Oracle 10g Audit(审计) --- 记录登录用户在Oracle中的所有操作(转)
由于項目平臺管理的需要,最近在研究Oracle 10G的審計功能,以便記錄和跟蹤用戶在Oracle數據庫系統中的所有操作行為,進而提高Oracle的安全性。現在把審計功能的配置步驟分享出來,供大家參考:
1、以DBA登錄Oracle
?
# su - oracle
$ sqlplus /nolog
SQL> conn / as sysdba
2、查看當前審計設置
SQL> show parameter audit;
參數說明
AUDIT_TRAIL = { none | os | db | db,extended | xml | xml,extended }
none or false - Auditing is disabled.
db or true - Auditing is enabled, with all audit records stored in the database audit trial (SYS.AUD$).
db,extended - As db, but the SQL_BIND and SQL_TEXT columns are also populated.
xml- Auditing is enabled, with all audit records stored as XML format OS files.
xml,extended - As xml, but the SQL_BIND and SQL_TEXT columns are also populated.
os- Auditing is enabled, with all audit records directed to the operating system's audit trail.
The AUDIT_SYS_OPERATIONS static parameter
enables or disables the auditing of operations issued by users connecting with SYSDBA or SYSOPER privileges,
including the SYS user. All audit records are written to the OS audit trail.
The AUDIT_FILE_DEST parameter
specifies the OS directory used for the audit trail when the os, xml and xml,extended options are used.
It is also the location for all mandatory auditing specified by the AUDIT_SYS_OPERATIONS parameter.
3、修改audit參數,開啟審計
SQL> alter system set audit_trail=db_extended scope=spfile;
注意,如果audit_trail=db,不記錄SQL_BIND和SQL_TEXT
4、重啟數據庫
SQL> shutdown immediate;
SQL> startup;
5、測試
?
創建用戶AUDIT_TEST
$ sqlplus /nolog
SQL> conn / as sysdba
SQL> audit all by audit_test by access;
SQL> audit select table, update table, insert table, delete table by audit_test by access;
SQL> audit execute procedure by audit_test by access;
分別對應以下三種:
DDL (CREATE, ALTER & DROP of objects)
DML (INSERT UPDATE, DELETE, SELECT, EXECUTE).
SYSTEM EVENTS (LOGON, LOGOFF etc.)
SQL> conn audit_test/password
SQL> create table test(id? number);
SQL> insert into test(id) values (1);
SQL> insert into test(id) values (2);
SQL> update test set id = 3 where id = 1;
SQL> select * from test;
SQL> delete from test;
SQL> commit;
SQL> drop table test;
SQL> select view_name from dba_views where? view_name like 'dba%audit%' order by view_name;
VIEW_NAME
------------------------------
DBA_AUDIT_EXISTS
DBA_AUDIT_OBJECT
DBA_AUDIT_POLICIES
DBA_AUDIT_POLICY_COLUMNS
DBA_AUDIT_SESSION
DBA_AUDIT_STATEMENT
DBA_AUDIT_TRAIL
DBA_COMMON_AUDIT_TRAIL
DBA_FGA_AUDIT_TRAIL
DBA_OBJ_AUDIT_OPTS
DBA_PRIV_AUDIT_OPTS
DBA_REPAUDIT_ATTRIBUTE
DBA_REPAUDIT_COLUMN
DBA_STMT_AUDIT_OPTS
視圖說明:
1. SYS.AUD$
審計功能的底層視圖,如果需要對數據進行刪除,只需要對aud$視圖進行刪除既可,其他視圖里的數據都是由aud$所得.
2. DBA_AUDIT_EXISTS
列出audit not exists和audit exists產生的審計跟蹤,我們默認的都是audit exists.
3. DBA_AUDIT_TRAIL
可以在里面查處所有審計所跟蹤的信息.
4. DBA_AUDIT_OBJECT
可以查詢所有對象跟蹤信息.(例如,對grant,revoke等不記錄),信息完全包含于dba_audit_trail
5. DBA_AUDIT_SESSION
所得到的數據都是有關logon或者logoff的信息.
6. DBA_AUDIT_STATEMENT
列出grant ,revoke ,audit ,noaudit ,alter system語句的審計跟蹤信息.
7. DBA_PRIV_AUDIT_OPTS
通過系統和由用戶審計的當前系統特權
8. DBA_OBJ_AUDIT_OPTS
可以查詢到所有用戶所有對象的設計選項
9. ALL_DEF_AUDIT_OPTS
10. AUDIT_ACTIONS
可以查詢出在aud$等視圖中actions列的含義
11. SYSTEM_PRIVILEGE_MAP
可以查詢出aud$等視圖中priv$used列的含義(注意前面加'-')
常用視圖:
DBA_AUDIT_TRAIL
DBA_FGA_AUDIT_TRAIL
DBA_COMMON_AUDIT_TRAIL
查看審計內容,主要字段:os_username, userhost, timestamp, owner,sql_bind, sql_text
SQL> select * from dba_audit_trail where? owner = 'AUDIT_TEST' order by timestamp;
注意:owner的值必須大寫,例如 owner = 'AUDIT_TEST'
-------------------------------------------------------------------------------
關閉審計
-------------------------------------------------------------------------------
SQL> alter system set audit_trail=none scope=spfile;
?
本文來自CSDN博客,轉載請標明出處:http://blog.csdn.net/ryb7899/archive/2010/03/24/5413720.aspx
轉載于:https://www.cnblogs.com/QDuck/archive/2010/07/28/1787117.html
總結
以上是生活随笔為你收集整理的Oracle 10g Audit(审计) --- 记录登录用户在Oracle中的所有操作(转)的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Tushare数据工具介绍
- 下一篇: web压力测试工具(持续更新)