Disable Database Audit In Oracle 19c RAC-20220111
Disable Database Audit In Oracle 19c RAC-20220111
導讀:為什麼要使用審計呢?通常情況下是為了透過稽核來監控使用者活動。同時資料庫審計也是資料庫安全的一個重要組成部分(官方描述)。現實中生產環境開啟審計的目的:更重要的是為了滿足合規審計要求(生產環境建議開啟)。例如:等保3級測評,開啟資料庫審計是必須的。若開啟審計功能注意建立審計記錄生命週期管理,不要讓審計記錄撐爆你的資料庫。
1.環境與db版本
環境:oracle 19c rac on three nodes for redhat8.3 db版本:19.9(已應用19.9RU) SQL> select * from v$version; BANNER ---------------------------------------------------------------------------------------------------------------------------------------------------------------- BANNER_FULL -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- BANNER_LEGACY CON_ID ---------------------------------------------------------------------------------------------------------------------------------------------------------------- ---------- Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.9.0.0.0 Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production 0
2.檢視database auditing狀態
2.1 檢查Rac內所有節點的database auditing和sql statements with SYS authorization狀態(預設是開啟)
# 方法1,透過show parameter檢視
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ---------------------- ------------------------------
audit_file_dest string /u01/app/oracle/admin/racdb/ad
ump
audit_sys_operations boolean TRUE <=default enable sql statements with SYS authorization
audit_syslog_level string
audit_trail string DB <=dbca create database default enable database shandard auditing
unified_audit_common_systemlog string
unified_audit_sga_queue_size integer 1048576
unified_audit_systemlog string
# 方法2,透過gv$parameter檢視檢視
col name for a40
col value for a30
set line 200
select inst_id,name,value from gv$parameter where name in ('audit_sys_operations','audit_trail') order by 1,2;
INST_ID NAME VALUE
---------- ---------------------------------------- ------------------------------
1 audit_sys_operations TRUE <=default enable sql statements with SYS authorization
1 audit_trail DB <=dbca create database default enable shandard database auditing
2 audit_sys_operations TRUE
2 audit_trail DB
3 audit_sys_operations TRUE
3 audit_trail DB
6 rows selected.
2.2 檢查Rac內所有節點的審計sunified auditing狀態(預設是關閉)
SQL> select inst_id,value,parameter from gv$option where parameter='Unified Auditing' order by 1; INST_ID VALUE PARAMETER ---------- ------------------------------ ---------------------------------------- 1 FALSE Unified Auditing 2 FALSE Unified Auditing 3 FALSE Unified Auditing # false表示未配置unified auditing
3.關閉database auditing
3.1 關閉Rac內所有節點的database auditing
關閉database auditing # audit_trail此引數僅能關閉database auditing。關於FGA的審計是無法關閉的 SQL> alter system set audit_trail=none sid='*' scope=spfile; System altered. 關閉sql statements with SYS authorization # audit_sys_operations此引數僅能減少sysdba的審計。關於sysdba的startup,shutdown,connect是無法關閉的 SQL> alter system set audit_sys_operations=false sid='*' scope=spfile; System altered.
3.2 重啟db讓引數立即生效
修改audit_trail或audit_sys_operations後需重啟db才能立即生效。 # Rac重啟db步驟 [oracle@rac3:/home/oracle]$srvctl stop database -db racdb [oracle@rac3:/home/oracle]$srvctl start database -db racdb
3.3 檢查引數是否生效
已經閉關database shandard auditing和sql statements with SYS authorization
col name for a40
col value for a30
set line 200
select inst_id,name,value from gv$parameter where name in ('audit_sys_operations','audit_trail') order by 1,2;SQL> SQL> SQL>
INST_ID NAME VALUE
---------- ---------------------------------------- ------------------------------
1 audit_sys_operations FALSE <=closed
1 audit_trail NONE <=closed
2 audit_sys_operations FALSE
2 audit_trail NONE
3 audit_sys_operations FALSE
3 audit_trail NONE
6 rows selected.
4.參考文件
How to Disable Oracle Database Auditing (Doc ID 1528170.1)
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26442936/viewspace-2871551/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Database Audit and Audit trail purgingDatabaseAI
- Oracle 19c Database Management ToolsOracleDatabase
- Overview of Oracle Flex ASM In Oracle 19c RAC-20220111ViewOracleFlexASM
- 1 Oracle Database 19c 新特性OracleDatabase
- Sqlcl 連線Oracle DataBase 19cSQLOracleDatabase
- Audit Vault and Database VaultDatabase
- alter database disable thread 2Databasethread
- Oracle Database 19c安裝Sample SchemasOracleDatabase
- Oracle 19c Concepts(13):Oracle Database InstanceOracleDatabase
- Oracle 19c Concepts(01):Introduction to Oracle DatabaseOracleDatabase
- Oracle Database 19c中的自動索引OracleDatabase索引
- ORACLE AUDITOracle
- Disable Tfa In Oracle 19c RAC-20220112Oracle
- Oracle 19c Concepts(00):Changes in This Release for Oracle Database ConceptsOracleDatabase
- Oracle Audit setupOracle
- oracle audit and securityOracle
- Oracle 19c Concepts(19):Concepts for Database DevelopersOracleDatabaseDeveloper
- Oracle 19c Database Configure the HTTPS Port for EM ExpressOracleDatabaseHTTPExpress
- Disable Oracle Automatic JobsOracle
- Oracle 19c Concepts(17):Topics for Database Administrators and DevelopersOracleDatabaseDeveloper
- Oracle 審計 auditOracle
- oracle 審計(Audit)Oracle
- [20221222]How to Enable and Disable Database Options in oracle 11g.txtDatabaseOracle
- Oracle 19c Concepts(18):Concepts for Database AdministratorsOracleDatabase
- 【kingsql分享】Oracle Database 19c的各種新特性介紹SQLOracleDatabase
- Oracle Database 19c(19.9) RAC On RedHat 8.3 Using VirtualBox and MacBookOracleDatabaseRedhatMac
- Oracle 19c透過recover standby database from service修復GAP案例OracleDatabase
- ORACLE AUDIT審計(1)Oracle
- oracle10g_audit_solaris_利用audit_sys_operationsOracle
- Oracle 19c DBA's Guide(01): Getting Started with Database AdministrationOracleGUIIDEDatabase
- Oracle database 19c中獲取當前資料庫版本的方法OracleDatabase資料庫
- 使用免費的Oracle雲服務-在雲主機上安裝Oracle Database 19cOracleDatabase
- Oracle Database 19c 中的 JSON_OBJECT 函式的增強功能OracleDatabaseJSONObject函式
- oracle開啟audit(審計)Oracle
- Oracle Audit 應用實踐Oracle
- Oracle Audit 審計 說明Oracle
- oracle實驗記錄 (audit)Oracle
- You Buy a NUMA System, Oracle Says Disable NUMAOracle