快速實現oracle10g的審計功能
快速實現oracle10g的審計功能
工作需要,要在一個表上建立審計功能,看了一些文件,摘要如下:
1.首先修改引數audit_trail:
alter system set audit_trail=DB_EXTENDED scope=spfile ;
說明:如果修改成DB引數,無法在sys.aud$表記錄執行的sql文字,以及bind數值.
使用 audit_trail=DB_EXTENDED可以實現.
2.移動sys使用者下的aud$,audit$表到另外的表空間,主要問題是避免佔用系統systemt太多.
另外需要rebuild相應的索引並且移出system表空間.
ALTER TABLE SYS.aud$ MOVE TABLESPACE tools LOB(sqltext,sqlbind) STORE AS (TABLESPACE tools);
ALTER TABLE SYS.audit$ MOVE TABLESPACE tools;
ALTER INDEX SYS.I_AUD1 REBUILD TABLESPACE TOOLS STORAGE ( INITIAL 64K ) ;
ALTER INDEX SYS.I_AUDIT REBUILD TABLESPACE TOOLS STORAGE ( INITIAL 64K ) ;
3.建立審計,例子:
AUDIT Delete ON SCOTT.DEPT BY ACCESS WHENEVER SUCCESSFUL ;
AUDIT Update ON SCOTT.DEPT BY ACCESS WHENEVER SUCCESSFUL ;
重啟oracle資料庫.
說明:審計的一些其他選項
by access / by session:
by access 每一個被審計的操作都會生成一條audit trail。
by session 一個會話裡面同型別的操作只會生成一條audit trail,預設為by session。
4.測試資料:
insert into dept values(50,'111',111);
commit ;
update dept set loc='222' where deptno=50 ;
update dept set loc='333' where deptno=50 ;
rollback
4.檢視審計結果,執行:
SELECT * FROM dba_audit_trail;
dba_audit_trail實際上是SYS.aud$ , system_privilege_map spm, system_privilege_map spx,
stmt_audit_option_map aom, audit_actions act組成的檢視.
不過有一個問題,就是如果執行rollback,在aud$表中一樣存在記錄.
參考:
When Triggers Are Necessary
Avoiding False Positives. Audit trails are generated through autonomous transactions
from the original transactions. Hence they are committed even if the original transactions
are rolled back.
Here is a simple example to illustrate the point. Assume that we have set up auditing for
UPDATEs on table CLASS. A user issues a statement to update a data value from 20 to 10
and then rolls it back as shown below.
update class set size = 10 where class_id = 123;
rollback
Now the value of the column SIZE will be 20, not 10, as if the user never did anything.
However, the audit trail will capture the change, even if it's rolled back. This may be
undesirable in some cases, especially if there are lots of rollbacks by users.
In such a case, you may have to use the trigger to capture only committed changes.
If there were a trigger on the table CLASS to insert records into the user defined
audit trail, upon rollback the audit trails would have been rolled back too.
工作需要,要在一個表上建立審計功能,看了一些文件,摘要如下:
1.首先修改引數audit_trail:
alter system set audit_trail=DB_EXTENDED scope=spfile ;
說明:如果修改成DB引數,無法在sys.aud$表記錄執行的sql文字,以及bind數值.
使用 audit_trail=DB_EXTENDED可以實現.
2.移動sys使用者下的aud$,audit$表到另外的表空間,主要問題是避免佔用系統systemt太多.
另外需要rebuild相應的索引並且移出system表空間.
ALTER TABLE SYS.aud$ MOVE TABLESPACE tools LOB(sqltext,sqlbind) STORE AS (TABLESPACE tools);
ALTER TABLE SYS.audit$ MOVE TABLESPACE tools;
ALTER INDEX SYS.I_AUD1 REBUILD TABLESPACE TOOLS STORAGE ( INITIAL 64K ) ;
ALTER INDEX SYS.I_AUDIT REBUILD TABLESPACE TOOLS STORAGE ( INITIAL 64K ) ;
3.建立審計,例子:
AUDIT Delete ON SCOTT.DEPT BY ACCESS WHENEVER SUCCESSFUL ;
AUDIT Update ON SCOTT.DEPT BY ACCESS WHENEVER SUCCESSFUL ;
重啟oracle資料庫.
說明:審計的一些其他選項
by access / by session:
by access 每一個被審計的操作都會生成一條audit trail。
by session 一個會話裡面同型別的操作只會生成一條audit trail,預設為by session。
4.測試資料:
insert into dept values(50,'111',111);
commit ;
update dept set loc='222' where deptno=50 ;
update dept set loc='333' where deptno=50 ;
rollback
4.檢視審計結果,執行:
SELECT * FROM dba_audit_trail;
dba_audit_trail實際上是SYS.aud$ , system_privilege_map spm, system_privilege_map spx,
stmt_audit_option_map aom, audit_actions act組成的檢視.
不過有一個問題,就是如果執行rollback,在aud$表中一樣存在記錄.
參考:
When Triggers Are Necessary
Avoiding False Positives. Audit trails are generated through autonomous transactions
from the original transactions. Hence they are committed even if the original transactions
are rolled back.
Here is a simple example to illustrate the point. Assume that we have set up auditing for
UPDATEs on table CLASS. A user issues a statement to update a data value from 20 to 10
and then rolls it back as shown below.
update class set size = 10 where class_id = 123;
rollback
Now the value of the column SIZE will be 20, not 10, as if the user never did anything.
However, the audit trail will capture the change, even if it's rolled back. This may be
undesirable in some cases, especially if there are lots of rollbacks by users.
In such a case, you may have to use the trigger to capture only committed changes.
If there were a trigger on the table CLASS to insert records into the user defined
audit trail, upon rollback the audit trails would have been rolled back too.
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/267265/viewspace-624567/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- oracle10g 審計功能Oracle
- 轉載:Oracle審計功能(Oracle10g)Oracle
- Oracle10g審計Oracle
- ORACLE的 審計功能Oracle
- oracle10g審計(轉)Oracle
- Oracle 審計功能Oracle
- MySQL審計功能MySql
- oracle審計功能Oracle
- 如何利用 Redis 快速實現簽到統計功能Redis
- Cobar SQL審計的設計與實現SQL
- 初識ORACLE的審計功能Oracle
- 開啟Oracle的審計功能Oracle
- 【實驗】【審計】【FGA】使用Oracle的審計功能監控資料庫中的可疑操作Oracle資料庫
- Oracle FGA審計功能Oracle
- 利用Oracle FGA實現審計Oracle
- 轉載:Oracle10g新特性——審計Oracle
- Elasticsearch Auditing(es的審計功能)Elasticsearch
- Oracle Database標準審計和細粒度審計功能OracleDatabase
- .Net Core 審計日誌實現
- 關於oracle審計功能Oracle
- mysql啟用審計功能MySql
- LINUX AS 5 審計功能Linux
- Asp-Net-Core開發筆記:實現動態審計日誌功能筆記
- 【Mysql】mysql開啟審計功能MySql
- Oracle audit 審計功能說明Oracle
- oracle9i審計功能的開啟和審計策略的設定方法Oracle
- Oracle10G審計失敗的使用者登陸Oracle
- Oracle Audit 審計功能的認識與使用Oracle
- 關於oracle11g的審計功能Oracle
- python自動化審計及實現Python
- oracle10g的undrop功能一點實踐Oracle
- CQ Tech | 解析 CloudQuery 審計分析功能Cloud
- 財務軟體的審計功能怎麼用
- vue + element 實現快速關閉動態tabs功能Vue
- 使用ElasticSearch6.0快速實現全文搜尋功能Elasticsearch
- 利用 ICEpdf 快速實現 pdf 檔案預覽功能
- Unity——計時器功能實現Unity
- 【FGA】將FGA細粒度審計功能的審計結果記錄在資料庫中資料庫