Oracle10G審計失敗的使用者登陸

luckyfriends發表於2014-06-06
Oracle

文章版權所有 Jusin Hao(luckyfriends) ,支援原創,轉載請註明

1.1.1.1.           遷移審計表到新表空間


---建立存放審計記錄的表空間



create tablespace erptbs_audit datafile '/u02/LUCKY/erptbs_audit_01.dbf' size 200M autoextend on maxsize 5G;



---將審計表及其索引存放到新的表空間



select * from dba_indexes a where a.table_name IN ('AUD$','AUDIT$','AUDIT_ACTIONS');



clip_image002



alter table aud$ move tablespace erptbs_audit;



alter index I_aud1 rebuild online tablespace erptbs_audit;



alter table audit$ move tablespace erptbs_audit;



alter index i_audit rebuild online tablespace erptbs_audit;



alter table audit_actions move tablespace erptbs_audit;



alter index i_audit_actions rebuild online tablespace erptbs_audit;



select * from dba_segments a where a.segment_name in ('AUD$','AUDIT$','AUDIT_ACTIONS');



clip_image004



1.1.1.2.           審計LUCKY登入失敗


SQL> select * from v$version where rownum<3;



 BANNER



----------------------------------------------------------------



Oracle Database 10g Enterprise Edition Release 10.2.0.5.0 - 64bi



PL/SQL Release 10.2.0.5.0 - Production



 SQL> show parameter audit



 



NAME                                 TYPE        VALUE



------------------------------------ ----------- ------------------------------



audit_file_dest                      string      /u01/app/oracle/admin/lsdb/adump



audit_sys_operations                 boolean     FALSE



audit_syslog_level                   string     



audit_trail                          string      NONE



SQL> alter system set audit_trail=DB scope=spfile;



SQL> shutdown immediate



SQL> startup



SQL> show parameter audit



 


NAME                                 TYPE        VALUE



------------------------------------ ----------- ------------------------------



audit_file_dest                      string      /u01/app/oracle/admin/lsdb/adu



                                                 mp



audit_sys_operations                 boolean     FALSE



audit_syslog_level                   string



audit_trail                          string      DB



---只審計LUCKY使用者的失敗登入



SQL> audit session by LUCKY whenever not successful;



C:\>sqlplus LUCKY/1@lsdb_81



SQL*Plus: Release 11.2.0.3.0 Production on 星期四 6 5 14:20:35 2014



Copyright (c) 1982, 2011, Oracle.  All rights reserved.



ERROR:



ORA-01017: invalid username/password; logon denied



請輸入使用者名稱:  ^C



select os_username,username,userhost,terminal,timestamp,owner,obj_name,action_name,sessionid,os_process,sql_text from dba_audit_trail;



clip_image006



SQL> select * from dba_stmt_audit_opts;



 USER_NAME         PROXY_NAME   AUDIT_OPTION                             SUCCESS    FAILURE



------------------------------ ------------------------------ ------------------------



LUCKY                    CREATE SESSION                           NOT SET    BY ACCESS



 



SQL> select * from DBA_PRIV_AUDIT_OPTS;



 USER_NAME      PROXY_NAME         PRIVILEGE         SUCCESS    FAILURE



------------------------------ ------------------------------ ------------------------



LUCKY                       CREATE SESSION      NOT SET    BY ACCESS



 


來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/14710393/viewspace-1176828/,如需轉載,請註明出處,否則將追究法律責任。

相關文章