oracle audit_actions,配置Oracle安全审计选项audit
2. SYSDBA/SYSOPER操作的审计
SQL>show parameter audit;
NAME TYPE VALUE
------------------------------------ ----------- ---------------
audit_file_dest string /oracle/PQ1/102_64/rdbms/audit
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string OS
设置步骤
SQL> alter system set audit_trail=os scope=spfile;
System altered.
SQL> alter system set audit_sys_operations=true scope=spfile;
System altered.
SQL> alter system set audit_file_dest='C:\APP\tom\ADMIN\ORCL\ADUMP' scope=spfile;
System altered.
重新启动数据库:
SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 523108352 bytes
Fixed Size 1375704 bytes
Variable Size 465568296 bytes
Database Buffers 50331648 bytes
Redo Buffers 5832704 bytes
Database mounted.
Database opened.
检查当前的审计参数:
SQL> show parameter audit;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string C:\APP\tom\ADMIN\ORCL\ADUMP
audit_sys_operations boolean TRUE
audit_trail string OS
请根据实际需要将C:\APP\tom\ADMIN\ORCL\ADUMP 修改为/oracle/PQ1/102_64/rdbms/audit 或其他审计目录
3. 语句级别的审计命令
脚本:
audit create session by tom by access;
audit SELECT TABLE by tom by access;
audit INSERT TABLE by tom by access;
audit UPDATE TABLE by tom by access;
audit DELETE TABLE by tom by access;
请按照实际需要将tom修改为需要审计的数据库用户
示范:
SQL> select * from dba_stmt_audit_opts;
no rows selected
SQL> audit create session by tom by access;
Audit succeeded.
SQL> audit SELECT TABLE by tom by access;
Audit succeeded.
SQL> audit INSERT TABLE by tom by access;
Audit succeeded.
SQL> audit UPDATE TABLE by tom by access;
Audit succeeded.
SQL> audit DELETE TABLE by tom by access;
Audit succeeded.
SQL> select * from dba_stmt_audit_opts;
USER_NAME PROX AUDIT_OPTION SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom CREATE SESSION BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom SELECT TABLE BY ACCESS BY ACCESS
tom INSERT TABLE BY ACCESS BY ACCESS
tom UPDATE TABLE BY ACCESS BY ACCESS
tom DELETE TABLE BY ACCESS BY ACCESS
关闭语句审计
noaudit create session by tom;
noaudit select table by tom;
noaudit insert table by tom;
noaudit update table by tom;
noaudit delete table by tom;
4. 权限级别的审计
脚本:
audit drop any table by tom by access;
audit select any table by tom by access;
audit create session by tom by access;
请按照实际需要将tom修改为需要审计的数据库用户
示范
SQL> audit drop any table by tom by access;
Audit succeeded.
SQL> audit select any table by tom by access;
Audit succeeded.
SQL> audit create session by tom by access;
Audit succeeded.
SQL> select * from dba_priv_audit_opts;
USER_NAME PROX PRIVILEGE SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
tom CREATE SESSION BY ACCESS BY ACCESS
关闭权限审计
noaudit drop any table by tom;
noaudit select any table by tom;
noaudit create session by tom;
5. 默认对象的审计
脚本:
audit alter on default by session;
audit audit on default by session;
audit delete on default by session;
audit grant on default by access;
audit lock on default by session;
示范:
SQL> select * from all_def_audit_opts;
ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE FBK REA
--- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
-/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/-
SQL> audit alter on default by session;
Audit succeeded.
SQL> audit audit on default by session;
Audit succeeded.
SQL> audit delete on default by session;
Audit succeeded.
SQL> audit grant on default by access;
Audit succeeded.
SQL> audit lock on default by session;
Audit succeeded.
SQL> select * from all_def_audit_opts;
ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE FBK REA
--- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
S/S S/S -/- S/S A/A -/- -/- S/S -/- -/- -/- -/- -/- -/- -/-
关闭默认对象审计:
noaudit alter on default ;
noaudit audit on default ;
noaudit delete on default ;
noaudit grant on default;
noaudit lock on default;
6. 其他注意事项
1. 审计命令选项
by session对每个session中发生的重复操作只记录一次,by access对每个session中发生的每次操作都记录,而不管是否重复
Whenever [not] successful/whenever successful
操作成功(dba_audit_trail中returncode字段为0) 才审计. whenever not successful 操作失败才设计.
省略该子句(Whenever [not] successful/whenever successful )的话,不管操作成功与否都会审计。
2. 审计数据库初始化参数文件中AUDIT_TRAIL=OS时,审计记录存在操作系统的文件中,即参数AUDIT_FILE_DEST 指定的值,如果是windows,审计记录存放在事件管理器的应用程序日志中。数据库初始化参数文件中AUDIT_TRAIL=DB时,审计记录存在数据库中
3. 审计信息相关的数据字典视图
DBA_AUDIT_TRAIL 所有审计记录
DBA_AUDIT_EXISTS NOT EXISTS 审计产生的记录
DBA_AUDIT_OBJECT 关于对象的审计记录
DBA_AUDIT_SESSION 连接和断开的记录
DBA_AUDIT_STATEMENT 语句级别的审计记录
SYS.AUD$ 是唯一保留审计结果的表。其它的都是视图
AUDIT_ACTIONS 包含对审计跟踪动作类型代码的说明
ALL_DEF_AUDIT_OPTS 包含默认对象审计选项。当创建对象时将应用这些选项
DBA_STMT_AUDIT_OPTS 由用户设置的跨系统的当前系统审计选项
DBA_PRIV_AUDIT_OPTS 由用户正在审计的跨系统的当前系统权限
DBA_OBJ_AUDIT_OPTS 在所有对象上的审计选项
USER_OBJ_AUDIT_OPTS USER 视图描述当前用户拥有的所有对象上的审计选项
4. 有时候“语句审计”和“权限审计”是相互重复的。并不需要明确的区分这2种类型。例如下面红色粗体部分:
SQL> audit create table;
Audit succeeded.
SQL> SELECT * FROM DBA_STMT_AUDIT_OPTS;
USER_NAME PROX AUDIT_OPTION SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom CREATE SESSION BY ACCESS BY ACCESS
CREATE TABLE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom SELECT TABLE BY ACCESS BY ACCESS
tom INSERT TABLE BY ACCESS BY ACCESS
tom UPDATE TABLE BY ACCESS BY ACCESS
tom DELETE TABLE BY ACCESS BY ACCESS
9 rows selected.
SQL> SELECT * FROM DBA_PRIV_AUDIT_OPTS;
USER_NAME PROX PRIVILEGE SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
CREATE TABLE BY ACCESS BY ACCESS
tom CREATE SESSION BY ACCESS BY ACCESS
5. ALL_DEF_AUDIT_OPTS 数据字典视图说明
-/-: no default auditing
S/-: auditing whenever successful
-/S: auditing whenever not successful
Column Datatype NULL Description
ALT VARCHAR2(3) Auditing ALTER WHENEVER SUCCESSFUL / UNSUCCESSFUL
AUD VARCHAR2(3) Auditing AUDIT WHENEVER SUCCESSFUL / UNSUCCESSFUL
COM VARCHAR2(3) Auditing COMMENT WHENEVER SUCCESSFUL / UNSUCCESSFUL
DEL VARCHAR2(3) Auditing DELETE WHENEVER SUCCESSFUL / UNSUCCESSFUL
GRA VARCHAR2(3) Auditing GRANT WHENEVER SUCCESSFUL / UNSUCCESSFUL
IND VARCHAR2(3) Auditing INDEX WHENEVER SUCCESSFUL / UNSUCCESSFUL
INS VARCHAR2(3) Auditing INSERT WHENEVER SUCCESSFUL / UNSUCCESSFUL
LOC VARCHAR2(3) Auditing LOCK WHENEVER SUCCESSFUL / UNSUCCESSFUL
REN VARCHAR2(3) Auditing RENAME WHENEVER SUCCESSFUL / UNSUCCESSFUL
SEL VARCHAR2(3) Auditing SELECT WHENEVER SUCCESSFUL / UNSUCCESSFUL
UPD VARCHAR2(3) Auditing UPDATE WHENEVER SUCCESSFUL / UNSUCCESSFUL
REF CHAR(3) This column is obsolete and maintained for backward compatibility. The value of this column is always -/-
EXE VARCHAR2(3) Auditing EXECUTE WHENEVER SUCCESSFUL / UNSUCCESSFUL
FBK VARCHAR2(3) Auditing FLASHBACK WHENEVER SUCCESSFUL / UNSUCCESSFUL
REA VARCHAR2(3) Auditing READ WHENEVER SUCCESSFUL / UNSUCCESSFUL
oracle audit_actions,配置Oracle安全审计选项audit相关推荐
- oracle oic配置,Oracle数据库 client配置
以下是11g client配置 1. 从OTN下载几个压缩包 下载地址为: http://www.oracle.com/technology/software/tech/oci/instantclie ...
- oracle manager 配置,Oracle Net Manager 基本配置
配置过程中会让你输入"服务名",这个服务名是你本机连接到oracle的服务名字. 会让你输入"ip"和"数据库实例名","实例名& ...
- Oracle 加密配置,Oracle sqlnet设置网络传输加密
1.查看加密组件 [oracle@yuntestdb ~]$ adapters Installed Oracle Net transport protocols are: IPC BEQ TCP/IP ...
- oracle pns配置,oracle笔记大全
一.in的用法. select ename,deptno from emp where sal in(800,1250) in 里面可以是一个结果集,是一个sql语句. 当然也可用not in 二.操 ...
- 配置oracle net,配置 Oracle Net 的3个重要文件
在 $ORACLE_HOME/network/admin 下面有3 个重要的文件: • The listener.ora file is a server-side file that defines ...
- 退出oracle系统,配置Oracle随系统启动和关闭
1.修改/etc/oratab文件 将需要随操作系统自启动的数据库由N修改为Y lis:/u01/app/Oracle/product/11.2.0/db_1:N 修改为: lis:/u01/app/ ...
- linux的oracle最低配置,Oracle Linux的系统配置和限制
转自: System Configurations and Limits for Oracle Linux Releases (Doc ID 300652.1) APPLIES TO: Linux O ...
- oracle pns配置,Oracle
一套AIX上的11.1.0.7系统,应用启动时出现大量row cache lock等待,具体的systemstate dump信息如下: FILE VERSIONS ----------------- ...
- OCM_第二天课程:Section1 —》配置 Oracle 网络环境
注:本文为原著(其内容来自 腾科教育培训课堂).阅读本文注意事项如下: 1:所有文章的转载请标注本文出处. 2:本文非本人不得用于商业用途.违者将承当相应法律责任. 3:该系列文章目录列表: 一:&l ...
最新文章
- 5 行代码实现图像分割
- 2021阿里巴巴大数据技术公开课第一季:外部工具连接SaaS模式云数仓MaxCompute实战
- Delphi Menu Designer(菜单设计器)之一
- kali 更新源_kali安装避坑
- 2021年,推荐这几个优质公众号碎片化学习
- SpringCloud集成lombox(eclipes工具)
- 对计算机组装和维护课的总结,计算机组装与维护教师工作总结
- 速修复!CISA警告称 Zoho 服务器0day已遭在野利用
- 蓝桥杯 ADV-66算法提高 阮小二买彩票
- Android7.1开机启动脚本
- WinEdt Latex使用人家提供的模板时无法插入参考文献的方法
- 手机linux服务器控制,手机上如何远程控制Linux服务器?
- Java学习资料整合
- python aes new_python--AES加密
- 对称加密与非对称加密算法
- redis hset hget字典的实现
- 光猫是什么?光纤猫的工作原理及应用范围介绍!
- 用记事本编辑注册表文件
- 在线语音合成 Java SDK 文档(科大讯飞)
- win10+laravel8+PHP+ElasticSearch+Kibana+高亮 接口搜索