한' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "secure_file_priv"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/tmp"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "secure_file_priv",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "server_id",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "server_id",' -A 1 -B 1 | grep '"ParameterValue": "{ServerId}",' | wc -l` ]; then
echo ' - "ParameterName": "server_id": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 복제 그룹에서 인스턴스를 식별하는데 사용되는 정수 값' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "server_id"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "{ServerId}"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "server_id",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "skip-slave-start",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "skip-slave-start",' -A 1 -B 1 | grep '"ParameterValue": "1",' | wc -l` ]; then
echo ' - "ParameterName": "skip-slave-start": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 슬레이브 서버가 서버를 시작할 때 슬레이브 스레드를 시작하지 못하게 함' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "skip-slave-start"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "skip-slave-start",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "slow_query_log_file",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "slow_query_log_file",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/log/slowquery/mysql-slowquery.log",' | wc -l` ]; then
echo ' - "ParameterName": "slow_query_log_file": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * MySQL 저속 질의 로그 파일의 위치' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "slow_query_log_file"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/log/slowquery/mysql-slowquery.log"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "slow_query_log_file",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "socket",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "socket",' -A 1 -B 1 | grep '"ParameterValue": "/tmp/mysql.sock",' | wc -l` ]; then
echo ' - "ParameterName": "socket": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * (UNIX) 소켓 파일 및 로컬 연결에 사용되는 (WINODWS) 명명 된 파이프' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "socket"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/tmp/mysql.sock"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "socket",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "tmpdir",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "tmpdir",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/tmp",' | wc -l` ]; then
echo ' - "ParameterName": "tmpdir": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 임시 파일 및 임시 테이블에 사용되는 디렉토리' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "tmpdir"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/tmp"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "tmpdir",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
fi
else
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep postgresql.log | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "autovacuum_analyze_scale_factor",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "autovacuum_analyze_scale_factor",' -A 1 -B 1 | grep '"ParameterValue": "0.05",' | wc -l` ]; then
echo ' - "ParameterName": "autovacuum_analyze_scale_factor": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * reltuples의 일부로 분석하기 전에 튜플 삽입, 업데이트 또는 삭제의 수' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "autovacuum_analyze_scale_factor"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "0.05"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "autovacuum_analyze_scale_factor",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "autovacuum_naptime",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "autovacuum_naptime",' -A 1 -B 1 | grep '"ParameterValue": "30",' | wc -l` ]; then
echo ' - "ParameterName": "autovacuum_naptime": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * autovacuum 자동 실행 주기(초)' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "autovacuum_naptime"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "30"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "autovacuum_naptime",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "autovacuum_vacuum_scale_factor",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "autovacuum_vacuum_scale_factor",' -A 1 -B 1 | grep '"ParameterValue": "0.1",' | wc -l` ]; then
echo ' - "ParameterName": "autovacuum_vacuum_scale_factor": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * reltuples의 일부로 진공 이전의 튜플 업데이트 또는 삭제 횟수' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "autovacuum_vacuum_scale_factor"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "0.1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "autovacuum_vacuum_scale_factor",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "checkpoint_completion_target",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "checkpoint_completion_target",' -A 1 -B 1 | grep '"ParameterValue": "0.9",' | wc -l` ]; then
echo ' - "ParameterName": "checkpoint_completion_target": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 검사 시간 동안 불필요한 버퍼를 플러시하는데 소요되는 시간 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "checkpoint_completion_target"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "0.9"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "checkpoint_completion_target",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "client_encoding",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "client_encoding",' -A 1 -B 1 | grep '"ParameterValue": "UTF8",' | wc -l` ]; then
echo ' - "ParameterName": "client_encoding": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 클라이언트 문자 세트 인코딩 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "client_encoding"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "UTF8"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "client_encoding",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "effective_cache_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "effective_cache_size",' -A 1 -B 1 | grep '"ParameterValue": "{DBInstanceClassMemory/16384}",' | wc -l` ]; then
echo ' - "ParameterName": "effective_cache_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 디스크 캐시의 크기에 대한 용량 설정(8KB)' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "effective_cache_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "{DBInstanceClassMemory/16384}"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "effective_cache_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "huge_pages",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "huge_pages",' -A 1 -B 1 | grep '"ParameterValue": "off",' | wc -l` ]; then
echo ' - "ParameterName": "huge_pages": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * Linux에서의 큰 페이지 사용 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "huge_pages"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "off"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "huge_pages",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_checkpoints",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_checkpoints",' -A 1 -B 1 | grep '"ParameterValue": "1",' | wc -l` ]; then
echo ' - "ParameterName": "log_checkpoints": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 각 검사 점 기록' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log_checkpoints"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_checkpoints",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_destination",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_destination",' -A 1 -B 1 | grep '"ParameterValue": "stderr",' | wc -l` ]; then
echo ' - "ParameterName": "log_destination": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 서버 로그 출력의 대상 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log_destination"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "stderr"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_destination",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_filename",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_filename",' -A 1 -B 1 | grep '"ParameterValue": "postgresql.log.%Y-%m-%d-%H' | wc -l` ]; then
echo ' - "ParameterName": "log_filename": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 로그 파일의 파일 이름 패턴 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log_filename"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "postgresql.log.%Y-%m-%d-%H"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_filename",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_hostname",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_hostname",' -A 1 -B 1 | grep '"ParameterValue": "1",' | wc -l` ]; then
echo ' - "ParameterName": "log_hostname": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 연결 로그에 호스트 이름 기록 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log_hostname"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_hostname",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_rotation_age",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_rotation_age",' -A 1 -B 1 | grep '"ParameterValue": "60",' | wc -l` ]; then
echo ' - "ParameterName": "log_rotation_age": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 자동 로그 파일 회전은 N분 후에 발생(분)' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log_rotation_age"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "60"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_rotation_age",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "maintenance_work_mem",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "maintenance_work_mem",' -A 1 -B 1 | grep '"ParameterValue": "GREATEST' | wc -l` ]; then
echo ' - "ParameterName": "maintenance_work_mem": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 유지 보수 작업에 사용할 최대 메모리 설정(KB)' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "maintenance_work_mem"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "GREATEST"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "maintenance_work_mem",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_connections",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_connections",' -A 1 -B 1 | grep '"ParameterValue": "LEAST' | wc -l` ]; then
echo ' - "ParameterName": "max_connections": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 최대 동시 연결 수 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "max_connections"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "LEAST"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_connections",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_locks_per_transaction",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_locks_per_transaction",' -A 1 -B 1 | grep '"ParameterValue": "64",' | wc -l` ]; then
echo ' - "ParameterName": "max_locks_per_transaction": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 트랜잭션 당 최대 잠금 수 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "max_locks_per_transaction"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "64"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_locks_per_transaction",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_prepared_transactions",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_prepared_transactions",' -A 1 -B 1 | grep '"ParameterValue": "0"' | wc -l` ]; then
echo ' - "ParameterName": "max_prepared_transactions": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 동시 준비 트랜잭션의 최대 수 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "max_prepared_transactions"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "0"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_prepared_transactiions",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_replication_slots",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_replication_slots",' -A 1 -B 1 | grep '"ParameterValue": "5"' | wc -l` ]; then
echo ' - "ParameterName": "max_replication_slots": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 서버가 지원할 수 있는 최대 복제 슬롯 수 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "max_replication_slots"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "5"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_replication_slots",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_stack_depth",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_stack_depth",' -A 1 -B 1 | grep '"ParameterValue": "6144"' | wc -l` ]; then
echo ' - "ParameterName": "max_stack_depth": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo '" * 최대 스택 깊이를 킬로바이트 단위로 설정(KB)"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "max_stack_depth"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "6144"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_stack_depth",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_wal_senders",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_wal_senders",' -A 1 -B 1 | grep '"ParameterValue": "10"' | wc -l` ]; then
echo ' - "ParameterName": "max_wal_senders": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 동시에 실행중인 WAL 발신자 프로세스의 최대 수 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "max_wal_senders"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "10"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_stack_depth",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_wal_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_wal_size",' -A 1 -B 1 | grep '"ParameterValue": "128"' | wc -l` ]; then
echo ' - "ParameterName": "max_wal_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 검사 점을 트리거 하는 WAL 크기 설정(16MB)' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "max_wal_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "128"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_wal_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_worker_processes",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_worker_processes",' -A 1 -B 1 | grep '"ParameterValue": "8"' | wc -l` ]; then
echo ' - "ParameterName": "max_worker_processes": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 동시 작업자 프로세스의 최대 수 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "max_worker_processes"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "8"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_wal_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "min_wal_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "min_wal_size",' -A 1 -B 1 | grep '"ParameterValue": "16"' | wc -l` ]; then
echo ' - "ParameterName": "min_wal_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * WAL을 축소 할 최소 크기 설정(16MB)' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "min_wal_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "16"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "max_wal_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "postgis.gdal_enabled_drivers",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "postgis.gdal_enabled_drivers",' -A 1 -B 1 | grep '"ParameterValue": "ENABLE_ALL"' | wc -l` ]; then
echo ' - "ParameterName": "postgis.gdal_enabled_drivers": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * PostgresSQL 9.3.5 이상에서 PostGIS와 함께 사용되는 GDAL 드라이버 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "postgis.gdal_enabled_drivers"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "ENABLE_ALL"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "postgis.gdal_enabled_drivers",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.custom_dns_resolution",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.custom_dns_resolution",' -A 1 -B 1 | grep '"ParameterValue": "0"' | wc -l` ]; then
echo ' - "ParameterName": "rds.custom_dns_resolution": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 고객 VPC에서 DNS 확인 허용 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "rds.custom_dns_resolution"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "0"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.custom_dns_resolution",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.force_ssl",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.force_ssl",' -A 1 -B 1 | grep '"ParameterValue": "0"' | wc -l` ]; then
echo ' - "ParameterName": "rds.force_ssl": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 강제 SSL 연결 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "rds.force_ssl"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "0"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.force_ssl",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.log_retention_period",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.log_retention_period",' -A 1 -B 1 | grep '"ParameterValue": "4320"' | wc -l` ]; then
echo ' - "ParameterName": "rds.log_retention_period": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * Amazon RDS는 N분보다 오래된 PostgreSQL 로그 삭제 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "rds.log_retention_period"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "4320"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.log_retention_period",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.logical_replication",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.logical_replication",' -A 1 -B 1 | grep '"ParameterValue": "0"' | wc -l` ]; then
echo ' - "ParameterName": "rds.logical_replication": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 논리 디코딩 사용 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "rds.logical_replication"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "0"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.logical_replication",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.pg_stat_ramdisk_size",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.pg_stat_ramdisk_size",' -A 1 -B 1 | grep '"ParameterValue": "0"' | wc -l` ]; then
echo ' - "ParameterName": "rds.pg_stat_ramdisk_size": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 통계 램 디스크의 크기. 0이 아닌 값은 램 디스크 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "rds.pg_stat_ramdisk_size"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "0"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.pg_stat_ramdisk_size",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.rds_superuser_reserved_connections",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.rds_superuser_reserved_connections",' -A 1 -B 1 | grep '"ParameterValue": "2"' | wc -l` ]; then
echo ' - "ParameterName": "rds.rds_superuser_reserved_connections": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * rds_superusers에 예약된 연결 슬롯 수 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "rds.rds_superuser_reserved_connections"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "2"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.rds_superuser_reserved_connections",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "shared_buffers",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "shared_buffers",' -A 1 -B 1 | grep '"ParameterValue": "{DBInstanceClassMemory/32768}"' | wc -l` ]; then
echo ' - "ParameterName": "shared_buffers": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 서버가 사용하는 공유 메모리 버퍼 수 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "shared_buffers"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "ParameterValue": "{DBInstanceClassMemory/32768}"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "shared_buffers",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "ssl",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "ssl",' -A 1 -B 1 | grep '"ParameterValue": "1"' | wc -l` ]; then
echo ' - "ParameterName": "ssl": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * SSL 연결 사용 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "ssl"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "ssl",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "synchronous_commit",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "synchronous_commit",' -A 1 -B 1 | grep '"ParameterValue": "on"' | wc -l` ]; then
echo ' - "ParameterName": "synchronous_commit": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 현재 트랜잭션 동기화 수준 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "synchronous_commit"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "on"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "synchronous_commit",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "timezone",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "timezone",' -A 1 -B 1 | grep '"ParameterValue": "UTC"' | wc -l` ]; then
echo ' - "ParameterName": "timezone": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 타임 스탬프를 표시하고 해석하기 위한 표준 시간대 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "timezone"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "UTC"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "timezone",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "wal_keep_segments",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "wal_keep_segments",' -A 1 -B 1 | grep '"ParameterValue": "32"' | wc -l` ]; then
echo ' - "ParameterName": "wal_keep_segments": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 대기 서버에 보관되는 WAL 파일 수 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "wal_keep_segments"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "32"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "wal_keep_segments",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "wal_receiver_timeout",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "wal_receiver_timeout",' -A 1 -B 1 | grep '"ParameterValue": "30000"' | wc -l` ]; then
echo ' - "ParameterName": "wal_receiver_timeout": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 1차 서버로부터 데이터를 수신할 최대 대기 시간 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "wal_receiver_timeout"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "30000"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "wal_receiver_timeout",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "wal_sender_timeout",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "wal_sender_timeout",' -A 1 -B 1 | grep '"ParameterValue": "30000"' | wc -l` ]; then
echo ' - "ParameterName": "wal_sender_timeout": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * WAL 복제를 기다리는 최대 시간 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "wal_sender_timeout"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "30000"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "wal_sender_timeout",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "archive_command",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "archive_command",' -A 1 -B 1 | grep '"ParameterValue": "/etc/rds/dbbin/pgscripts/rds_wal_archive %p' | wc -l` ]; then
echo ' - "ParameterName": "archive_command": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * WAL 파일을 보관하기 위해 호출할 쉘 명령 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "archive_command"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/etc/rds/dbbin/pgscripts/rds_wal_archive %p"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "archive_command",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "archive_timeout",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "archive_timeout",' -A 1 -B 1 | grep '"ParameterValue": "300"' | wc -l` ]; then
echo ' - "ParameterName": "archive_timeout": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo '" * 새 파일이 N초 내에 시작되지 않은 경우 다음 xlog 파일 전환 설정(초)"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "archive_timeout"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "300"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "archive_timeout",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "config_file",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "config_file",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/config/postgresql.conf"' | wc -l` ]; then
echo ' - "ParameterName": "config_file": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 서버 기본 구성 파일 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "config_file"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/config/postgresql.conf"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "config_file",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "data_directory",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "data_directory",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/db"' | wc -l` ]; then
echo ' - "ParameterName": "data_directory": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 서버 데이터 디렉토리 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "data_directory"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/db"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "data_directory",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "fsync",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "fsync",' -A 1 -B 1 | grep '"ParameterValue": "1"' | wc -l` ]; then
echo ' - "ParameterName": "fsync": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 업데이트를 디스크에 강제 동기화 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "fsync"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "fsync",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "full_page_writes",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "full_page_writes",' -A 1 -B 1 | grep '"ParameterValue": "1"' | wc -l` ]; then
echo ' - "ParameterName": "full_page_writes": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 검사 시점 이후 처음 수정 될 때 전체 페이지 WAL 쓰기 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "full_page_writes"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "full_page_writes",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "hba_file",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "hba_file",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/config/pg_hba.conf"' | wc -l` ]; then
echo ' - "ParameterName": "hba_file": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 서버 hba 구성 파일 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "hba_file"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/config/pg_hba.conf"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "hba_file",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "ident_file",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "ident_file",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/config/pg_ident.conf"' | wc -l` ]; then
echo ' - "ParameterName": "ident_file": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 서버 ident 구성 파일 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "ident_file"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/config/pg_ident.conf"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "ident_file",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "listen_addresses",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "listen_addresses",' -A 1 -B 1 | grep '"ParameterValue": "\*"' | wc -l` ]; then
echo ' - "ParameterName": "listen_addresses": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 청취할 호스트 이름 또는 IP 주소 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "listen_addresses"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "*"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "listen_addresses",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "lo_compat_privileges",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "lo_compat_privileges",' -A 1 -B 1 | grep '"ParameterValue": "0"' | wc -l` ]; then
echo ' - "ParameterName": "lo_compat_privileges": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 대형 객체에 대한 권한 검사에 대해 이전 버전과의 호환 모드 활성화' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "lo_compat_privileges"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "0"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "lo_compat_privileges",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_directory",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_directory",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/log/error"' | wc -l` ]; then
echo ' - "ParameterName": "log_directory": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 로그 파일의 대상 디렉토리 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log_directory"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/log/error"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_directory",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_file_mode",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_file_mode",' -A 1 -B 1 | grep '"ParameterValue": "0644"' | wc -l` ]; then
echo ' - "ParameterName": "log_file_mode": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 로그 파일에 대한 파일 권한 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log_file_mode"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "0644"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_file_mode",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_line_prefix",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_line_prefix",' -A 1 -B 1 | grep '"ParameterValue": "%t:%r:%u@%d:\[%p\]:"' | wc -l` ]; then
echo ' - "ParameterName": "log_line_prefix": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 각 로그 라인 앞에 접두사가 붙은 정보 제어 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log_line_prefix"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "%t:%r:%u@%d:[%p]:"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_line_prefix",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_timezone",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_timezone",' -A 1 -B 1 | grep '"ParameterValue": "UTC"' | wc -l` ]; then
echo ' - "ParameterName": "log_timezone": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 로그 메시지에 사용할 표준 시간대 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log_timezone"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "UTC"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_timezone",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_truncate_on_rotation",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_truncate_on_rotation",' -A 1 -B 1 | grep '"ParameterValue": "0"' | wc -l` ]; then
echo ' - "ParameterName": "log_truncate_on_rotation": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 로그를 순환하는 동안 같은 이름의 기존 로그 파일 변경 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "log_truncate_on_rotation"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "0"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "log_truncate_on_rotation",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "logging_collector",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "logging_collector",' -A 1 -B 1 | grep '"ParameterValue": "1"' | wc -l` ]; then
echo ' - "ParameterName": "logging_collector": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 하위 프로세스를 시작하여 stderr 출력 및 / 또는 svclog를 로그 파일 캡쳐 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "logging_collector"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "1"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "logging_collector",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "port",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "port",' -A 1 -B 1 | grep '"ParameterValue": "{EndPointPort}"' | wc -l` ]; then
echo ' - "ParameterName": "port": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 서버가 수신 대기하는 TCP 포트 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "port"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "{EndPointPort}"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "port",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.max_tcp_buffers",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.max_tcp_buffers",' -A 1 -B 1 | grep '"ParameterValue": "33554432"' | wc -l` ]; then
echo ' - "ParameterName": "rds.max_tcp_buffers": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * tcp 버퍼의 최대 크기 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "rds.max_tcp_buffers"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "33554432"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.max_tcp_buffers",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.superuser_variables",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.superuser_variables",' -A 1 -B 1 | grep '"ParameterValue": "session_replication_role"' | wc -l` ]; then
echo ' - "ParameterName": "rds.superuser_variables": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * rds_superuser 수정문을 향상시키는 슈퍼 유저 전용 변수 목록' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "rds.superuser_variables"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "session_replication_role"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "rds.superuser_variables",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "ssl_ca_file",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "ssl_ca_file",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/rds-metadata/ca-cert.pem"' | wc -l` ]; then
echo ' - "ParameterName": "ssl_ca_file": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * SSL 서버 권한 파일 위치 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "ssl_ca_file"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/rds-metadata/ca-cert.pem"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "ssl_ca_file",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "ssl_cert_file",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "ssl_cert_file",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/rds-metadata/server-cert.pem"' | wc -l` ]; then
echo ' - "ParameterName": "ssl_cert_file": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * SSL 서버 인증 파일 위치 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "ssl_cert_file"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/rds-metadata/server-cert.pem"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "ssl_cert_file",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "ssl_key_file",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "ssl_key_file",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/rds-metadata/server-key.pem"' | wc -l` ]; then
echo ' - "ParameterName": "ssl_key_file": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * SSL 서버 개인용 키 파일 위치 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "ssl_key_file"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/rds-metadata/server-key.pem"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "ssl_key_file",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "stats_temp_directory",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "stats_temp_directory",' -A 1 -B 1 | grep '"ParameterValue": "/rdsdbdata/db/pg_stat_tmp"' | wc -l` ]; then
echo ' - "ParameterName": "stats_temp_directory": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 임시 통계 파일을 지정된 디렉토리 기록 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "stats_temp_directory"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/rdsdbdata/db/pg_stat_tmp"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "stats_temp_directory",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "superuser_reserved_connections",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "superuser_reserved_connections",' -A 1 -B 1 | grep '"ParameterValue": "3"' | wc -l` ]; then
echo ' - "ParameterName": "superuser_reserved_connections": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 슈퍼 유저용으로 예약된 연결 슬롯 수 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "superuser_reserved_connections"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "3"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "superuser_reserved_connections",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "unix_socket_directories",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "unix_socket_directories",' -A 1 -B 1 | grep '"ParameterValue": "/tmp"' | wc -l` ]; then
echo ' - "ParameterName": "unix_socket_directories": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * Unix 도메인 소켓을 작성할 디렉터리 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "unix_socket_directories"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "/tmp"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "unix_socket_directories",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "unix_socket_group",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "unix_socket_group",' -A 1 -B 1 | grep '"ParameterValue": "rdsdb"' | wc -l` ]; then
echo ' - "ParameterName": "unix_socket_group": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * Unix 도메인 소켓의 액세스 권한 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "unix_socket_group"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "rdsdb"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 현재설정:' `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "unix_socket_group",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "unix_socket_permissions",' | wc -l` ]; then
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "unix_socket_permissions",' -A 1 -B 1 | grep '"ParameterValue": "0700"' | wc -l` ]; then
echo ' - "ParameterName": "unix_socket_permissions": YES' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
else
echo ' * 디스크로 WAL 업데이트를 강제하는데 사용되는 방법 설정' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 파라미터: "ParameterName": "unix_socket_permissions"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo ' - 기본설정: "ParameterValue": "0700"' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
echo " - 현재설정:" `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}.json | grep '"ParameterName": "unix_socket_permissions",' -A 1 -B 1 | grep "ParameterValue" | sed -e 's/,//g' | sed -e 's/ //g'` >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json
fi
fi
fi
fi
echo " ㅇ DB 파라미터 명: ${i}" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-101/RDS/RDS_PARAMETER_GROUP/${i}_RESULT.json | grep -v YES >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
done
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#RDS-102. MariaDB/MySQL 감사 플러그인 설정
echo "RDS-102. MariaDB/MySQL 감사 플러그인 설정"
echo "RDS-102. MariaDB/MySQL 감사 플러그인 설정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " * 회사 내부 RDS 중 감사 플러그인 사용 RDS 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#RDS-103. Oracle APEX Listener 설정
echo "RDS-103. Oracle APEX Listener 설정"
echo "RDS-103. Oracle APEX Listener 설정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " * 회사 내부 RDS 중 Oracle RDS 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#RDS-104. Oracle 기본 네트워크 암호화 (NNE) 설정
echo "RDS-104. Oracle 기본 네트워크 암호화 (NNE) 설정"
echo "RDS-104. Oracle 기본 네트워크 암호화 (NNE) 설정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " * 회사 내부 RDS 중 Oracle RDS 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#RDS-105. Oracle SSL 설정
echo "RDS-105. Oracle SSL 설정"
echo "RDS-105. Oracle SSL 설정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " * 회사 내부 RDS 중 Oracle RDS 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#RDS-106. Oracle Enterprise Manager (OEM) 설정
echo "RDS-106. Oracle Enterprise Manager (OEM) 설정"
echo "RDS-106. Oracle Enterprise Manager (OEM) 설정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " * 회사 내부 RDS 중 Oracle RDS 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#RDS-107. Oracle UTL_MAIL 설정
echo "RDS-107. Oracle UTL_MAIL 설정"
echo "RDS-107. Oracle UTL_MAIL 설정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " * 회사 내부 RDS 중 Oracle RDS 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "RDS 로깅"
echo "RDS 로깅" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#RDS-201. MariaDB/MySQL 보안 로그 설정
echo "RDS-201. MariaDB/MySQL 보안 로그 설정"
echo "RDS-201. MariaDB/MySQL 보안 로그 설정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " * 정보 부족으로 설정 점검 진행하지 않음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#RDS-202. MSSQL 보안 로그 설정
echo "RDS-202. MSSQL 보안 로그 설정"
echo "RDS-202. MSSQL 보안 로그 설정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " * 회사 내부 RDS 중 MSSQL RDS 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#RDS-203. Oracle 보안 로그 설정
echo "RDS-203. Oracle 보안 로그 설정"
echo "RDS-203. Oracle 보안 로그 설정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " * 회사 내부 RDS 중 Oracle RDS 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#RDS-204. PostgreSQL 보안 로그 설정
echo "RDS-204. PostgreSQL 보안 로그 설정"
echo "RDS-204. PostgreSQL 보안 로그 설정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " * 정보 부족으로 설정 점검 진행하지 않음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "S3 데이터 보안"
echo "S3 데이터 보안" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
#S3 버킷 권한 점검
echo "S3-001. 버킷 접근 보안"
echo "S3-001. 버킷 접근 보안" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ Everyone 그룹에 권한이 모두 미설정일 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 다른 AWS 계정에 대한 액세스 설정이 존재하지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ Everyone 그룹에 객체목록생성, 객체쓰기, 버킷읽기권한, 버킷쓰기권한이 부여되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 다른 AWS 계정에 대한 액세스 설정이 존재할 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " => AWS 계정 보유자의 역할 확인 필요" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "S3-001. 버킷 접근 보안 중"
mkdir -p ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-001
BUCKET_LIST=`aws s3api list-buckets | grep Name | sed -e 's/"//g' | awk '{print $2 }' | sort -f | uniq`
echo -e "\n"
echo " ㅇ Public으로 설정되어 있는 버킷" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "아래 메시지처럼 나오는 상황은 무시하셔도 됩니다."
echo "An error occurred (NoSuchBucketPolicy) ~~~~~~"
for i in ${BUCKET_LIST[@]}
do
if [ 1 -eq `aws s3api get-bucket-policy-status --bucket ${i} | grep -E 'IsPublic\": true' | wc -l` ]; then
echo " -" ${i} > ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-001/${i}.txt
else
echo " - ${i}: 확인되지 않음" > ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-001/${i}.txt
fi
done
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-001/*.txt | grep -v "확인되지 않음" | wc -l` ]; then
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-001/*.txt | grep -v "확인되지 않음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
else
echo " - Public로 설정되어 있는 버킷 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
echo "S3-001. 버킷 접근 보안 확인 완료"
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "S3-002. 기본 암호화 설정"
echo "S3-002. 기본 암호화 설정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ AES-256으로 서버 측 암호화 사용 또는 AWS-KMS로 서버측 암호화가 설정되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ AES-256으로 서버 측 암호화 사용 또는 AWS-KMS로 서버측 암호화가 설정되어 있지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 아래 리스트는 암호화 설정이 되어 있지 않은 것만 출력" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "S3-002. 기본 암호화 설정 점검 중"
mkdir -p ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-002
BUCKET_LIST=`aws s3api list-buckets | grep Name | sed -e 's/"//g' | awk '{print $2 }' | sort -f | uniq`
echo -e "\n"
echo "아래 메시지처럼 나오는 상황은 무시하셔도 됩니다."
echo "An error occurred (ServerSideEncryptionConfigurationNotFoundError)~~~~~~~~"
for i in ${BUCKET_LIST[@]}
do
if [ 1 -eq `aws s3api get-bucket-encryption --bucket ${i} | grep SSEAlgorithm | sed -e 's/"//g' | awk '{print $2}' | wc -l` ]; then
echo " ㅇ 버킷 명/암호화 여부: ${i} /" `aws s3api get-bucket-encryption --bucket ${i} | grep SSEAlgorithm | sed -e 's/"//g' | awk '{print $2}'` > ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-002/${i}.txt
else
echo " ㅇ 버킷 명/암호화 여부: ${i} / 암호화 설정 되지 않음" > ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-002/${i}.txt
fi
done
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-002/*.txt | grep "암호화 설정 되지 않음" | wc -l` ]; then
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-002/*.txt | grep "암호화 설정 되지 않음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
else
echo " ㅇ 전체 암호화 설정 되어 있음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
echo "S3-002. 기본 암호화 설정 점검 완료"
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "S3-003. 로그 파일의 수집 및 권한 설정"
echo "S3-003. 로그 파일의 수집 및 권한 설정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ S3 버킷에 대한 서버 액세스 로깅이 활성화되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ S3 버킷에 대한 서버 액세스 로깅이 활성화되어 있지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 아래 리스트는 로깅 설정이 되어 있지 않은 것만 출력" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "S3-003. 로그 파일의 수집 및 권한 설정 확인 중"
mkdir -p ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-003
BUCKET_LIST=`aws s3api list-buckets | grep Name | sed -e 's/"//g' | awk '{print $2 }' | sort -f | uniq`
for i in ${BUCKET_LIST[@]}
do
aws s3api get-bucket-logging --bucket ${i} > ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-003/${i}.json
if [ 1 -eq `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-003/${i}.json | grep LoggingEnabled | wc -l` ]; then
echo " ㅇ 버킷 명: "${i} - 로깅 설정 되어 있음 > ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-003/${i}.txt
else
echo " ㅇ 버킷 명: "${i} - 로깅 설정 되어 있지 않음 > ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-003/${i}.txt
fi
done
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-003/*.txt | grep "되어 있지 않음" | wc -l` ]; then
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-003/*.txt | grep "되어 있지 않음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
else
echo " ㅇ 전체 버킷 로깅 설정 되어 있음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
echo "S3-003. 로그 파일의 수집 및 권한 설정 확인 완료"
echo -e "\n" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "S3-004. IAM(자격 증명 기반 정책) 보안 정책 설정"
echo "S3-004. IAM(자격 증명 기반 정책) 보안 정책 설정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 양호기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 1명의 사용자가 다수의 IAM 계정을 사용하지 않을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ S3 서비스의 IAM 계정 사용 권한이 각각 서비스 역할에 맞게 설정되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "* 취약기준" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ 1명의 사용자가 다수의 IAM 계정을 사용할 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " ㅇ S3 서비스의 IAM 계정 사용 권한이 각각 서비스 역할에 맞지 않게 설정되어 있을 경우" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "----------" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo "S3-004. IAM(자격 증명 기반 정책) 보안 정책 설정 점검 중"
#S3 관련 폴더 생성
mkdir -p "${TODAY}/${ACCOUNT}/${REGION_ID}/S3-004"
S3_ADMIN_POLICY_ATTR=("AmazonS3FullAccess" "AmazonDMSRedshiftS3Role" "AmazonS3ReadOnlyAccess" "QuickSightAccessForS3StorageManagementAnalyticsReadOnly")
for i in ${S3_ADMIN_POLICY_ATTR[@]}
do
echo " ㅇ ${i} 권한을 가지고 있는 계정이 있는가?" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
echo " - AWS 관리형 권한을 가진 계정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
touch ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-004/${i}_USER_LIST.txt
for j in ${USER_GROUP_LIST[@]}
do
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/${j}.json | grep ${i} | wc -l` ]; then
aws iam get-group --group-name ${j} | grep UserName | sed -e 's/"//g' | sed -e 's/,//g' | sort -f | awk -F ": " '{print " · " $2}' >> ${TODAY}/${ACCOUNT}/${REGION_ID}/RDS-001/${i}_USER_LIST.txt
fi
done
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-004/${i}_USER_LIST.txt | wc -l` ]; then
cat ${TODAY}/${ACCOUNT}/${REGION_ID}/S3-004/${i}_USER_LIST.txt | sort -f | uniq >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
else
echo " · ${i} 권한을 가지고 있는 계정이 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
echo " - 계정에 직접 ${i} 권한을 가진 계정" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
if [ 0 -lt `cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -ne "\"PolicyName\": \"${i}\"\," | wc -l` ]; then
ADMIN_DOCS_NUM=`cat ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -ne "\"PolicyName\": \"${i}\"" | awk -F ":" '{print $1}'`
for k in ${ADMIN_DOCS_NUM[@]}
do
LINE_NUM=100
while [ 0 -lt ${LINE_NUM} ]
do
if [ 1 -eq `cat -b ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -B ${LINE_NUM} ${k} | grep UserName | wc -l` ]; then
cat -b ${TODAY}/${ACCOUNT}/${REGION_ID}/AWS-004/ACCOUNT_DETAIL_USER.json | grep -B ${LINE_NUM} ${k} | grep UserName | sed -e 's/\"//g' | sed -e 's/\,//g' | awk -F ": " '{ print " · " $2 }' | sort -f | uniq >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
break;
else
LINE_NUM=`expr ${LINE_NUM} - 1`
fi
done
done
else
echo " · ${i} 권한을 직접 가지고 있는 계정이 없음" >> ${TODAY}/${ACCOUNT}/${REGION_ID}/${TODAY}_RESULT.txt
fi
done
echo "S3-004. IAM(자격 증명 기반 정책) 보안 정책 설정 점검 완료"