Oracle審計(轉)
Oracle審計
1.
AUDIT_SYS_OPERATIONS = TRUE審計管理使用者(以sysdba/sysoper角色登陸)
windows平臺會儲存到Event Viewer日誌檔案中,諸如
CONNECT / AS SYSDBA;
ALTER SYSTEM FLUSH SHARED_POOL;
UPDATE salary SET base=1000 WHERE name='myname';
的操作都會記錄到windows事件中
AUDIT_TRAIL=OS時AUDIT_FILE_DEST定義審計的destination
2.
相關的檢視
-- 審計記錄
select * from sys.aud$
select * from dba_audit_trail
select * from dba_common_audit_trail
-- action的定義
select * from audit_actions
3.
多層環境下的審計
appserve-應用伺服器
jackson-client?
AUDIT SELECT TABLE BY appserve ON BEHALF OF jackson;
4.
審計選項
Statement-諸如CREATE TABLE, TRUNCATE TABLE, COMMENT ON TABLE, and DELETE [FROM] TABLE等語句
Privilege-AUDIT CREATE ANY TRIGGER會審計使用CREATE ANY TRIGGER許可權執行的語句
Object-審計特定物件上的特定語句,比如emp表上的ALTER TABLE語句
5.
BY SESSION/BY ACCESS-每個session或者每次訪問
WHENEVER SUCCESSFUL/WHENEVER NOT SUCCESSFUL-成功/不成功
6.
審計連線或斷開連線:
AUDIT SESSION;
-- 指定使用者
AUDIT SESSION BY jeff, lori;
審計許可權(使用該許可權才能執行的操作):
AUDIT DELETE ANY TABLE BY ACCESS WHENEVER NOT SUCCESSFUL;
AUDIT DELETE ANY TABLE;
AUDIT SELECT TABLE, INSERT TABLE, DELETE TABLE, EXECUTE PROCEDURE
BY ACCESS WHENEVER NOT SUCCESSFUL;
物件審計:
AUDIT DELETE ON jeff.emp;
AUDIT SELECT, INSERT, DELETE ON jward.dept BY ACCESS WHENEVER SUCCESSFUL;
7.
取消審計
NOAUDIT session;
NOAUDIT session BY jeff, lori;
NOAUDIT DELETE ANY TABLE;
NOAUDIT SELECT TABLE, INSERT TABLE, DELETE TABLE,EXECUTE PROCEDURE;
-- 取消所有statement審計
NOAUDIT ALL;
-- 取消所有許可權審計
NOAUDIT ALL PRIVILEGES;
-- 取消所有物件審計
NOAUDIT ALL ON DEFAULT;
8.
清除審計資訊
DELETE FROM SYS.AUD$;
DELETE FROM SYS.AUD$ WHERE obj$name='EMP';
9.
審計檢視
STMT_AUDIT_OPTION_MAP-審計選項型別程式碼
AUDIT_ACTIONS-action程式碼
ALL_DEF_AUDIT_OPTS-物件建立時預設的物件審計選項
DBA_STMT_AUDIT_OPTS-當前資料庫系統審計選項
DBA_PRIV_AUDIT_OPTS-許可權審計選項
DBA_OBJ_AUDIT_OPTS
USER_OBJ_AUDIT_OPTS-物件審計選項
DBA_AUDIT_TRAIL
USER_AUDIT_TRAIL-審計記錄
DBA_AUDIT_OBJECT
USER_AUDIT_OBJECT-審計物件列表
DBA_AUDIT_SESSION
USER_AUDIT_SESSION-session審計
DBA_AUDIT_STATEMENT
USER_AUDIT_STATEMENT-語句審計
DBA_AUDIT_EXISTS-使用BY AUDIT NOT EXISTS選項的審計
DBA_AUDIT_POLICIES-審計POLICIES
DBA_COMMON_AUDIT_TRAIL-標準審計+精細審計
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/756652/viewspace-242220/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- oracle審計-細粒度(轉)Oracle
- oracle10g審計(轉)Oracle
- Oracle:審計清理Oracle
- ORACLE AUDIT審計(1)Oracle
- oracle 細粒度審計(fga)Oracle
- oracle fga審計(欄位級)Oracle
- Oracle OCP(52):細粒度審計Oracle
- Oracle OCP(51):簡單審計Oracle
- Oracle OCP(50):審計簡介Oracle
- 【AUDIT]Oracle審計配置及常用sqlOracleSQL
- Oracle 統一審計- Best 實踐三Oracle
- Oracle 統一審計- Best 實踐一Oracle
- Oracle資料庫審計功能介紹Oracle資料庫
- oracle 11g 系統審計功能Oracle
- Oracle 12c 統一審計(Unified Auditing)OracleNifi
- Oracle Audit 審計功能的認識與使用Oracle
- Oracle Linux 7使用syslog來管理Oracle ASM的審計檔案OracleLinuxASM
- Oracle Linux 7使用cron來管理Oracle ASM審計檔案目錄的增長OracleLinuxASM
- (轉)Rustls 完成第三方安全審計RustTLS
- Oracle審計--AUD$佔用空間較大處理方案Oracle
- Oracle 標準審計,設定AUDIT_SYSLOG _LEVEL引數Oracle
- DM7審計之物件審計物件
- 使用grep命令,玩轉程式碼審計尋找Sink
- DM7審計之語句序列審計
- DM7審計之語句級審計
- Java程式碼審計篇 - ofcms系統審計思路講解 - 篇4 - XXE漏洞審計Java
- AUDIT審計(2)
- Kubernetes 審計(Auditing)
- IT審計隨想
- MySQL審計auditMySql
- ORACLE TEXT(轉)Oracle
- ORACLE EVENTS(轉)Oracle
- Oracle Partitioning(轉)Oracle
- ORACLE DSI(轉)Oracle
- Oracle 轉MySqlOracleMySql
- Java程式碼審計篇 - ofcms系統審計思路講解 - 篇3 - 檔案上傳漏洞審計Java
- Java程式碼審計篇 - ofcms系統審計思路講解 - 篇2 - SQL隱碼攻擊漏洞審計JavaSQL
- vertica審計日誌