實驗-審計資訊的清理和策略關閉.txt
實驗-審計(二)
以前總是考慮如何開啟審計,對於如何終止、清除,瞭解不是很多。
今天,發現我的dba_common_Audit_trail檢視中有以下記錄:
SQL> column userhost format a30
SQL> column sql_text format a30
SQL> select audit_type,db_user,userhost,sql_text from dba_common_audit_trail;
今天,發現我的dba_common_Audit_trail檢視中有以下記錄:
SQL> column userhost format a30
SQL> column sql_text format a30
SQL> select audit_type,db_user,userhost,sql_text from dba_common_audit_trail;
AUDIT_TYPE DB_USER USERHOST SQL_TEXT
---------------------- ------------------------------ ------------------------------ ------------------------------
Mandatory XML Audit / localhost.localdomain CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Fine Grained Audit SCOTT localhost.localdomain
Fine Grained Audit TERRY localhost.localdomain delete from scott.emp where em
pno=7369
記得以前在oracle文件中看到過,dba_common_audit_trail是有aud$\fga_log$兩個基表得到的。
但兩表的查詢結果為:
---------------------- ------------------------------ ------------------------------ ------------------------------
Mandatory XML Audit / localhost.localdomain CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Fine Grained Audit SCOTT localhost.localdomain
Fine Grained Audit TERRY localhost.localdomain delete from scott.emp where em
pno=7369
記得以前在oracle文件中看到過,dba_common_audit_trail是有aud$\fga_log$兩個基表得到的。
但兩表的查詢結果為:
SQL> select userhost from aud$;
USERHOST
------------------------------
------------------------------
SQL> select dbuid,lsqltext from fga_log$;
DBUID LSQLTEXT
------------------------------ --------------------------------------------------------------------------------
SCOTT
TERRY delete from scott.emp where empno=7369
------------------------------ --------------------------------------------------------------------------------
SCOTT
TERRY delete from scott.emp where empno=7369
前面dba_common_audit_trail中audit_type為Mandatory XML Audit 的記錄是對sys使用者的連線所作的審計。
對sys或其他sysdba、sysoper許可權使用者的審計與audit_trail引數的設定無關。
從DB_USER可以看到,在兩個基表中未找到的都是sys使用者的記錄。因此進行以下的引數檢視:
從DB_USER可以看到,在兩個基表中未找到的都是sys使用者的記錄。因此進行以下的引數檢視:
Last login: Sat May 25 21:24:26 2013 from 192.168.56.1
[oracle@localhost ~]$ sqlplus /nolog
[oracle@localhost ~]$ sqlplus /nolog
SQL*Plus: Release 11.2.0.1.0 Production on Sun May 26 01:00:01 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
SQL> conn /as sysdba
sConnected.
SQL> show parameter audit_sys
sConnected.
SQL> show parameter audit_sys
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_sys_operations boolean FALSE
audit_syslog_level string
------------------------------------ ----------- ------------------------------
audit_sys_operations boolean FALSE
audit_syslog_level string
以上audit_sys_operations引數是我下午關閉的。
SQL> how parameter audit_trail;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_trail string XML, EXTENDED
------------------------------------ ----------- ------------------------------
audit_trail string XML, EXTENDED
在audit_trail的值為“XML,EXTENDED”時,sys及其他sysdba、sysoper使用者的登入資訊被儲存在作業系統檔案中。
檔案位置為:
檔案位置為:
SQL> show parameter audit_file_
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /u01/admin/testdb/adump
SQL> host
[oracle@localhost ~]$ cd /u01/admin/testdb/adump
[oracle@localhost adump]$ ls
adx_testdb.txt testdb_ora_8643_1.xml testdb_ora_8894_1.xml
testdb_ora_8596_1.xml testdb_ora_8747_1.xml testdb_ora_8897_1.xml
testdb_ora_8630_1.xml testdb_ora_8892_1.xml testdb_ora_9049_1.xml
注意這裡是八個xml檔案。
[oracle@localhost adump]$ tail adx_testdb.txt
/u01/admin/testdb/adump
testdb_ora_8747_1.xml
/u01/admin/testdb/adump
testdb_ora_8892_1.xml
/u01/admin/testdb/adump
testdb_ora_8894_1.xml
/u01/admin/testdb/adump
testdb_ora_8897_1.xml
/u01/admin/testdb/adump
testdb_ora_9049_1.xml
[oracle@localhost adump]$ more testdb_ora_9049_1.xml
http://xmlns.oracle.com/oracleas/schema/dbserver_audittrail-11_2
.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/dbserver_audittra
il-11_2.xsd">
11.2
8 1 2
013-05-26T05:00:04.358321Z / orac
le localhost.localdomain 9049ss>pts/0 0 0
Returncode>SYSDBA 2581100181
CONNECT
------------------------------------ ----------- ------------------------------
audit_file_dest string /u01/admin/testdb/adump
SQL> host
[oracle@localhost ~]$ cd /u01/admin/testdb/adump
[oracle@localhost adump]$ ls
adx_testdb.txt testdb_ora_8643_1.xml testdb_ora_8894_1.xml
testdb_ora_8596_1.xml testdb_ora_8747_1.xml testdb_ora_8897_1.xml
testdb_ora_8630_1.xml testdb_ora_8892_1.xml testdb_ora_9049_1.xml
注意這裡是八個xml檔案。
[oracle@localhost adump]$ tail adx_testdb.txt
/u01/admin/testdb/adump
testdb_ora_8747_1.xml
/u01/admin/testdb/adump
testdb_ora_8892_1.xml
/u01/admin/testdb/adump
testdb_ora_8894_1.xml
/u01/admin/testdb/adump
testdb_ora_8897_1.xml
/u01/admin/testdb/adump
testdb_ora_9049_1.xml
[oracle@localhost adump]$ more testdb_ora_9049_1.xml
.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.oracle.com/oracleas/schema/dbserver_audittra
il-11_2.xsd">
013-05-26T05:00:04.358321Z
le
Returncode>
[oracle@localhost adump]$ exit
exit
SQL> select audit_type,db_user,userhost,sql_text from dba_common_audit_trail;
AUDIT_TYPE DB_USER USERHOST SQL_TEXT
---------------------- ------------------------------ ------------------------------ ------------------------------
Mandatory XML Audit / localhost.localdomain CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit / localhost.localdomain CONNECT
Fine Grained Audit SCOTT localhost.localdomain
Fine Grained Audit TERRY localhost.localdomain delete from scott.emp where em
pno=7369
---------------------- ------------------------------ ------------------------------ ------------------------------
Mandatory XML Audit / localhost.localdomain CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit / localhost.localdomain CONNECT
Fine Grained Audit SCOTT localhost.localdomain
Fine Grained Audit TERRY localhost.localdomain delete from scott.emp where em
pno=7369
10 rows selected
以上有八條記錄是db_user為sys或/.其實/是我在用secureCRT時作業系統驗證方式登入。
與上面的記錄數相符。
其實sys使用者的審計,就是修改以上的兩個引數:
ALTER SYSTEM SET AUDIT_SYS_OPERATIONS=TRUE SCOPE=SPFILE;
ALTER SYSTEM SET AUDIT_TRAIL=XML, EXTENDED SCOPE=SPFILE;
然後重啟資料庫後生效的。
ALTER SYSTEM SET AUDIT_SYS_OPERATIONS=TRUE SCOPE=SPFILE;
ALTER SYSTEM SET AUDIT_TRAIL=XML, EXTENDED SCOPE=SPFILE;
然後重啟資料庫後生效的。
現在我們來清空記錄,停止該審計。
(一)自動清空審計記錄 【oracle 11gR2 security guide 368頁 Purging Audit Trail Records】
1.清空之前,可能需要調整線上日誌和歸檔日誌的大小。因為審計表清除的這段時間會產生審計記錄。
2.計劃好時間和歸檔策略
3.初始化審計跟蹤清除操作
1)首先,執行清空的使用者需要對dbms_audit_mgmt的execute許可權。
2)然後執行dbms_audit_mgmt.init_cleanup過程
格式:
BEGIN
DBMS_AUDIT_MGMT.INIT_CLEANUP(
AUDIT_TRAIL_TYPE => xxxxx,
DEFAULT_CLEANUP_INTERVAL => xx );
END;
/
1.清空之前,可能需要調整線上日誌和歸檔日誌的大小。因為審計表清除的這段時間會產生審計記錄。
2.計劃好時間和歸檔策略
3.初始化審計跟蹤清除操作
1)首先,執行清空的使用者需要對dbms_audit_mgmt的execute許可權。
2)然後執行dbms_audit_mgmt.init_cleanup過程
格式:
BEGIN
DBMS_AUDIT_MGMT.INIT_CLEANUP(
AUDIT_TRAIL_TYPE => xxxxx,
DEFAULT_CLEANUP_INTERVAL => xx );
END;
/
AUDIT_TRAIL_TYPE可能的取值有:
標準審計 DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD: Standard audit trail table, AUD$.
細粒度審計 DBMS_AUDIT_MGMT.AUDIT_TRAIL_FGA_STD: Fine-grained audit trail table, FGA_LOG$.
以上兩種 DBMS_AUDIT_MGMT.AUDIT_TRAIL_DB_STD: Both standard and fine-grained audit trail tables.
作業系統審計 DBMS_AUDIT_MGMT.AUDIT_TRAIL_OS: Operating system audit trail files with the .aud extension. (This setting does not apply to Windows Event Log entries.)
XML作業系統審計檔案–DBMS_AUDIT_MGMT.AUDIT_TRAIL_XML: XML Operating system audit trail files.
作業系統和XML格式檔案–DBMS_AUDIT_MGMT.AUDIT_TRAIL_FILES: Both operating system and XML audit trail files.
所有的跟蹤記錄–DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL: All audit trail records, that is, both database audit trail and operating system audit trail types.
標準審計 DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD: Standard audit trail table, AUD$.
細粒度審計 DBMS_AUDIT_MGMT.AUDIT_TRAIL_FGA_STD: Fine-grained audit trail table, FGA_LOG$.
以上兩種 DBMS_AUDIT_MGMT.AUDIT_TRAIL_DB_STD: Both standard and fine-grained audit trail tables.
作業系統審計 DBMS_AUDIT_MGMT.AUDIT_TRAIL_OS: Operating system audit trail files with the .aud extension. (This setting does not apply to Windows Event Log entries.)
XML作業系統審計檔案–DBMS_AUDIT_MGMT.AUDIT_TRAIL_XML: XML Operating system audit trail files.
作業系統和XML格式檔案–DBMS_AUDIT_MGMT.AUDIT_TRAIL_FILES: Both operating system and XML audit trail files.
所有的跟蹤記錄–DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL: All audit trail records, that is, both database audit trail and operating system audit trail types.
也就是說dbms_audit_mgmt.audit_trail_all是最全、最徹底的解決方式。
DEFAULT_CLEANUP_INTERVAL是預設的清除間隔時間。以小時計算。
可以使用DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_PROPERTY修改。
可以使用DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_PROPERTY修改。
4.可以為審計記錄設定歸檔時間戳
DBA_AUDIT_MGMT_LAST_ARCH_TS檢視中有上一次歸檔時間
DBA_AUDIT_MGMT_LAST_ARCH_TS檢視中有上一次歸檔時間
5.建立和安排清空作業日程
使用dbms_audit_mgmt.create_purge_job
如:
BEGIN
DBMS_AUDIT_MGMT.CREATE_PURGE_JOB (
AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,--可取值有五種,同上
AUDIT_TRAIL_PURGE_INTERVAL => 12,
AUDIT_TRAIL_PURGE_NAME => 'Standard_Audit_Trail_PJ',
USE_LAST_ARCH_TIMESTAMP => TRUE );--true表示刪除上次審計歸檔時間之前的記錄,false表示刪除所有
END;
/
使用dbms_audit_mgmt.create_purge_job
如:
BEGIN
DBMS_AUDIT_MGMT.CREATE_PURGE_JOB (
AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,--可取值有五種,同上
AUDIT_TRAIL_PURGE_INTERVAL => 12,
AUDIT_TRAIL_PURGE_NAME => 'Standard_Audit_Trail_PJ',
USE_LAST_ARCH_TIMESTAMP => TRUE );--true表示刪除上次審計歸檔時間之前的記錄,false表示刪除所有
END;
/
6.可選,配置審計記錄按批刪除
預設是每一萬條資料庫審計記錄刪除一次或一千個作業系統審計檔案刪除一次。
可修改。
預設是每一萬條資料庫審計記錄刪除一次或一千個作業系統審計檔案刪除一次。
可修改。
按照以上的指導,我們刪除所有作業系統和XML格式檔案的審計記錄:
SQL> BEGIN
2 DBMS_AUDIT_MGMT.INIT_CLEANUP(
3 AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,
4 DEFAULT_CLEANUP_INTERVAL => 24 );
5 END;
6 /
2 DBMS_AUDIT_MGMT.INIT_CLEANUP(
3 AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,
4 DEFAULT_CLEANUP_INTERVAL => 24 );
5 END;
6 /
PL/SQL procedure successfully completed.
SQL> BEGIN
2 DBMS_AUDIT_MGMT.CREATE_PURGE_JOB (
3 AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_FILES,
4 AUDIT_TRAIL_PURGE_INTERVAL => 24,
5 AUDIT_TRAIL_PURGE_NAME => 'Standard_Audit_Trail_PJ',
6 USE_LAST_ARCH_TIMESTAMP => TRUE );
7 END;
8 /
2 DBMS_AUDIT_MGMT.CREATE_PURGE_JOB (
3 AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_FILES,
4 AUDIT_TRAIL_PURGE_INTERVAL => 24,
5 AUDIT_TRAIL_PURGE_NAME => 'Standard_Audit_Trail_PJ',
6 USE_LAST_ARCH_TIMESTAMP => TRUE );
7 END;
8 /
PL/SQL procedure successfully completed.
但設定完成後並未立即其作用。
(二)手動清空審計記錄
1.使用DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL進行清除,如:
BEGIN
DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL(
AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_FILES,--可選項同上
USE_LAST_ARCH_TIMESTAMP => FALSE );
END;
/
1.使用DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL進行清除,如:
BEGIN
DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL(
AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_FILES,--可選項同上
USE_LAST_ARCH_TIMESTAMP => FALSE );
END;
/
實際中,我要將所有審計記錄都清空,因此clean_audit_trail時,
audit_trail_type是DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,
可以這樣做的前提是init_cleanup時也制定的同樣的audit_trail_type。
嘗試再次指定:
audit_trail_type是DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,
可以這樣做的前提是init_cleanup時也制定的同樣的audit_trail_type。
嘗試再次指定:
SQL> BEGIN
2 DBMS_AUDIT_MGMT.INIT_CLEANUP(
3 AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,
4 DEFAULT_CLEANUP_INTERVAL => 24 );
5 END;
6 /
BEGIN
*
ERROR at line 1:
ORA-46265: Subset of audit trail is already initialized
ORA-06512: at "SYS.DBMS_AUDIT_MGMT", line 61
ORA-06512: at "SYS.DBMS_AUDIT_MGMT", line 752
ORA-06512: at line 2
2 DBMS_AUDIT_MGMT.INIT_CLEANUP(
3 AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,
4 DEFAULT_CLEANUP_INTERVAL => 24 );
5 END;
6 /
BEGIN
*
ERROR at line 1:
ORA-46265: Subset of audit trail is already initialized
ORA-06512: at "SYS.DBMS_AUDIT_MGMT", line 61
ORA-06512: at "SYS.DBMS_AUDIT_MGMT", line 752
ORA-06512: at line 2
這時要取消該初始化,再重新設定:
SQL> BEGIN
2 DBMS_AUDIT_MGMT.DEINIT_CLEANUP(
3 AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL);
4 END;
5 /
BEGIN
*
ERROR at line 1:
ORA-46258: Cleanup not initialized for the audit trail
ORA-06512: at "SYS.DBMS_AUDIT_MGMT", line 61
ORA-06512: at "SYS.DBMS_AUDIT_MGMT", line 1086
ORA-06512: at line 2
2 DBMS_AUDIT_MGMT.DEINIT_CLEANUP(
3 AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL);
4 END;
5 /
BEGIN
*
ERROR at line 1:
ORA-46258: Cleanup not initialized for the audit trail
ORA-06512: at "SYS.DBMS_AUDIT_MGMT", line 61
ORA-06512: at "SYS.DBMS_AUDIT_MGMT", line 1086
ORA-06512: at line 2
SQL> BEGIN
2 DBMS_AUDIT_MGMT.DEINIT_CLEANUP(
3 AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD);
4 END;
5 /
PL/SQL procedure successfully completed.
重新指定init_cleanup:
SQL> BEGIN
2 DBMS_AUDIT_MGMT.INIT_CLEANUP(
3 AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,
4 DEFAULT_CLEANUP_INTERVAL => 24 );
5 END;
6 /
2 DBMS_AUDIT_MGMT.INIT_CLEANUP(
3 AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL,
4 DEFAULT_CLEANUP_INTERVAL => 24 );
5 END;
6 /
PL/SQL procedure successfully completed.
清除:
SQL> EXEC DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL(DBMS_AUDIT_MGMT.AUDIT_TRAIL_ALL, FALSE);
PL/SQL procedure successfully completed
SQL> select audit_type,db_user,userhost,sql_text from dba_common_audit_trail;
AUDIT_TYPE DB_USER USERHOST SQL_TEXT
---------------------- ------------------------------ ------------------------------ ------------------------------
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit / localhost.localdomain CONNECT
---------------------- ------------------------------ ------------------------------ ------------------------------
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit sys WORKGROUP\TIANLEI CONNECT
Mandatory XML Audit / localhost.localdomain CONNECT
6 rows selected
以上執行了所有審計檔案的清除,仍未將作業系統的XML格式檔案刪除,懷疑是由於我將audit_sys_operations 設定為false導致的。
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@localhost ~]$ cd /u01/admin/testdb/adump
[oracle@localhost adump]$ ls
adx_testdb.txt testdb_ora_8747_1.xml testdb_ora_9049_1.xml
testdb_ora_8630_1.xml testdb_ora_8892_1.xml
testdb_ora_8643_1.xml testdb_ora_8897_1.xml
[oracle@localhost adump]$ mkdir temp
[oracle@localhost adump]$ mv test* temp/
[oracle@localhost adump]$ ls
adx_testdb.txt temp
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@localhost ~]$ cd /u01/admin/testdb/adump
[oracle@localhost adump]$ ls
adx_testdb.txt testdb_ora_8747_1.xml testdb_ora_9049_1.xml
testdb_ora_8630_1.xml testdb_ora_8892_1.xml
testdb_ora_8643_1.xml testdb_ora_8897_1.xml
[oracle@localhost adump]$ mkdir temp
[oracle@localhost adump]$ mv test* temp/
[oracle@localhost adump]$ ls
adx_testdb.txt temp
登入後再檢視:
SQL> select audit_type,db_user,userhost,sql_text from dba_common_audit_trail;
AUDIT_TYPE DB_USER USERHOST SQL_TEXT
---------------------- ------------------------------ ------------------------------ ------------------------------
---------------------- ------------------------------ ------------------------------ ------------------------------
對於sys使用者的審計,僅僅將 設定為false是不夠的。仍會在dba_common_audit_trail中產生記錄。
還需要將audit_trail設定為NONE:
還需要將audit_trail設定為NONE:
SQL> alter system set audit_trail=NONE scope=spfile;
System altered.
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 405929984 bytes
Fixed Size 1336848 bytes
Variable Size 306186736 bytes
Database Buffers 92274688 bytes
Redo Buffers 6131712 bytes
Database mounted.
Database opened.
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@localhost adump]$ sqlplus /nolog
Fixed Size 1336848 bytes
Variable Size 306186736 bytes
Database Buffers 92274688 bytes
Redo Buffers 6131712 bytes
Database mounted.
Database opened.
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@localhost adump]$ sqlplus /nolog
SQL*Plus: Release 11.2.0.1.0 Production on Sun May 26 02:23:21 2013
Copyright (c) 1982, 2009, Oracle. All rights reserved.
SQL> conn /as sysdba
Connected.
SQL> select audit_type,db_user,userhost,sql_text from dba_common_audit_trail;
Connected.
SQL> select audit_type,db_user,userhost,sql_text from dba_common_audit_trail;
AUDIT_TYPE DB_USER USERHOST SQL_TEXT
---------------------- ------------------------------ ------------------------------ ------------------------------
Mandatory XML Audit / localhost.localdomain CONNECT
Mandatory XML Audit / localhost.localdomain CONNECT
Mandatory XML Audit / localhost.localdomain SHUTDOWN
---------------------- ------------------------------ ------------------------------ ------------------------------
Mandatory XML Audit / localhost.localdomain CONNECT
Mandatory XML Audit / localhost.localdomain CONNECT
Mandatory XML Audit / localhost.localdomain SHUTDOWN
可以看到以前生成的登入的記錄和關閉資料庫的記錄。修改audit_trail並重啟資料庫後,不會在再生成這樣的審計記錄了。
細粒度審計策略的停止和刪除:
細粒度審計策略的停止和刪除:
SQL> select object_schema,object_name,policy_name from dba_audit_policies;
OBJECT_SCHEMA OBJECT_NAME POLICY_OWNER POLICY_NAME
------------------------------ ------------------------------ ------------------------------ --------------
SCOTT EMP SYS ORDERS_FGA_POL
------------------------------ ------------------------------ ------------------------------ --------------
SCOTT EMP SYS ORDERS_FGA_POL
SQL> exec DBMS_FGA.DISABLE_POLICY('SCOTT','EMP','ORDERS_FGA_POL');
PL/SQL procedure successfully completed
SQL> exec DBMS_FGA.DROP_POLICY('SCOTT','EMP','ORDERS_FGA_POL');
PL/SQL procedure successfully completed
SQL> select object_schema,object_name,policy_name from dba_audit_policies;
OBJECT_SCHEMA OBJECT_NAME POLICY_NAME
------------------------------ ------------------------------ ------------------------------
------------------------------ ------------------------------ ------------------------------
SQL>
(三)檢視
從dba_auditxxxx檢視中可以看到審計的設定資訊。
若希望以後不再開啟審計,相關檢視不需要,可以用作業系統特定位置的CATNOAUD.SQL指令碼將相關檢視刪除。
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26451536/viewspace-765440/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Oracle:審計清理Oracle
- Oracle 11g Database和ASM預設的審計策略和相關操作OracleDatabaseASM
- oracle 11g 關閉審計功能Oracle
- oracle 審計日誌清理Oracle
- oracle9i審計功能的開啟和審計策略的設定方法Oracle
- MySQL:show slave status 關鍵值和MGRrelay log的清理策略MySql
- 反垃圾郵件和資訊審計
- 【實驗】Oracle審計語句的使用演示Oracle
- 【實驗】【審計】【FGA】使用Oracle的審計功能監控資料庫中的可疑操作Oracle資料庫
- 《JAVA併發程式設計實戰》取消和關閉Java程式設計
- 【rac】實驗一:啟動關閉歸檔
- 關閉特定物件統計資訊自動收集物件
- AUDIT_TRAIL設定及審計日誌清理AI
- 淺談“最小化”和“關閉”的互動體驗
- 驗證Kubernetes YAML的最佳實踐和策略YAML
- 經驗教訓,慎用Oracle的審計Oracle
- 程式碼審查的實踐經驗
- 怎樣實現關閉connection時自動關閉Statement和ResultSet
- win10熱點資訊怎麼關閉 win10熱點資訊永久關閉Win10
- 提升SEO的14條公關策略–資訊圖
- 關於oracle審計功能Oracle
- Win10怎麼通過組策略關閉自動更新 策略組關閉win10自動更新Win10
- Win10怎麼透過組策略關閉自動更新 策略組關閉win10自動更新Win10
- [20151212]審計統計分析.txt
- 【Python】關閉 warning 資訊提示Python
- win10彈窗熱點資訊怎麼關閉_win10熱點資訊彈窗的關閉方法Win10
- 【rman備份策略】實驗
- mysql的啟動和關閉MySql
- Oracle Database標準審計和細粒度審計功能OracleDatabase
- oracle集合型別使用的實驗.TXTOracle型別
- 柱狀圖和列統計資訊的關係
- delphi清理txt檔案多餘的空格
- win10系統關閉客戶體驗改善計劃的方法Win10
- 實驗-資料分佈對執行計劃的影響.txt
- 同行程式碼審查的實戰經驗行程
- oracle清理無用的sql資訊OracleSQL
- Cobar SQL審計的設計與實現SQL
- 關於oracle11g的審計功能Oracle