Oracle-27-审计

于 2018-05-26 00:23:34 发布
阅读量257 收藏
点赞数
CC 4.0 BY-SA版权
分类专栏: Oracle 文章标签: 审计
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/Paul_George/article/details/80452205

审计分两种:普通用户审计、超级用户审计

一、超级用户审计

查看当前审计状态

show parameter audit
NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest                      string      /u01/app/oracle/admin/sundb/adump                                        
audit_sys_operations                 boolean     FALSE
audit_syslog_level                   string
audit_trail                          string      DB

创建会话审计

audit session by scott;

连接SCOTT用户并查看审计

conn scott/scott
select userid,userhost,action#,returncode,comment$text,ntimestamp#,process# from aud$ where userid='SCOTT';
USERID	USERHOST	ACTION#	RETURNCODE	COMMENT$TEXT				NTIMESTAMP#			PROCESS#
SCOTT	dadvfm0514	100	0		Authenticated by: DATABASE	15-8?  -09 07.50.14.499782 ??	30537
SCOTT	dadvfm0514	101	0		15-8?  			-09 07.50.14.732491 ??		30537

创建表审计

audit table by scott;
create table a(x number);
select userid,userhost,action#,returncode,comment$text,ntimestamp#,process# from aud$ where userid='SCOTT';

USERID	USERHOST	ACTION#		RETURNCODE	COMMENT$TEXT				NTIMESTAMP#			PROCESS#
SCOTT	RHEL6		12		0		03-5?  				-18 07.28.16.527044 ??	3265
SCOTT	RHEL6		1		0		03-5?  				-18 07.28.26.019013 ??	3265
SCOTT	RHEL6		101		0		03-5?  				-18 07.28.08.502008 ??	2939
SCOTT	RHEL6		100		0		Authenticated by: DATABASE03-5?  	-18 07.28.08.546188 ??	3265

查看action为1的项操作是什么

select name from audit_actions where action=1;
NAME
----------------------------
CREATE TABLE

Elapsed: 00:00:00.02
select name from audit_actions where action=12;
NAME
----------------------------
DROP TABLE

Elapsed: 00:00:00.01

同样的我们还可以审计INSERT、DELETE等操作

audit insert table by scott;

grant create any table to scott;

audit create any table by scott;
audit delete on scott.emp;
audit select on scott.emp by access;

SELECT undo_sql FROM FLASHBACK_TRANSACTION_QUERY WHERE XID='0D00010026000000'

如果审计信息存放在数据库中,可以用以下语句清除

delete from sys.aud$;
delete from sys.aud$ where obj$name='EMP';


细颗粒审计

select db_user,timestamp,sql_text from dba_fga_audit_trail;
begin
dbms_fga.add_policy(
object_schema => 'scott',
object_name => 'emp',
policy_name => 'mypolicy',
audit_condition => 'sal<100',
audit_column => 'comm,sal',
handler_schema => null,
handler_module => null,
enable => true,
statement_types => 'insert,update',
audit_trail => dbms_fga.db + dbms_fga.extended,
audit_column_opts => dbms_fga.any_columns);
end;
/

关闭细颗粒审计

begin
dbms_fga.drop_policy(
object_schema => 'scott',
object_name => 'emp',
policy_name => 'mypolicy');
end;
/

查看用户启用的语句审计

col audit_option for a30
col audit_option for a20

select audit_option,failure,success,user_name from dba_stmt_audit_opts;
AUDIT_OPTION                   FAILURE    SUCCESS    USER_NAME
------------------------------ ---------- ---------- ------------------------------
ALTER SYSTEM                   BY ACCESS  BY ACCESS
SYSTEM AUDIT                   BY ACCESS  BY ACCESS
CREATE SESSION                 BY ACCESS  BY ACCESS  SCOTT
CREATE SESSION                 BY ACCESS  BY ACCESS
TABLE                          BY ACCESS  BY ACCESS  SCOTT
CREATE USER                    BY ACCESS  BY ACCESS
ALTER USER                     BY ACCESS  BY ACCESS
DROP USER                      BY ACCESS  BY ACCESS
PUBLIC SYNONYM                 BY ACCESS  BY ACCESS
DATABASE LINK                  BY ACCESS  BY ACCESS
ROLE                           BY ACCESS  BY ACCESS
PROFILE                        BY ACCESS  BY ACCESS
CREATE ANY TABLE               BY ACCESS  BY ACCESS
ALTER ANY TABLE                BY ACCESS  BY ACCESS
DROP ANY TABLE                 BY ACCESS  BY ACCESS
CREATE PUBLIC DATABASE LINK    BY ACCESS  BY ACCESS
GRANT ANY ROLE                 BY ACCESS  BY ACCESS
SYSTEM GRANT                   BY ACCESS  BY ACCESS
ALTER DATABASE                 BY ACCESS  BY ACCESS
CREATE ANY PROCEDURE           BY ACCESS  BY ACCESS
ALTER ANY PROCEDURE            BY ACCESS  BY ACCESS
DROP ANY PROCEDURE             BY ACCESS  BY ACCESS
ALTER PROFILE                  BY ACCESS  BY ACCESS
DROP PROFILE                   BY ACCESS  BY ACCESS
GRANT ANY PRIVILEGE            BY ACCESS  BY ACCESS
CREATE ANY LIBRARY             BY ACCESS  BY ACCESS
EXEMPT ACCESS POLICY           BY ACCESS  BY ACCESS
GRANT ANY OBJECT PRIVILEGE     BY ACCESS  BY ACCESS
CREATE ANY JOB                 BY ACCESS  BY ACCESS
CREATE EXTERNAL JOB            BY ACCESS  BY ACCESS

30 rows selected.

Elapsed: 00:00:00.01

查看用户的特权审计

select privilege,user_name from dba_priv_audit_opts order by user_name;
PRIVILEGE                                USER_NAME
---------------------------------------- ------------------------------
CREATE SESSION                           SCOTT
ALTER SYSTEM
GRANT ANY OBJECT PRIVILEGE
EXEMPT ACCESS POLICY
CREATE ANY LIBRARY
GRANT ANY PRIVILEGE
DROP PROFILE
ALTER PROFILE
DROP ANY PROCEDURE
ALTER ANY PROCEDURE
CREATE ANY PROCEDURE
ALTER DATABASE
GRANT ANY ROLE
CREATE PUBLIC DATABASE LINK
DROP ANY TABLE
ALTER ANY TABLE
CREATE ANY TABLE
DROP USER
ALTER USER
CREATE USER
CREATE SESSION
AUDIT SYSTEM
CREATE EXTERNAL JOB
CREATE ANY JOB

24 rows selected.

Elapsed: 00:00:00.01

查看用户的对象审计

col owner for a10
col object_name for a15
col object_type for a15
select * from dba_obj_audit_opts where owner='SCOTT';


取消所有语句审计

noaudit all;

取消所有权限审计

noaudit all privileges;

取消所有对象审计

noaudit all on default;


评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值