oracle 审计设置,oracle审计简单设置
数据库审计
参数:audit_trail
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /data/admin/oral/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string NONE
参数查询:
可看是否静态参数v$system_parameter
查看audit_trail可设置的值:v$parameter_valid_values
配置审计需要重启实例,配置之前,需要备份好spfile;
create pfile='/oracle/app/product/10.2/dbs/pfile826.ora' from spfile;
alter system set AUDIT_TRAIL =DB_EXTENDED scope=spfile;
alter system set audit_sys_operations=true scope=spfile;
shutdown immediate
startup
如需关闭审计
alter system set audit_trail=none scope=spfile;
重启数据库
如果审计表aud$不存在,需要手工创建
SQL> conn / as sysdba
SQL> @?/rdbms/admin/cataudit.sql
将审计记录表移动到新的表空间
select * from aud$ ;
create tablespace aud datafile '/data/oradata/oral/aud01.dbf' size 10m autoextend on;
alter table aud$ move tablespace aud;
alter table aud$ move lob(sqlbind) store as (tablespace aud);
alter table aud$ move lob(sqltext) store as (tablespace aud);
alter index I_AUD1 rebuild tablespace aud;
如需删除审计记录,则将sys.aud$表中记录删除,将释放表空间;
开通的审计策略
如何检测潜在的登录攻击
audit create session by access whenever not successful;
audit connect by access whenever not successful;
对用户的所有行为进行审计
audit all by scott;
可查看到审计策略;
select * from dba_stmt_audit_opts ;--语句审计:statement
select * from dba_priv_audit_opts ; ---系统权限审计状态
select * from dba_obj_audit_opts ;--对象权限审计状态,中S:SESSION, A:ACCESS;按成功次数进行审计:audit select on t by access;SESSION 意思就是只记录一次成功;是默认值;
查询审计结果:
select * from dba_audit_trail ; ---审计结果存放的表
select * from dba_fga_audit_trail;
select * from dba_common_audit_trail;
DBA_AUDIT_EXISTS;列出audit not exists和audit exists产生的审计跟踪,我们默认的都是audit exists.
DBA_AUDIT_OBJECT;可以查询所有对象跟踪信息.(例如,对grant,revoke等记录),信息完全包含于dba_audit_trail
DBA_AUDIT_SESSION;所得到的数据都是有关logon或者logoff的信息.
DBA_AUDIT_STATEMENT;列出grant ,revoke ,audit ,noaudit ,alter system语句的审计跟踪信息.
ALL_DEF_AUDIT_OPTS
查看审计内容,主要字段:os_username, userhost, timestamp, owner,sql_bind, sql_text
SQL> select * from dba_audit_trail where owner = 'AUDIT_TEST' order by timestamp;
注意:owner的值必须大写,例如 owner = 'AUDIT_TEST'
辅助视图
1.SYS.AUD$
审计功能的底层视图,如果需要对数据进行删除,只需要对aud$视图进行删除既可,其他视图里的数据都是由aud$所得.
select * from sys.audit_actions;---审计的可用命令动作,可以查询出在aud$等视图中actions列的含义
select * from SYSTEM_PRIVILEGE_MAP;--可以查询出aud$等视图中priv$used列的含义(注意前面加'-')
审计策略示例:
对某用户某动作开启审计:audit create session by a;
停止审计:noaudit create session;
对表开启查询审计:audit select on t whenever successful;
对用户a执行的语句中有table的进行审计: audit table by a;
audit CREATE TABLE by scott;
audit CREATE TABLE, CREATE VIEW, ALTER USER;
audit INDEX; --包括CREATE INDEX, DROP INDEX, ALTER INDEX and ANALYZE INDEX
audit INDEX by scott;
audit ALL whenever SUCCESSFUL;
AUDIT DELETE ANY TABLE BY ACCESS WHENEVER NOT SUCCESSFUL;
audit select any table;
audit select any table, delete any table by scott, system;
audit select on SCOTT.EMP whenever successful;
audit delete on SCOTT.EMP by access;
audit ALL on SCOTT.EMP;
audit select on DEFAULT;
AUDIT NETWORK;
AUDIT ROLE WHENEVER NOT SUCCESSFUL;
AUDIT CREATE ANY DIRECTORY;
审计速查
Quick Reference to Auditing Information
Database Audit mode
~~~~~~~~~~~~~~~~~~~
show parameter audit
AUDIT_TRAIL --> DB, DB_EXTENDED, OS, XML, XML_EXTENDED, FALSE or NONE
AUDIT_FILE_DEST --> Audit File location
AUDIT_SYS_OPERATIONS --> Controls whether the activities of SYSDBA are audited or not.
AUDIT_SYSLOG_LEVEL --> specifies a SYSLOG facility that will receive the audit information
What Statements are being audited ?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To set audit:
AUDIT [option] [BY user|SESSION|ACCESS] [WHENEVER {NOT} SUCCESSFUL]
select * from dba_stmt_audit_opts where USER_NAME='...';
Columns are:
AUDIT_OPTION from STMT_AUDIT_OPTION_MAP
SUCCESS 'BY SESSION', 'BY ACCESS' or 'NOT SET'
FAILURE ""
What Privileges are being audited ?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To set audit:
AUDIT [option] [BY user|SESSION|ACCESS] [WHENEVER {NOT} SUCCESSFUL]
select * from dba_priv_audit_opts where USER_NAME='...';
Columns are:
PRIVILEGE from SYSTEM_PRIVILEGE_MAP
SUCCESS 'BY SESSION', 'BY ACCESS' or 'NOT SET'
FAILURE ""
What Objects are being audited ?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To set Auditing:
AUDIT [object_option] ON [schema].object|DEFAULT [BY SESSION|ACCESS]
[WHENEVER {NOT} SUCCESSFUL]
select * from dba_obj_audit_opts where owner='..' and OBJECT_NAME='...';
select * from all_def_audit_opts;
Columns are:
ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE FBK REA
X/Y - is no option set
X is when successful
Y is when Unsuccessful
S set by session
A set by access
Audit results
~~~~~~~~~~~~~
Raw results can go to various places depending on the value of parameter AUDIT_TRAIL:
- when audit_trail is DB or DB_EXTENDED the audit data will go to AUD$ (DBA_AUDIT_TRAIL is a view on top of this table ).
Main where columns are: USERNAME, TIMESTAMP, OWNER
- when audit_trail is OS or XML or XML_EXTENDED the audit data will be written to files located in the AUDIT_FILE_DEST directory
- when AUDIT_SYSLOG_LEVEL is defined and audit_trail is set to OS the audit data will be sent to SYSLOG
For underlying results see:
Select STATEMENT, TIMESTAMP, ACTION, USERID from AUD$;
Auditing administrative connections
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The administrative user connections (CONNECT / AS SYSDBA or CONNECT / AS SYSOPER) are always logged regardless of audit setting.
On UNIX platforms these are logged to *.aud files in $ORACLE_HOME/rdbms/audit when the instance is stopped and to AUDIT_FILE_DEST
when the instance is started regardless of any init.ora parameter settings. See Note 103964.1 for more details.
---------------------------------------------------
oracle 审计设置,oracle审计简单设置相关推荐
- oracle 审计设置,oracle数据库审计设置
--开启oracle审计 su - oracle sqlplus / as sysdba SQL> show parameter audit --看到有下面的内容表示审计没有开启 audit_s ...
- Oracle审计篇——统一审计
一. 统一审计作用 统一审计跟踪从各种来源捕获审计信息.通过统一审计,您可以从以下来源捕获审计记录: 来自统一审计策略和AUDIT设置中的审计记录(包括sys的审计记录) 来自DBMS_FGA的细粒度 ...
- 可以审计oracle的工具,Oracle 审计功能 Audit使用教程(2)
已连接. SQL> show parameter audit NAME TYPE VALUE ------------------------------------ ----------- - ...
- oracle学习笔记之 审计
Oracle数据库审计 数据库审计是监视并记录选定的用户数据库操作.主要分为标准审计和精细粒度审计(FGA,Fine-Grained Auditing),标准审计可在语句级.对象级.权限级进行审计:精 ...
- linux 审计oracle,开启和关闭oracle数据库中的审计功能
开启和关闭oracle数据库中的审计功能 第1步:查看审计功能是否开启? SQL> show parameter audit; NAME TYPE VALUE ...
- oracle设置密码复杂度、设置oracle超时退出的功能
查看oracle是否启用密码复杂度: select limit from dba_profiles where RESOURCE_NAME='PASSWORD_VERIFY_FUNCTION' and ...
- oracle审计规则,Oracle中开启某张表的审计(audit)
Oracle数据库通过audit_trail参数来开启标准审计,OS:说明审计信息放在系统汇总,如果是Linux那么由audit_file_dest 决定,如果 Oracle数据库通过audit_tr ...
- Oracle审计篇——标准审计
一. 简介 1. 什么是标准审计 标准审计审计SQL语句.权限.对象和网络活动. 可以使用AUDIT语句配置标准审计,使用NOAUDIT语句删除此配置.可以将审计记录写入数据库审计跟踪或操作系统审计文 ...
- oracle数据库设置密码复杂度,Oracle EBS 数据库密码复杂度设置
Oracle EBS 数据库密码复杂度设置 发布时间:2020-08-10 00:37:23 来源:ITPUB博客 阅读:116 作者:smilesu 应审计要求,需要对默认配置文件的密码进行复杂度设 ...
- Oracle vm visualbox虚拟机双网卡设置-解决主机无法连接靶机的问题
Oracle vm visualbox虚拟机双网卡设置-解决主机无法连接靶机的问题 文章目录 Oracle vm visualbox虚拟机双网卡设置-解决主机无法连接靶机的问题 虚拟机网络规划 Hos ...
最新文章
- Gnu/Linux 链接XServer方法
- thinkphp 微信服务器验证代码_基于ThinkPHP5微信后台管理平台
- python写mysql脚本_使用python写一个监控mysql的脚本,在zabbix web上加上模板
- publiccms实现多层级选项卡效果
- spring 上下文_一次性教你彻底理解 Spring容器和应用上下文!
- 招博士生 | 澳门科技大学人工智能课题组
- mysql date转换_mysql DATE 转换 ip to int
- dcmtk在PACS开发中的应用(基础篇) 作者:冷家锋 第四章 工作列表(Work List)(二)...
- Sicily 1934 移动小球
- Python API 撰写的 TensorFlow 示例代码
- 业务逻辑?到底是什么
- 两轮差速AGV的控制理论
- 2.证券投资基金的概述
- Mybatis---简单缓存了解
- 海思3516DV300系列HiPQTools工具ISP图像调试_AWB校定
- html前端的几种加密/解密方式
- 万象物语怎么在电脑上玩 万象物语电脑版玩法教程
- Ubuntu好用的截图软件推荐
- python制作气温分布图_Python案例:查询城市天气并绘制最高气温与最低气温的折线图...
- 联通物联(产品手册)-持续更新中
热门文章
- 计算机二级access上机,计算机二级Access上机考点
- 给大家排个雷,ensp中nat不成功原因
- 带领域变异的多模态优化差分进化算法(DE/NCDE/NSDE/)
- 用MVC写的查询,添加,删除,修改,登录。
- Paperreading之五 Stacked Hourglass Networks(SHN)和源码阅读(PyTorch版本)
- 百度地图行政区优化卡顿问题
- 备份表(表结构和数据)
- 微信小程序,一个有局限的类似 React Native 轮子!
- flowable6.4 并行网关 驳回 跳转 回退 多实例加签减签
- 计算机网络第六版勘误表,最新《深入理解计算机网络》勘误表.docx