配置Oracle安全审计选项audit
2. SYSDBA/SYSOPER操做的审计
SQL>show parameter audit;
NAME TYPE VALUE
------------------------------------ ----------- ---------------
audit_file_dest string /oracle/PQ1/102_64/rdbms/audit
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string OS
设置步骤
SQL> alter system set audit_trail=os scope=spfile;
System altered.
SQL> alter system set audit_sys_operations=true scope=spfile;
System altered.
SQL> alter system set audit_file_dest='C:\APP\tom\ADMIN\ORCL\ADUMP' scope=spfile;
System altered.
从新启动数据库:
SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 523108352 bytes
Fixed Size 1375704 bytes
Variable Size 465568296 bytes
Database Buffers 50331648 bytes
Redo Buffers 5832704 bytes
Database mounted.
Database opened.
检查当前的审计参数:
SQL> show parameter audit;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string C:\APP\tom\ADMIN\ORCL\ADUMP
audit_sys_operations boolean TRUE
audit_trail string OS
请根据实际须要将C:\APP\tom\ADMIN\ORCL\ADUMP 修改成/oracle/PQ1/102_64/rdbms/audit 或其余审计目录
3. 语句级别的审计命令
脚本:
audit create session by tom by access;
audit SELECT TABLE by tom by access;
audit INSERT TABLE by tom by access;
audit UPDATE TABLE by tom by access;
audit DELETE TABLE by tom by access;
请按照实际须要将tom修改成须要审计的数据库用户
示范:
SQL> select * from dba_stmt_audit_opts;
no rows selected
SQL> audit create session by tom by access;
Audit succeeded.
SQL> audit SELECT TABLE by tom by access;
Audit succeeded.
SQL> audit INSERT TABLE by tom by access;
Audit succeeded.
SQL> audit UPDATE TABLE by tom by access;
Audit succeeded.
SQL> audit DELETE TABLE by tom by access;
Audit succeeded.
SQL> select * from dba_stmt_audit_opts;
USER_NAME PROX AUDIT_OPTION SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom CREATE SESSION BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom SELECT TABLE BY ACCESS BY ACCESS
tom INSERT TABLE BY ACCESS BY ACCESS
tom UPDATE TABLE BY ACCESS BY ACCESS
tom DELETE TABLE BY ACCESS BY ACCESS
关闭语句审计
noaudit create session by tom;
noaudit select table by tom;
noaudit insert table by tom;
noaudit update table by tom;
noaudit delete table by tom;
4. 权限级别的审计
脚本:
audit drop any table by tom by access;
audit select any table by tom by access;
audit create session by tom by access;
请按照实际须要将tom修改成须要审计的数据库用户
示范
SQL> audit drop any table by tom by access;
Audit succeeded.
SQL> audit select any table by tom by access;
Audit succeeded.
SQL> audit create session by tom by access;
Audit succeeded.
SQL> select * from dba_priv_audit_opts;
USER_NAME PROX PRIVILEGE SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
tom CREATE SESSION BY ACCESS BY ACCESS
关闭权限审计
noaudit drop any table by tom;
noaudit select any table by tom;
noaudit create session by tom;
5. 默认对象的审计
脚本:
audit alter on default by session;
audit audit on default by session;
audit delete on default by session;
audit grant on default by access;
audit lock on default by session;
示范:
SQL> select * from all_def_audit_opts;
ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE FBK REA
--- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
-/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/-
SQL> audit alter on default by session;
Audit succeeded.
SQL> audit audit on default by session;
Audit succeeded.
SQL> audit delete on default by session;
Audit succeeded.
SQL> audit grant on default by access;
Audit succeeded.
SQL> audit lock on default by session;
Audit succeeded.
SQL> select * from all_def_audit_opts;
ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE FBK REA
--- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
S/S S/S -/- S/S A/A -/- -/- S/S -/- -/- -/- -/- -/- -/- -/-
关闭默认对象审计:
noaudit alter on default ;
noaudit audit on default ;
noaudit delete on default ;
noaudit grant on default;
noaudit lock on default;
6. 其余注意事项
1. 审计命令选项
by session对每一个session中发生的重复操做只记录一次,by access对每一个session中发生的每次操做都记录,而无论是否重复
Whenever [not] successful/whenever successful
操做成功(dba_audit_trail中returncode字段为0) 才审计. whenever not successful 操做失败才设计.
省略该子句(Whenever [not] successful/whenever successful )的话,无论操做成功与否都会审计。
2. 审计数据库初始化参数文件中AUDIT_TRAIL=OS时,审计记录存在操做系统的文件中,即参数AUDIT_FILE_DEST 指定的值,若是是windows,审计记录存放在事件管理器的应用程序日志中。数据库初始化参数文件中AUDIT_TRAIL=DB时,审计记录存在数据库中
3. 审计信息相关的数据字典视图
DBA_AUDIT_TRAIL 全部审计记录
DBA_AUDIT_EXISTS NOT EXISTS 审计产生的记录
DBA_AUDIT_OBJECT 关于对象的审计记录
DBA_AUDIT_SESSION 链接和断开的记录
DBA_AUDIT_STATEMENT 语句级别的审计记录
SYS.AUD$ 是惟一保留审计结果的表。其它的都是视图
AUDIT_ACTIONS 包含对审计跟踪动做类型代码的说明
ALL_DEF_AUDIT_OPTS 包含默认对象审计选项。当建立对象时将应用这些选项
DBA_STMT_AUDIT_OPTS 由用户设置的跨系统的当前系统审计选项
DBA_PRIV_AUDIT_OPTS 由用户正在审计的跨系统的当前系统权限
DBA_OBJ_AUDIT_OPTS 在全部对象上的审计选项
USER_OBJ_AUDIT_OPTS USER 视图描述当前用户拥有的全部对象上的审计选项
4. 有时候“语句审计”和“权限审计”是相互重复的。并不须要明确的区分这2种类型。例以下面红色粗体部分:
SQL> audit create table;
Audit succeeded.
SQL> SELECT * FROM DBA_STMT_AUDIT_OPTS;
USER_NAME PROX AUDIT_OPTION SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom CREATE SESSION BY ACCESS BY ACCESS
CREATE TABLE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom SELECT TABLE BY ACCESS BY ACCESS
tom INSERT TABLE BY ACCESS BY ACCESS
tom UPDATE TABLE BY ACCESS BY ACCESS
tom DELETE TABLE BY ACCESS BY ACCESS
9 rows selected.
SQL> SELECT * FROM DBA_PRIV_AUDIT_OPTS;
USER_NAME PROX PRIVILEGE SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
CREATE TABLE BY ACCESS BY ACCESS
tom CREATE SESSION BY ACCESS BY ACCESS
5. ALL_DEF_AUDIT_OPTS 数据字典视图说明
-/-: no default auditing
S/-: auditing whenever successful
-/S: auditing whenever not successful
Column Datatype NULL Description
ALT VARCHAR2(3) Auditing ALTER WHENEVER SUCCESSFUL / UNSUCCESSFUL
AUD VARCHAR2(3) Auditing AUDIT WHENEVER SUCCESSFUL / UNSUCCESSFUL
COM VARCHAR2(3) Auditing COMMENT WHENEVER SUCCESSFUL / UNSUCCESSFUL
DEL VARCHAR2(3) Auditing DELETE WHENEVER SUCCESSFUL / UNSUCCESSFUL
GRA VARCHAR2(3) Auditing GRANT WHENEVER SUCCESSFUL / UNSUCCESSFUL
IND VARCHAR2(3) Auditing INDEX WHENEVER SUCCESSFUL / UNSUCCESSFUL
INS VARCHAR2(3) Auditing INSERT WHENEVER SUCCESSFUL / UNSUCCESSFUL
LOC VARCHAR2(3) Auditing LOCK WHENEVER SUCCESSFUL / UNSUCCESSFUL
REN VARCHAR2(3) Auditing RENAME WHENEVER SUCCESSFUL / UNSUCCESSFUL
SEL VARCHAR2(3) Auditing SELECT WHENEVER SUCCESSFUL / UNSUCCESSFUL
UPD VARCHAR2(3) Auditing UPDATE WHENEVER SUCCESSFUL / UNSUCCESSFUL
REF CHAR(3) This column is obsolete and maintained for backward compatibility. The value of this column is always -/-
EXE VARCHAR2(3) Auditing EXECUTE WHENEVER SUCCESSFUL / UNSUCCESSFUL
FBK VARCHAR2(3) Auditing FLASHBACK WHENEVER SUCCESSFUL / UNSUCCESSFUL
REA VARCHAR2(3) Auditing READ WHENEVER SUCCESSFUL / UNSUCCESSFUL
SQL>show parameter audit;
NAME TYPE VALUE
------------------------------------ ----------- ---------------
audit_file_dest string /oracle/PQ1/102_64/rdbms/audit
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string OS
设置步骤
SQL> alter system set audit_trail=os scope=spfile;
System altered.
SQL> alter system set audit_sys_operations=true scope=spfile;
System altered.
SQL> alter system set audit_file_dest='C:\APP\tom\ADMIN\ORCL\ADUMP' scope=spfile;
System altered.
从新启动数据库:
SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 523108352 bytes
Fixed Size 1375704 bytes
Variable Size 465568296 bytes
Database Buffers 50331648 bytes
Redo Buffers 5832704 bytes
Database mounted.
Database opened.
检查当前的审计参数:
SQL> show parameter audit;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string C:\APP\tom\ADMIN\ORCL\ADUMP
audit_sys_operations boolean TRUE
audit_trail string OS
请根据实际须要将C:\APP\tom\ADMIN\ORCL\ADUMP 修改成/oracle/PQ1/102_64/rdbms/audit 或其余审计目录
3. 语句级别的审计命令
脚本:
audit create session by tom by access;
audit SELECT TABLE by tom by access;
audit INSERT TABLE by tom by access;
audit UPDATE TABLE by tom by access;
audit DELETE TABLE by tom by access;
请按照实际须要将tom修改成须要审计的数据库用户
示范:
SQL> select * from dba_stmt_audit_opts;
no rows selected
SQL> audit create session by tom by access;
Audit succeeded.
SQL> audit SELECT TABLE by tom by access;
Audit succeeded.
SQL> audit INSERT TABLE by tom by access;
Audit succeeded.
SQL> audit UPDATE TABLE by tom by access;
Audit succeeded.
SQL> audit DELETE TABLE by tom by access;
Audit succeeded.
SQL> select * from dba_stmt_audit_opts;
USER_NAME PROX AUDIT_OPTION SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom CREATE SESSION BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom SELECT TABLE BY ACCESS BY ACCESS
tom INSERT TABLE BY ACCESS BY ACCESS
tom UPDATE TABLE BY ACCESS BY ACCESS
tom DELETE TABLE BY ACCESS BY ACCESS
关闭语句审计
noaudit create session by tom;
noaudit select table by tom;
noaudit insert table by tom;
noaudit update table by tom;
noaudit delete table by tom;
4. 权限级别的审计
脚本:
audit drop any table by tom by access;
audit select any table by tom by access;
audit create session by tom by access;
请按照实际须要将tom修改成须要审计的数据库用户
示范
SQL> audit drop any table by tom by access;
Audit succeeded.
SQL> audit select any table by tom by access;
Audit succeeded.
SQL> audit create session by tom by access;
Audit succeeded.
SQL> select * from dba_priv_audit_opts;
USER_NAME PROX PRIVILEGE SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
tom CREATE SESSION BY ACCESS BY ACCESS
关闭权限审计
noaudit drop any table by tom;
noaudit select any table by tom;
noaudit create session by tom;
5. 默认对象的审计
脚本:
audit alter on default by session;
audit audit on default by session;
audit delete on default by session;
audit grant on default by access;
audit lock on default by session;
示范:
SQL> select * from all_def_audit_opts;
ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE FBK REA
--- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
-/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/-
SQL> audit alter on default by session;
Audit succeeded.
SQL> audit audit on default by session;
Audit succeeded.
SQL> audit delete on default by session;
Audit succeeded.
SQL> audit grant on default by access;
Audit succeeded.
SQL> audit lock on default by session;
Audit succeeded.
SQL> select * from all_def_audit_opts;
ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE FBK REA
--- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
S/S S/S -/- S/S A/A -/- -/- S/S -/- -/- -/- -/- -/- -/- -/-
关闭默认对象审计:
noaudit alter on default ;
noaudit audit on default ;
noaudit delete on default ;
noaudit grant on default;
noaudit lock on default;
6. 其余注意事项
1. 审计命令选项
by session对每一个session中发生的重复操做只记录一次,by access对每一个session中发生的每次操做都记录,而无论是否重复
Whenever [not] successful/whenever successful
操做成功(dba_audit_trail中returncode字段为0) 才审计. whenever not successful 操做失败才设计.
省略该子句(Whenever [not] successful/whenever successful )的话,无论操做成功与否都会审计。
2. 审计数据库初始化参数文件中AUDIT_TRAIL=OS时,审计记录存在操做系统的文件中,即参数AUDIT_FILE_DEST 指定的值,若是是windows,审计记录存放在事件管理器的应用程序日志中。数据库初始化参数文件中AUDIT_TRAIL=DB时,审计记录存在数据库中
3. 审计信息相关的数据字典视图
DBA_AUDIT_TRAIL 全部审计记录
DBA_AUDIT_EXISTS NOT EXISTS 审计产生的记录
DBA_AUDIT_OBJECT 关于对象的审计记录
DBA_AUDIT_SESSION 链接和断开的记录
DBA_AUDIT_STATEMENT 语句级别的审计记录
SYS.AUD$ 是惟一保留审计结果的表。其它的都是视图
AUDIT_ACTIONS 包含对审计跟踪动做类型代码的说明
ALL_DEF_AUDIT_OPTS 包含默认对象审计选项。当建立对象时将应用这些选项
DBA_STMT_AUDIT_OPTS 由用户设置的跨系统的当前系统审计选项
DBA_PRIV_AUDIT_OPTS 由用户正在审计的跨系统的当前系统权限
DBA_OBJ_AUDIT_OPTS 在全部对象上的审计选项
USER_OBJ_AUDIT_OPTS USER 视图描述当前用户拥有的全部对象上的审计选项
4. 有时候“语句审计”和“权限审计”是相互重复的。并不须要明确的区分这2种类型。例以下面红色粗体部分:
SQL> audit create table;
Audit succeeded.
SQL> SELECT * FROM DBA_STMT_AUDIT_OPTS;
USER_NAME PROX AUDIT_OPTION SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom CREATE SESSION BY ACCESS BY ACCESS
CREATE TABLE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom SELECT TABLE BY ACCESS BY ACCESS
tom INSERT TABLE BY ACCESS BY ACCESS
tom UPDATE TABLE BY ACCESS BY ACCESS
tom DELETE TABLE BY ACCESS BY ACCESS
9 rows selected.
SQL> SELECT * FROM DBA_PRIV_AUDIT_OPTS;
USER_NAME PROX PRIVILEGE SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
CREATE TABLE BY ACCESS BY ACCESS
tom CREATE SESSION BY ACCESS BY ACCESS
5. ALL_DEF_AUDIT_OPTS 数据字典视图说明
-/-: no default auditing
S/-: auditing whenever successful
-/S: auditing whenever not successful
Column Datatype NULL Description
ALT VARCHAR2(3) Auditing ALTER WHENEVER SUCCESSFUL / UNSUCCESSFUL
AUD VARCHAR2(3) Auditing AUDIT WHENEVER SUCCESSFUL / UNSUCCESSFUL
COM VARCHAR2(3) Auditing COMMENT WHENEVER SUCCESSFUL / UNSUCCESSFUL
DEL VARCHAR2(3) Auditing DELETE WHENEVER SUCCESSFUL / UNSUCCESSFUL
GRA VARCHAR2(3) Auditing GRANT WHENEVER SUCCESSFUL / UNSUCCESSFUL
IND VARCHAR2(3) Auditing INDEX WHENEVER SUCCESSFUL / UNSUCCESSFUL
INS VARCHAR2(3) Auditing INSERT WHENEVER SUCCESSFUL / UNSUCCESSFUL
LOC VARCHAR2(3) Auditing LOCK WHENEVER SUCCESSFUL / UNSUCCESSFUL
REN VARCHAR2(3) Auditing RENAME WHENEVER SUCCESSFUL / UNSUCCESSFUL
SEL VARCHAR2(3) Auditing SELECT WHENEVER SUCCESSFUL / UNSUCCESSFUL
UPD VARCHAR2(3) Auditing UPDATE WHENEVER SUCCESSFUL / UNSUCCESSFUL
REF CHAR(3) This column is obsolete and maintained for backward compatibility. The value of this column is always -/-
EXE VARCHAR2(3) Auditing EXECUTE WHENEVER SUCCESSFUL / UNSUCCESSFUL
FBK VARCHAR2(3) Auditing FLASHBACK WHENEVER SUCCESSFUL / UNSUCCESSFUL
REA VARCHAR2(3) Auditing READ WHENEVER SUCCESSFUL / UNSUCCESSFUL
相关文章
- 1. 信息安全审计系统S-Audit
- 2. mysql安全-数据库审计(audit)
- 3. mysql 审计(audit)
- 4. 审计日志audit
- 5. MySQL Audit日志审计
- 6. Linux audit 审计工具
- 7. Oracle 审计失败的用户登录(Oracle audit)
- 8. Oracle 10g Audit(审计) --- 记录登陆用户在Oracle中的全部操做
- 9. Linux安全审计功能的实现——audit详解
- 10. MongoDB安全的3A -- 认证(Authentication)、授权(Authorization)和审计(Audit
- 更多相关文章...
- • Git 安装配置 - Git 教程
- • ASP.NET MVC - 安全 - ASP.NET 教程
- • IntelliJ IDEA 代码格式化配置和快捷键
- • IDEA下SpringBoot工程配置文件没有提示
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. js中 charCodeAt
- 2. Android中通过ViewHelper.setTranslationY实现View移动控制(NineOldAndroids开源项目)
- 3. 【Android】日常记录:BottomNavigationView自定义样式,修改点击后图片
- 4. maya 文件检查 ui和数据分离 (一)
- 5. eclipse 修改项目的jdk版本
- 6. Android InputMethod设置
- 7. Simulink中Bus Selector出现很多? ? ?
- 8. 【Openfire笔记】启动Mac版Openfire时提示“系统偏好设置错误”
- 9. AutoPLP在偏好标签中的生产与应用
- 10. 数据库关闭的四种方式
欢迎关注本站公众号,获取更多信息
相关文章