【實驗】【審計】【FGA】使用Oracle的審計功能監控資料庫中的可疑操作
看一下Oracle的審計功能(包括FGA細粒度審計)能給我們帶來些什麼的強悍效果。
我將透過這個小文兒向您展示一下Oracle很牛的審計功能。Follow me.
1.使用審計,需要先啟用審計功能
1)檢視系統中預設的與審計相關的引數設定
sys@ora10g> conn / as sysdba
Connected.
sys@ora10g> show parameter audit
NAME TYPE VALUE
--------------------- --------- --------------------------------------
audit_file_dest string /oracle/app/oracle/admin/ora10g/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string NONE
2)對上面所列的引數進行一下解釋
(1)AUDIT_FILE_DEST = 路徑
指示出審計的檔案存放的路徑資訊,我們這裡顯示的是“/oracle/app/oracle/admin/ora10g/adump”
不管開啟還是不開啟審計功能,這個目錄項都會記錄以sysdba身份的每次登入資訊,有興趣的朋友可以到這個目錄中檢視一下。
例如:
$ cat ora_9915.aud
Audit file /oracle/app/oracle/admin/ora10g/adump/ora_9915.aud
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - 64bit Production
With the Partitioning, Oracle Label Security, OLAP and Data Mining Scoring Engine options
ORACLE_HOME = /oracle/app/oracle/product/10.2.0/db_1
System name: Linux
Node name: testdb183
Release: 2.6.18-128.el5
Version: #1 SMP Wed Dec 17 11:41:38 EST 2008
Machine: x86_64
Instance name: ora10g
Redo thread mounted by this instance: 1
Oracle process number: 13
Unix process pid: 9915, image: oracle@testdb183 (TNS V1-V3)
Wed Aug 26 19:24:11 2009
ACTION : 'CONNECT'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/1
STATUS: 0
(2)audit_sys_operations
預設值是FALSE,如果開啟審計功能,這個引數需要修改為TRUE。
(3)audit_syslog_level
語句:指定審計語句或特定型別的語句組,象審計表的語句 CREATE TABLE, TRUNCATE TABLE, COMMENT ON TABLE, and DELETE [FROM] TABLE
許可權:使用審計語句指定系統許可權,象AUDIT CREATE ANY TRIGGER
物件:在指定物件上指定審計語句,象ALTER TABLE on the emp table
(4)AUDIT_TRAIL = NONE|DB|OS
DB--審計資訊記錄到資料庫中
OS--審計資訊記錄到作業系統檔案中
NONE--關閉審計(預設值)
3)修改引數audit_sys_operations為“TRUE”,開啟審計的功能
sys@ora10g> alter system set audit_sys_operations=TRUE scope=spfile;
System altered.
4)修改引數audit_trail為“db”,審計資訊記錄到資料庫中
sys@ora10g> alter system set audit_trail=db scope=spfile;
System altered.
5)注意,到這裡如果需要使這些引數生效,必須重新啟動一下資料庫
sys@ora10g> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
sys@ora10g> startup;
ORACLE instance started.
Total System Global Area 1073741824 bytes
Fixed Size 2078264 bytes
Variable Size 293603784 bytes
Database Buffers 771751936 bytes
Redo Buffers 6307840 bytes
Database mounted.
Database opened.
6)驗證一些引數修改後的結果,這裡顯示已經修改完成
sys@ora10g> show parameter audit;
NAME TYPE VALUE
--------------------- -------- --------------------------------------
audit_file_dest string /oracle/app/oracle/admin/ora10g/adump
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB
2.開啟了審計功能後,這裡有一個有趣的效果,就是所有sysdba許可權下的操作都會被記錄到這個/oracle/app/oracle/admin/ora10g/adump審計目錄下。這也是為什麼開啟了審計功能後會存在一些開銷和風險。
1)假如我們在sysdba許可權使用者下執行下面三條命令
sys@ora10g> alter session set nls_date_format='yyyy-mm-dd hh24:mi:ss';
Session altered.
sys@ora10g> select * From dual;
D
-
X
sys@ora10g> show parameter spfile
NAME TYPE VALUE
------ ------ ------------------------------------------------------------
spfile string /oracle/app/oracle/product/10.2.0/db_1/dbs/spfileora10g.ora
2)使用tail命令可以看到在相應的trace檔案中有如下的詳細記錄資訊,有點意思的發現,可以看到“show parameter spfile”命令背後真正執行了什麼樣的SQL語句
Wed Aug 26 20:04:03 2009
ACTION : 'alter session set nls_date_format='yyyy-mm-dd hh24:mi:ss''
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
Wed Aug 26 20:04:03 2009
ACTION : 'BEGIN DBMS_OUTPUT.GET_LINES(:LINES, :NUMLINES); END;'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
Wed Aug 26 20:04:16 2009
ACTION : 'select * From dual'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
Wed Aug 26 20:04:16 2009
ACTION : 'BEGIN DBMS_OUTPUT.GET_LINES(:LINES, :NUMLINES); END;'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
Wed Aug 26 20:07:21 2009
ACTION : 'SELECT NAME NAME_COL_PLUS_SHOW_PARAM,DECODE(TYPE,1,'boolean',2,'string',3,'integer',4,'file',5,'number', 6,'big integer', 'unknown') TYPE,DISPLAY_VALUE VALUE_COL_PLUS_SHOW_PARAM FROM V$PARAMETER WHERE UPPER(NAME) LIKE UPPER('%spfile%') ORDER BY NAME_COL_PLUS_SHOW_PARAM,ROWNUM'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
3.演示一下對sec使用者的t_audit表delete操作的審計效果
1)表t_audit資訊如下
sec@ora10g> select * from t_audit order by 1;
X
----------
1
2
3
4
5
6
6 rows selected.
2)這裡僅僅開啟對錶t_audit的delete操作的審計
sec@ora10> audit delete on t_audit;
Audit succeeded.
3)檢視審計設定可以透過查詢dba_obj_audit_opts檢視來完成
sec@ora10g> select OWNER,OBJECT_NAME,OBJECT_TYPE,DEL,INS,SEL,UPD from dba_obj_audit_opts;
OWNER OBJECT_NAME OBJECT_TYPE DEL INS SEL UPD
------ ------------ ------------ --------- --------- --------- ---------
SEC T_AUDIT TABLE S/S -/- -/- -/-
4)嘗試插入資料
sec@ora10g> insert into t_audit values (7);
1 row created.
5)因為我們沒有對insert語句進行審計,所以沒有審計資訊可以得到
sec@ora10g> select count(*) from dba_audit_trail;
COUNT(*)
----------
0
6)再嘗試delete操作
sec@ora10g> delete from t_audit where x=1;
1 row deleted.
7)不出所料,delete操作被資料庫捕獲
這裡可以透過查詢dba_audit_trail檢視或者sys.aud$檢視得到詳細的審計資訊,這種審計方法可以得到操作的時間,操作使用者等較粗的資訊(相對後面介紹的細粒度審計來說)
sec@ora10g> select count(*) from dba_audit_trail;
COUNT(*)
----------
1
select * from dba_audit_trail;
select * from sys.aud$;
4.如想要取消對錶t_audit的全部審計,需要使用手工方式來完成
sec@ora10> noaudit all on t_audit;
Noaudit succeeded.
透過查詢dba_obj_audit_opts檢視,確認確實已經取消的審計
sec@ora10g> select * from dba_obj_audit_opts;
no rows selected
5.【FGA】【細粒度審計】上面得到的審計資訊是較粗的,我們進一步演示一下“細粒度審計FGA”的效果:可以透過FGA得到操作的SQL語句級別的資訊
1)細粒度審計t_audit表上的增刪改查的一切操作
sec@ora10g> conn / as sysdba
Connected.
sys@ora10g> exec dbms_fga.add_policy(object_schema=>'SEC', object_name=> 't_audit', policy_name=> 'check_t_audit',statement_types => 'INSERT, UPDATE, DELETE, SELECT');
PL/SQL procedure successfully completed.
2)對t_audit表增刪改查操作一番
sys@ora10g> conn sec/sec
Connected.
sec@ora10g> select * from t_audit;
X
----------
2
3
4
5
6
7
6 rows selected.
sec@ora10g> delete from t_audit where x=5;
1 row deleted.
sec@ora10g> update t_audit set x=8 where x=7;
1 row updated.
sec@ora10g> insert into t_audit values (1);
1 row created.
sec@ora10g> commit;
Commit complete.
3)OK,檢視dba_fga_audit_trail檢視得到了4條審計記錄
sec@ora10g> select count(*) from dba_fga_audit_trail;
COUNT(*)
----------
4
4)詳細檢視一下對應的SQL操作,FGA還是很強悍的
sec@ora10g> col DB_USER for a10
sec@ora10g> col SQL_TEXT for a50
sec@ora10g> select db_user,sql_text from dba_fga_audit_trail;
DB_USER SQL_TEXT
---------- --------------------------------------------------
SEC select * from t_audit
SEC delete from t_audit where x=5
SEC update t_audit set x=8 where x=7
SEC insert into t_audit values (1)
5)最後再看一下這個dba_fga_audit_trail檢視的結構,可以看到這個檢視中記錄了非常詳盡的審計資訊列
sec@ora10g> desc dba_fga_audit_trail
Name Null? Type
------------------- -------- ----------------------------
SESSION_ID NOT NULL NUMBER
TIMESTAMP DATE
DB_USER VARCHAR2(30)
OS_USER VARCHAR2(255)
USERHOST VARCHAR2(128)
CLIENT_ID VARCHAR2(64)
ECONTEXT_ID VARCHAR2(64)
EXT_NAME VARCHAR2(4000)
OBJECT_SCHEMA VARCHAR2(30)
OBJECT_NAME VARCHAR2(128)
POLICY_NAME VARCHAR2(30)
SCN NUMBER
SQL_TEXT NVARCHAR2(2000)
SQL_BIND NVARCHAR2(2000)
COMMENT$TEXT VARCHAR2(4000)
STATEMENT_TYPE VARCHAR2(7)
EXTENDED_TIMESTAMP TIMESTAMP(6) WITH TIME ZONE
PROXY_SESSIONID NUMBER
GLOBAL_UID VARCHAR2(32)
INSTANCE_NUMBER NUMBER
OS_PROCESS VARCHAR2(16)
TRANSACTIONID RAW(8)
STATEMENTID NUMBER
ENTRYID NUMBER
6)針對上面新增的審計策略進行調整:disable_policy、enable_policy和drop_policy的方法
使策略失效的方法:
sys@ora10g> exec dbms_fga.disable_policy(object_schema=>'SEC', object_name=> 't_audit', policy_name=> 'check_t_audit');
使策略生效的方法:
sys@ora10g> exec dbms_fga.enable_policy(object_schema=>'SEC', object_name=> 't_audit', policy_name=> 'check_t_audit');
徹底刪除策略的方法:
sec@ora10g> exec dbms_fga.drop_policy(object_schema=>'SEC', object_name=> 't_audit', policy_name=> 'check_t_audit');
PL/SQL procedure successfully completed.
最後列一下dbms_fga提供給我們使用的方法都有哪些
sec@ora10g> desc dbms_fga
PROCEDURE ADD_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
AUDIT_CONDITION VARCHAR2 IN DEFAULT
AUDIT_COLUMN VARCHAR2 IN DEFAULT
HANDLER_SCHEMA VARCHAR2 IN DEFAULT
HANDLER_MODULE VARCHAR2 IN DEFAULT
ENABLE BOOLEAN IN DEFAULT
STATEMENT_TYPES VARCHAR2 IN DEFAULT
AUDIT_TRAIL BINARY_INTEGER IN DEFAULT
AUDIT_COLUMN_OPTS BINARY_INTEGER IN DEFAULT
PROCEDURE DISABLE_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
PROCEDURE DROP_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
PROCEDURE ENABLE_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
ENABLE BOOLEAN IN DEFAULT
6.小結
以上的實驗展示了Oracle的審計功能,包括Oracle引以為傲的FGA細粒度審計。
警告:這種審計的方法是需要付出一定的代價的,如磁碟的開銷,效能的開銷,以及您的系統是否允許反覆的停啟資料庫例項等等。在生產環境中使用之前需要多方面評估。
Goodluck.
-- The End --
我將透過這個小文兒向您展示一下Oracle很牛的審計功能。Follow me.
1.使用審計,需要先啟用審計功能
1)檢視系統中預設的與審計相關的引數設定
sys@ora10g> conn / as sysdba
Connected.
sys@ora10g> show parameter audit
NAME TYPE VALUE
--------------------- --------- --------------------------------------
audit_file_dest string /oracle/app/oracle/admin/ora10g/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string NONE
2)對上面所列的引數進行一下解釋
(1)AUDIT_FILE_DEST = 路徑
指示出審計的檔案存放的路徑資訊,我們這裡顯示的是“/oracle/app/oracle/admin/ora10g/adump”
不管開啟還是不開啟審計功能,這個目錄項都會記錄以sysdba身份的每次登入資訊,有興趣的朋友可以到這個目錄中檢視一下。
例如:
$ cat ora_9915.aud
Audit file /oracle/app/oracle/admin/ora10g/adump/ora_9915.aud
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - 64bit Production
With the Partitioning, Oracle Label Security, OLAP and Data Mining Scoring Engine options
ORACLE_HOME = /oracle/app/oracle/product/10.2.0/db_1
System name: Linux
Node name: testdb183
Release: 2.6.18-128.el5
Version: #1 SMP Wed Dec 17 11:41:38 EST 2008
Machine: x86_64
Instance name: ora10g
Redo thread mounted by this instance: 1
Oracle process number: 13
Unix process pid: 9915, image: oracle@testdb183 (TNS V1-V3)
Wed Aug 26 19:24:11 2009
ACTION : 'CONNECT'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/1
STATUS: 0
(2)audit_sys_operations
預設值是FALSE,如果開啟審計功能,這個引數需要修改為TRUE。
(3)audit_syslog_level
語句:指定審計語句或特定型別的語句組,象審計表的語句 CREATE TABLE, TRUNCATE TABLE, COMMENT ON TABLE, and DELETE [FROM] TABLE
許可權:使用審計語句指定系統許可權,象AUDIT CREATE ANY TRIGGER
物件:在指定物件上指定審計語句,象ALTER TABLE on the emp table
(4)AUDIT_TRAIL = NONE|DB|OS
DB--審計資訊記錄到資料庫中
OS--審計資訊記錄到作業系統檔案中
NONE--關閉審計(預設值)
3)修改引數audit_sys_operations為“TRUE”,開啟審計的功能
sys@ora10g> alter system set audit_sys_operations=TRUE scope=spfile;
System altered.
4)修改引數audit_trail為“db”,審計資訊記錄到資料庫中
sys@ora10g> alter system set audit_trail=db scope=spfile;
System altered.
5)注意,到這裡如果需要使這些引數生效,必須重新啟動一下資料庫
sys@ora10g> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
sys@ora10g> startup;
ORACLE instance started.
Total System Global Area 1073741824 bytes
Fixed Size 2078264 bytes
Variable Size 293603784 bytes
Database Buffers 771751936 bytes
Redo Buffers 6307840 bytes
Database mounted.
Database opened.
6)驗證一些引數修改後的結果,這裡顯示已經修改完成
sys@ora10g> show parameter audit;
NAME TYPE VALUE
--------------------- -------- --------------------------------------
audit_file_dest string /oracle/app/oracle/admin/ora10g/adump
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB
2.開啟了審計功能後,這裡有一個有趣的效果,就是所有sysdba許可權下的操作都會被記錄到這個/oracle/app/oracle/admin/ora10g/adump審計目錄下。這也是為什麼開啟了審計功能後會存在一些開銷和風險。
1)假如我們在sysdba許可權使用者下執行下面三條命令
sys@ora10g> alter session set nls_date_format='yyyy-mm-dd hh24:mi:ss';
Session altered.
sys@ora10g> select * From dual;
D
-
X
sys@ora10g> show parameter spfile
NAME TYPE VALUE
------ ------ ------------------------------------------------------------
spfile string /oracle/app/oracle/product/10.2.0/db_1/dbs/spfileora10g.ora
2)使用tail命令可以看到在相應的trace檔案中有如下的詳細記錄資訊,有點意思的發現,可以看到“show parameter spfile”命令背後真正執行了什麼樣的SQL語句
Wed Aug 26 20:04:03 2009
ACTION : 'alter session set nls_date_format='yyyy-mm-dd hh24:mi:ss''
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
Wed Aug 26 20:04:03 2009
ACTION : 'BEGIN DBMS_OUTPUT.GET_LINES(:LINES, :NUMLINES); END;'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
Wed Aug 26 20:04:16 2009
ACTION : 'select * From dual'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
Wed Aug 26 20:04:16 2009
ACTION : 'BEGIN DBMS_OUTPUT.GET_LINES(:LINES, :NUMLINES); END;'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
Wed Aug 26 20:07:21 2009
ACTION : 'SELECT NAME NAME_COL_PLUS_SHOW_PARAM,DECODE(TYPE,1,'boolean',2,'string',3,'integer',4,'file',5,'number', 6,'big integer', 'unknown') TYPE,DISPLAY_VALUE VALUE_COL_PLUS_SHOW_PARAM FROM V$PARAMETER WHERE UPPER(NAME) LIKE UPPER('%spfile%') ORDER BY NAME_COL_PLUS_SHOW_PARAM,ROWNUM'
DATABASE USER: '/'
PRIVILEGE : SYSDBA
CLIENT USER: oracle
CLIENT TERMINAL: pts/2
STATUS: 0
3.演示一下對sec使用者的t_audit表delete操作的審計效果
1)表t_audit資訊如下
sec@ora10g> select * from t_audit order by 1;
X
----------
1
2
3
4
5
6
6 rows selected.
2)這裡僅僅開啟對錶t_audit的delete操作的審計
sec@ora10> audit delete on t_audit;
Audit succeeded.
3)檢視審計設定可以透過查詢dba_obj_audit_opts檢視來完成
sec@ora10g> select OWNER,OBJECT_NAME,OBJECT_TYPE,DEL,INS,SEL,UPD from dba_obj_audit_opts;
OWNER OBJECT_NAME OBJECT_TYPE DEL INS SEL UPD
------ ------------ ------------ --------- --------- --------- ---------
SEC T_AUDIT TABLE S/S -/- -/- -/-
4)嘗試插入資料
sec@ora10g> insert into t_audit values (7);
1 row created.
5)因為我們沒有對insert語句進行審計,所以沒有審計資訊可以得到
sec@ora10g> select count(*) from dba_audit_trail;
COUNT(*)
----------
0
6)再嘗試delete操作
sec@ora10g> delete from t_audit where x=1;
1 row deleted.
7)不出所料,delete操作被資料庫捕獲
這裡可以透過查詢dba_audit_trail檢視或者sys.aud$檢視得到詳細的審計資訊,這種審計方法可以得到操作的時間,操作使用者等較粗的資訊(相對後面介紹的細粒度審計來說)
sec@ora10g> select count(*) from dba_audit_trail;
COUNT(*)
----------
1
select * from dba_audit_trail;
select * from sys.aud$;
4.如想要取消對錶t_audit的全部審計,需要使用手工方式來完成
sec@ora10> noaudit all on t_audit;
Noaudit succeeded.
透過查詢dba_obj_audit_opts檢視,確認確實已經取消的審計
sec@ora10g> select * from dba_obj_audit_opts;
no rows selected
5.【FGA】【細粒度審計】上面得到的審計資訊是較粗的,我們進一步演示一下“細粒度審計FGA”的效果:可以透過FGA得到操作的SQL語句級別的資訊
1)細粒度審計t_audit表上的增刪改查的一切操作
sec@ora10g> conn / as sysdba
Connected.
sys@ora10g> exec dbms_fga.add_policy(object_schema=>'SEC', object_name=> 't_audit', policy_name=> 'check_t_audit',statement_types => 'INSERT, UPDATE, DELETE, SELECT');
PL/SQL procedure successfully completed.
2)對t_audit表增刪改查操作一番
sys@ora10g> conn sec/sec
Connected.
sec@ora10g> select * from t_audit;
X
----------
2
3
4
5
6
7
6 rows selected.
sec@ora10g> delete from t_audit where x=5;
1 row deleted.
sec@ora10g> update t_audit set x=8 where x=7;
1 row updated.
sec@ora10g> insert into t_audit values (1);
1 row created.
sec@ora10g> commit;
Commit complete.
3)OK,檢視dba_fga_audit_trail檢視得到了4條審計記錄
sec@ora10g> select count(*) from dba_fga_audit_trail;
COUNT(*)
----------
4
4)詳細檢視一下對應的SQL操作,FGA還是很強悍的
sec@ora10g> col DB_USER for a10
sec@ora10g> col SQL_TEXT for a50
sec@ora10g> select db_user,sql_text from dba_fga_audit_trail;
DB_USER SQL_TEXT
---------- --------------------------------------------------
SEC select * from t_audit
SEC delete from t_audit where x=5
SEC update t_audit set x=8 where x=7
SEC insert into t_audit values (1)
5)最後再看一下這個dba_fga_audit_trail檢視的結構,可以看到這個檢視中記錄了非常詳盡的審計資訊列
sec@ora10g> desc dba_fga_audit_trail
Name Null? Type
------------------- -------- ----------------------------
SESSION_ID NOT NULL NUMBER
TIMESTAMP DATE
DB_USER VARCHAR2(30)
OS_USER VARCHAR2(255)
USERHOST VARCHAR2(128)
CLIENT_ID VARCHAR2(64)
ECONTEXT_ID VARCHAR2(64)
EXT_NAME VARCHAR2(4000)
OBJECT_SCHEMA VARCHAR2(30)
OBJECT_NAME VARCHAR2(128)
POLICY_NAME VARCHAR2(30)
SCN NUMBER
SQL_TEXT NVARCHAR2(2000)
SQL_BIND NVARCHAR2(2000)
COMMENT$TEXT VARCHAR2(4000)
STATEMENT_TYPE VARCHAR2(7)
EXTENDED_TIMESTAMP TIMESTAMP(6) WITH TIME ZONE
PROXY_SESSIONID NUMBER
GLOBAL_UID VARCHAR2(32)
INSTANCE_NUMBER NUMBER
OS_PROCESS VARCHAR2(16)
TRANSACTIONID RAW(8)
STATEMENTID NUMBER
ENTRYID NUMBER
6)針對上面新增的審計策略進行調整:disable_policy、enable_policy和drop_policy的方法
使策略失效的方法:
sys@ora10g> exec dbms_fga.disable_policy(object_schema=>'SEC', object_name=> 't_audit', policy_name=> 'check_t_audit');
使策略生效的方法:
sys@ora10g> exec dbms_fga.enable_policy(object_schema=>'SEC', object_name=> 't_audit', policy_name=> 'check_t_audit');
徹底刪除策略的方法:
sec@ora10g> exec dbms_fga.drop_policy(object_schema=>'SEC', object_name=> 't_audit', policy_name=> 'check_t_audit');
PL/SQL procedure successfully completed.
最後列一下dbms_fga提供給我們使用的方法都有哪些
sec@ora10g> desc dbms_fga
PROCEDURE ADD_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
AUDIT_CONDITION VARCHAR2 IN DEFAULT
AUDIT_COLUMN VARCHAR2 IN DEFAULT
HANDLER_SCHEMA VARCHAR2 IN DEFAULT
HANDLER_MODULE VARCHAR2 IN DEFAULT
ENABLE BOOLEAN IN DEFAULT
STATEMENT_TYPES VARCHAR2 IN DEFAULT
AUDIT_TRAIL BINARY_INTEGER IN DEFAULT
AUDIT_COLUMN_OPTS BINARY_INTEGER IN DEFAULT
PROCEDURE DISABLE_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
PROCEDURE DROP_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
PROCEDURE ENABLE_POLICY
Argument Name Type In/Out Default?
------------------------------ ----------------------- ------ --------
OBJECT_SCHEMA VARCHAR2 IN DEFAULT
OBJECT_NAME VARCHAR2 IN
POLICY_NAME VARCHAR2 IN
ENABLE BOOLEAN IN DEFAULT
6.小結
以上的實驗展示了Oracle的審計功能,包括Oracle引以為傲的FGA細粒度審計。
警告:這種審計的方法是需要付出一定的代價的,如磁碟的開銷,效能的開銷,以及您的系統是否允許反覆的停啟資料庫例項等等。在生產環境中使用之前需要多方面評估。
Goodluck.
-- The End --
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/519536/viewspace-613323/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- 【FGA】將FGA細粒度審計功能的審計結果記錄在資料庫中資料庫
- Oracle FGA審計功能Oracle
- Oracle FGA細粒度審計——基於內容的資料庫審計(一)Oracle資料庫
- Oracle FGA細粒度審計——基於內容的資料庫審計(二)Oracle資料庫
- Oracle FGA細粒度審計——基於內容的資料庫審計(三)Oracle資料庫
- 利用Oracle FGA實現審計Oracle
- 【FGA】將FGA細粒度審計功能的審計結果記錄在XML檔案中XML
- 審計Oracle資料庫的使用Oracle資料庫
- oracle 細粒度審計(fga)Oracle
- Oracle資料庫審計功能介紹Oracle資料庫
- oracle fga審計(欄位級)Oracle
- 資料庫安全審計在資料安全中的功能資料庫
- 資料庫DDL操作審計資料庫
- ORACLE的 審計功能Oracle
- 【審計】標準資料庫審計資料庫
- 【實驗】Oracle審計語句的使用演示Oracle
- Oracle 審計的初步操作Oracle
- Oracle 審計功能Oracle
- oracle審計功能Oracle
- 開啟mysql 資料庫審計功能。MySql資料庫
- ORACLE 資料庫審計詳解Oracle資料庫
- ORACLE資料庫標準審計Oracle資料庫
- 初識ORACLE的審計功能Oracle
- 開啟Oracle的審計功能Oracle
- Oracle使用審計監控使用者執行過的SQL語句OracleSQL
- Oracle Audit 審計功能的認識與使用Oracle
- 安全管理:polardb資料庫審計功能資料庫
- 資料庫審計-hexorbase資料庫HexoORB
- oracle資料庫sys使用者的審計(網文摘錄)Oracle資料庫
- Oracle Database標準審計和細粒度審計功能OracleDatabase
- 關於oracle審計功能Oracle
- 舉例說明Oracle資料庫審計的用法Oracle資料庫
- 【FGA】擴充套件Oracle細粒度審計功能——呼叫定製的儲存過程套件Oracle儲存過程
- 快速實現oracle10g的審計功能Oracle
- 拍拍貸資料庫審計資料庫
- oracle9i審計功能的開啟和審計策略的設定方法Oracle
- Oracle中審計刪除(DELETE)操作的觸發器Oracledelete觸發器
- FGA審計及audit_trail引數AI