本文探讨了标准数据库审计的两个真实案例:数据定义语言(DDL)语句和涉及独立过程的语句均可被审计。文章通过具体示例展示了如何对创建表的DDL语句进行审计,并解释了与过程、触发器或单独语句相关的操作同样可以被记录。
39.Which two statements are true about standard database auditing? (Choose two.)
A.DDL statements can be audited
B.Statements that refer to stand-alone procedure can be audited.
C.Operations by the users logged on as SYSDBA cannot be audited.
D.Only one audit record is ever created for a session per audited statement even though it is executed more than once.
答案:AB
解析:
A:正确,DDL肯定是可以审计的
SQL> audit create table;
Audit succeeded.
SQL> create table test(id integer);
Table created.
SQL>select username,extended_timestamp,audit_option from user_audit_trail where audit_option='CREATE TABLE';
USERNAME EXTENDED_TIMESTAMP AUDIT_OPTION
---------- ----------------------------------- ---------------
SCOTT 16-JUL-16 11.59.48.724025 PM +08:00 CREATE TABLE
B:正确
审计与过程还是触发器还是单条语句没有什么关系
C:错误
这个sysdba登陆其实与开不开审计没啥关系,都会捕获的,只是会写到操作系统文件中
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /u01/oracle/admin/wahaha3/adum
p
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string NONE
--这里审计是关闭的
[oracle@wahaha3 adump]$ rm /u01/oracle/admin/wahaha3/adump/* --先删除对应的文件
[oracle@wahaha3 adump]$ sqlplus / as sysdba --sysdba登陆
SQL> !ls /u01/oracle/admin/wahaha3/adump
wahaha3_ora_3219_1.aud
SQL> ! cat /u01/oracle/admin/wahaha3/adump/wahaha3_ora_3219_1.aud
Sun Jul 17 04:16:35 2016 +08:00
LENGTH : '160'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '1264556381'
D:这个肯定是错误,如果增加 by session的话,那就是在相同的会话中对同类语句只进行一次审计
A.DDL statements can be audited
B.Statements that refer to stand-alone procedure can be audited.
C.Operations by the users logged on as SYSDBA cannot be audited.
D.Only one audit record is ever created for a session per audited statement even though it is executed more than once.
答案:AB
解析:
A:正确,DDL肯定是可以审计的
SQL> audit create table;
Audit succeeded.
SQL> create table test(id integer);
Table created.
SQL>select username,extended_timestamp,audit_option from user_audit_trail where audit_option='CREATE TABLE';
USERNAME EXTENDED_TIMESTAMP AUDIT_OPTION
---------- ----------------------------------- ---------------
SCOTT 16-JUL-16 11.59.48.724025 PM +08:00 CREATE TABLE
B:正确
审计与过程还是触发器还是单条语句没有什么关系
C:错误
这个sysdba登陆其实与开不开审计没啥关系,都会捕获的,只是会写到操作系统文件中
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /u01/oracle/admin/wahaha3/adum
p
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string NONE
--这里审计是关闭的
[oracle@wahaha3 adump]$ rm /u01/oracle/admin/wahaha3/adump/* --先删除对应的文件
[oracle@wahaha3 adump]$ sqlplus / as sysdba --sysdba登陆
SQL> !ls /u01/oracle/admin/wahaha3/adump
wahaha3_ora_3219_1.aud
SQL> ! cat /u01/oracle/admin/wahaha3/adump/wahaha3_ora_3219_1.aud
Sun Jul 17 04:16:35 2016 +08:00
LENGTH : '160'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '1264556381'
D:这个肯定是错误,如果增加 by session的话,那就是在相同的会话中对同类语句只进行一次审计
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
