Oracle DBA课程系列笔记(19)
第十九章: 审计 (Audit)
1、审计的功能:监控用户在database 的 action (操作)
2、审计分类:
1) session :在同一个session,相同的语句只产生一个审计结果(默认)
2) access : 在同一个session,每一个语句产生一个审计结果
3、启用审计(默认不启用)
09:54:18 SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /u01/app/oracle/admin/prod/adu
mp
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string NONE (不启用)
09:54:56 SQL> alter system set audit_trail=db scope=spfile;
System altered.
09:55:02 SQL> startup force;
ORACLE instance started.
Total System Global Area 167772160 bytes
Fixed Size 1218316 bytes
Variable Size 83888372 bytes
Database Buffers 79691776 bytes
Redo Buffers 2973696 bytes
Database mounted.
Database opened.
09:55:23 SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /u01/app/oracle/admin/prod/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB
09:55:29 SQL>
-------audit_trail
1)none 不启用audit
2)db 将审计结果放在数据字典里(database),只有dba 可以访问
3)os 将审计结果存放到操作系统的文件里(由audit_file_dest指定的位置)
----启用audit ,默认不审计sys用户的action
audit_sys_operations=true ,启用对于sys 用户的审计
4、审计的对象:(默认情况:session ,对成功和不成功的同时审计)
1)语句审计
10:02:39 SQL> audit table;
Audit succeeded.
10:02:43 SQL> audit table by tom ;
Audit succeeded.
10:02:52 SQL> audit table by tom whenever successful;
Audit succeeded.
----------查看审计设置
11:08:29 SQL> select user_name,audit_option from dba_stmt_audit_opts;
USER_NAME AUDIT_OPTION
------------------------------ ----------------------------------------
TABLE
11:08:54 SQL> conn scott/tiger
Connected.
11:09:02 SQL> drop table dept1 purge;
drop table dept1 purge
*
ERROR at line 1:
ORA-02449: unique/primary keys in table referenced by foreign keys
11:09:12 SQL> drop table dept1 cascade purge;
drop table dept1 cascade purge
*
ERROR at line 1:
ORA-00905: missing keyword
11:09:28 SQL> drop table dept1 cascade;
drop table dept1 cascade
*
ERROR at line 1:
ORA-00905: missing keyword
11:09:31 SQL> drop table dept1 cascade constraint purge;
Table dropped.
11:09:38 SQL> drop table emp1 purge;
Table dropped.
11:09:46 SQL> create table emp1 as select * from emp;
Table created.
11:11:50 SQL> conn tom/tom
Connected.
11:12:52 SQL> create table t01 (id int);
Table created.
11:13:07 SQL> drop table t01 purge;
Table dropped.
11:13:11 SQL> conn /as sysdba
Connected.
11:13:29 SQL> alter session set nls_date_format='yyyy-mm-dd hh24:mi:ss';
Session altered.
11:14:31 SQL> col username for a10
11:14:35 SQL> col obj_name for a10
11:14:42 SQL>
1* select USERNAME,TIMESTAMP,OBJ_NAME,ACTION_NAME from dba_audit_trail
USERNAME TIMESTAMP OBJ_NAME ACTION_NAME
---------- ------------------- ---------- ----------------------------
SCOTT 2011-08-11 11:09:12 DEPT1 DROP TABLE
SCOTT 2011-08-11 11:09:26 DEPT1 DROP TABLE
SCOTT 2011-08-11 11:09:31 DEPT1 DROP TABLE
SCOTT 2011-08-11 11:09:39 DEPT1 DROP TABLE
SCOTT 2011-08-11 11:09:47 EMP1 DROP TABLE
SCOTT 2011-08-11 11:09:59 EMP1 CREATE TABLE
TOM 2011-08-11 11:13:07 T01 CREATE TAB
---------审计结果存放到aud$的基表里,通过dba_audit_trail 视图查看
11:14:42 SQL> select count(*) from aud$;
COUNT(*)
----------
8
----------删除审计结果
11:17:24 SQL> delete from aud$;
8 rows deleted.
--------关闭审计
11:17:35 SQL> noaudit table
11:18:11 2 ;
Noaudit succeeded.
2)权限审计
11:18:12 SQL> audit create table;
Audit succeeded.
11:19:42 SQL> conn scott/tiger
Connected.
11:20:02 SQL> create table dept1 as select * from dept;
Table created.
11:20:10 SQL> drop table dept1 purge;
Table dropped.
11:20:17 SQL> conn /as sysdba
Connected.
11:20:20 SQL>
11:20:20 SQL> select USERNAME,TIMESTAMP,OBJ_NAME,ACTION_NAME from dba_audit_trail;
USERNAME TIMESTAMP OBJ_NAME ACTION_NAME
---------- --------- ---------- ----------------------------
SCOTT 11-AUG-11 DEPT1 CREATE TABLE
11:20:26 SQL>
3)对象审计
11:21:13 SQL> audit all on scott.emp1;
Audit succeeded.
11:21:25 SQL> conn scott/tiger
Connected.
11:22:19 SQL>
11:22:19 SQL> select * from emp1;
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
---------- ---------- --------- ---------- --------- ---------- ---------- ----------
7369 SMITH CLERK 7902 17-DEC-80 800 20
7499 ALLEN SALESMAN 7698 20-FEB-81 1600 300 30
7521 WARD SALESMAN 7698 22-FEB-81 1250 500 30
7566 JONES MANAGER 7839 02-APR-81 2975 20
7654 MARTIN SALESMAN 7698 28-SEP-81 1250 1400 30
7698 BLAKE MANAGER 7839 01-MAY-81 2850 30
7782 CLARK MANAGER 7839 09-JUN-81 2450 10
7788 SCOTT ANALYST 7566 19-APR-87 3000 100 40
7839 KING PRESIDENT 17-NOV-81 5000 10
7844 TURNER SALESMAN 7698 08-SEP-81 1500 0 30
7876 ADAMS CLERK 7788 23-MAY-87 1100 20
7900 JAMES CLERK 7698 03-DEC-81 950 30
7902 FORD ANALYST 7566 03-DEC-81 3000 20
7934 MILLER CLERK 7782 23-JAN-82 1300 10
14 rows selected.
11:22:25 SQL> update emp1 set sal=9000 where empno=7788;
1 row updated.
11:22:40 SQL> delete from emp1 where rownum<2;
1 row deleted.
11:22:49 SQL> commit;
Commit complete.
11:22:52 SQL> conn /as sysdba
Connected.
11:22:55 SQL>
11:22:55 SQL> select username,ses_actions,obj_name,to_char(timestamp,'yyyy-mm-dd HH24:MI:SS')
11:23:35 2 FROM dba_audit_trail;
USERNAME SES_ACTIONS OBJ_NAME TO_CHAR(TIMESTAMP,'
---------- ------------------- ---------- -------------------
SCOTT ---S-----SS----- EMP1 2011-08-11 11:22:25
其中S表示successful ,表示在这个位置操作是成功的,F表示failure 失败,B表示both,两者都有。
5、精细审计Fine Grained Auditing (FGA)
-----建立审计策略
11:30:44 SQL> exec dbms_fga.add_policy(object_schema=>'scott',-
11:30:51 > object_name=>'emp',policy_name=>'chk_emp',-
11:31:05 > audit_condition =>'deptno=20',audit_column =>'sal',-
11:31:18 > statement_types =>'update,select');
PL/SQL procedure successfully completed.
11:31:28 SQL> conn scott/tiger
Connected.
11:31:35 SQL>
11:31:35 SQL> select * from emp;
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
---------- ---------- --------- ---------- --------- ---------- ---------- ----------
7369 SMITH CLERK 7902 17-DEC-80 800 20
7499 ALLEN SALESMAN 7698 20-FEB-81 1600 300 30
7521 WARD SALESMAN 7698 22-FEB-81 1250 500 30
7566 JONES MANAGER 7839 02-APR-81 2975 20
7654 MARTIN SALESMAN 7698 28-SEP-81 1250 1400 30
7698 BLAKE MANAGER 7839 01-MAY-81 2850 30
7782 CLARK MANAGER 7839 09-JUN-81 2450 10
7788 SCOTT ANALYST 7566 19-APR-87 3000 100 40
7839 KING PRESIDENT 17-NOV-81 5000 10
7844 TURNER SALESMAN 7698 08-SEP-81 1500 0 30
7876 ADAMS CLERK 7788 23-MAY-87 1100 20
7900 JAMES CLERK 7698 03-DEC-81 950 30
7902 FORD ANALYST 7566 03-DEC-81 3000 20
7934 MILLER CLERK 7782 23-JAN-82 1300 10
14 rows selected.
11:31:41 SQL> select * from emp where deptno=20;
EMPNO ENAME JOB MGR HIREDATE SAL COMM DEPTNO
---------- ---------- --------- ---------- --------- ---------- ---------- ----------
7369 SMITH CLERK 7902 17-DEC-80 800 20
7566 JONES MANAGER 7839 02-APR-81 2975 20
7876 ADAMS CLERK 7788 23-MAY-87 1100 20
7902 FORD ANALYST 7566 03-DEC-81 3000 20
11:31:48 SQL> update emp set deptno=10 where empno=7788;
1 row updated.
11:32:05 SQL> update emp set sal=8000 where empno=7788;
1 row updated.
11:32:12 SQL> update emp set sal=8000 where deptno=20;
4 rows updated.
11:32:21 SQL> commit;
Commit complete.
---------验证审计结果
11:32:24 SQL> conn /as sysdba
Connected.
11:32:27 SQL>
11:33:52 SQL> select db_user,to_char(timestamp,'yyyy-mm-dd hh24:mi:ss') "time" ,sql_text from dba_fga_audit_trail;
DB_USER time SQL_TEXT
---------- ------------------- --------------------------------------------------
SCOTT 2011-08-11 11:31:42 select * from emp
SCOTT 2011-08-11 11:31:49 select * from emp where deptno=20
SCOTT 2011-08-11 11:32:12 update emp set sal=8000 where empno=7788
SCOTT 2011-08-11 11:32:21 update emp set sal=8000 where deptno=20
------精细审计结果存放到fga_log$的基表里,通过dba_fga_audit_trail 查看。
11:34:36 SQL> select count(*) from fga_log$;
COUNT(*)
----------
4
11:36:20 SQL> delete from fga_log$;
4 rows deleted.
11:36:26 SQL> select db_user,to_char(timestamp,'yyyy-mm-dd hh24:mi:ss') "time" ,sql_text from dba_fga_audit_trail;
no rows selected
11:36:30 SQL>
禁止精细审计
04:08:08 SQL> exec dbms_fga.disable_policy(-
04:08:21 > object_schema=>'scott',object_name=>'emp',-
04:08:49 > policy_name=>'chk_emp');
PL/SQL procedure successfully completed.
激活精细审计
04:10:33 SQL> exec dbms_fga.enable_policy(-
04:10:40 > object_schema=>'scott',object_name=>'emp',-
04:10:51 > policy_name=>'chk_emp');
PL/SQL procedure successfully completed.
删除FGA策略
04:11:52 SQL> exec dbms_fga.drop_policy(-
04:11:54 > object_schema=>'scott',object_name=>'emp',-
04:11:59 > policy_name=>'chk_emp');
PL/SQL procedure successfully completed.
删除精细审计的结果
04:12:43 SQL> delete from sys.fga_log$;
7、应用审计(通过触发器来实现)
用于记载DML操作所引起的数据变化
1)建立审计表
11:37:32 SQL> conn scott/tiger
Connected.
create table audit_emp_change (
04:20:47 2 name varchar2(10),oldsal number(6,2),
04:21:12 3 newsal number(6,2) ,time date);
Table created.
2)建立DML 触发器
04:26:47 SQL> l
1 create or replace trigger tr_sal_change
2 after update of sal on scott.emp
3 for each row
4 declare
5 v_temp int;
6 begin
7 select count(*) into v_temp from audit_emp_change
8 where name=:old.ename;
9 if v_temp=0 then
10 insert into audit_emp_change
11 values(:old.ename,:old.sal,:new.sal,sysdate);
12 else
13 update audit_emp_change
14 set oldsal=:old.sal ,newsal=:new.sal ,time=sysdate
15 where name=:old.ename;
16 end if;
17* end;
/
3)执行DML操作
04:28:02 SQL> update scott.emp set sal=6000 where empno=7788;
1 row updated.
4)查看审计结果
04:28:35 SQL> select name,oldsal,newsal,
04:28:46 2 to_char(time,'YYYY-MM-DD HH24:MI') FROM AUDIT_EMP_CHANGE;
NAME OLDSAL NEWSAL TO_CHAR(TIME,'YY
---------- ---------- ---------- ----------------
SCOTT 2000 6000 2011-03-03 04:28
Oracle DBA课程系列笔记(19)相关推荐
- Oracle DBA课程系列笔记(16)
第十六章: 用户管理 1.schema : user.object ,用户认证方式:os 认证,database 认证 2.建立 database认证的用户: 10:00:48 S ...
- oracle dbms overflow,Oracle DBA课程系列笔记(12_1)
第十二章: 表(1) 1.表的功能:存储.管理数据的基本单元(二维表:有行和列组成) 2.表的类型: 1)普通表:heap table :数据存储时,无序的,对它的访问采用全表扫描. 2)分区表:(& ...
- Oracle DBA课程系列笔记(4)
第四章: 建立数据库 1.create database plan: 1.库类型:OLTP :在线事务处理系统 ...
- Oracle DBA课程系列笔记(5)
第五章: 数据字典 1.数据字典(Data dictionary)的功能 1)central of database 2)read_only table ...
- oracle 课程目录,cuug oracle DBA课程目录及简介
代码 课程名称 先修课程 天數 Oracle 功夫DBA项目实战班 Oracle Database 9i/10g TO-01 SUN Solaris系统与网络管理 计算机基础 10 Oracle 数据 ...
- Java相关课程系列笔记之一Java学习笔记
目 录 一. Java技术基础 1 1.1编程语言 1 1.2 Java的特点 1 1.3 Java开发环境 1 1.4 Java开发环境配置 2 1.5 Linux命令与相关知识 2 1.6 Ecl ...
- python 南京大学_南京大学python课程系列笔记之python基础之第一周:走进python
1.1 python简介: 历史,特点,应用 1.2 第一个python程序: 1.输出: print(字符串) print(变量) 2.输入: varibale = input("mess ...
- oracle 方泽宇_斯坦福大学CS520知识图谱系列课程学习笔记:第二讲如何构建知识图谱...
上一讲我们学习了知识图谱的一些基本概念:泽宇:斯坦福大学CS520知识图谱系列课程学习笔记:第一讲什么是知识图谱zhuanlan.zhihu.com 本节课程关于如何构建知识图谱,因为知识图谱的构建 ...
- 斯坦福大学CS520知识图谱系列课程学习笔记:第二讲如何构建知识图谱
上一讲我们学习了知识图谱的一些基本概念: 斯坦福大学CS520知识图谱系列课程学习笔记:第一讲什么是知识图谱 本节课程关于如何构建知识图谱,因为知识图谱的构建是整个知识图谱领域的一个非常核心且基础的工 ...
最新文章
- count(1)、count(*) 与 count (列名) 的执行区别
- IT十八掌作业_java基础第八天_多线程
- Unity NGUI ScrollView 苹果式滑动
- Spring - Java/J2EE Application Framework 应用框架 第 12 章 Web框架
- 特征值与特征向量_机器学习和线性代数 - 特征值和特征向量
- 过滤日志中不相关的堆栈跟踪行
- Java中dao层、service层、controller层、entity层和view层的概述
- 【项目经验】自动回声消除(AEC)原理
- 实习成长之路——设计模式三:组合与继承有啥关系?为什么说多用组合少用继承?如何选择使用哪种方式?
- 十大优秀 Windows开放源代码软件简介
- 操作系统课程设计(页面置换算法 C语言)
- Thymeleaf数据回显
- 吃糖果 (HDU-1205)(鸽笼原理(抽屉原理))
- 根据点云及其对应的四元数与GPS计算出其相对坐标系的经纬坐标(matlab)
- python中dic.get用法
- 用flask和html制作个人相册页面,Python编程flask使用页面模版的方法
- 可以搜python题答案的app-python实现百万答题自动百度搜索答案
- greenplum-执行SQL创建SliceGang 学习计划。
- 购买意大利蜜蜂瓷砖的憋屈经历
- LeetCode第 310 场周赛