查看审计的对象
select user_name,audit_option,success,failure from dba_stmt_audit_opts
union
select USER_NAME,privilege,success,failure from dba_priv_audit_opts;
ALTER ANY PROCEDURE BY ACCESS BY ACCESS
ALTER ANY TABLE BY ACCESS BY ACCESS
ALTER DATABASE BY ACCESS BY ACCESS
ALTER PROFILE BY ACCESS BY ACCESS
ALTER SYSTEM BY ACCESS BY ACCESS
ALTER TABLE BY ACCESS BY ACCESS
ALTER USER BY ACCESS BY ACCESS
AUDIT SYSTEM BY ACCESS BY ACCESS
CREATE ANY JOB BY ACCESS BY ACCESS
CREATE ANY LIBRARY BY ACCESS BY ACCESS
CREATE ANY PROCEDURE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
CREATE EXTERNAL JOB BY ACCESS BY ACCESS
CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS
CREATE SESSION BY ACCESS BY ACCESS
CREATE USER BY ACCESS BY ACCESS
DATABASE LINK BY ACCESS BY ACCESS
DROP ANY PROCEDURE BY ACCESS BY ACCESS
DROP ANY TABLE BY ACCESS BY ACCESS
DROP PROFILE BY ACCESS BY ACCESS
DROP USER BY ACCESS BY ACCESS
EXEMPT ACCESS POLICY BY ACCESS BY ACCESS
GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS
GRANT ANY PRIVILEGE BY ACCESS BY ACCESS
GRANT ANY ROLE BY ACCESS BY ACCESS
INDEX BY ACCESS BY ACCESS
MATERIALIZED VIEW BY ACCESS BY ACCESS
PROCEDURE BY ACCESS BY ACCESS
PROFILE BY ACCESS BY ACCESS
PUBLIC SYNONYM BY ACCESS BY ACCESS
ROLE BY ACCESS BY ACCESS
SYNONYM BY ACCESS BY ACCESS
SYSTEM AUDIT BY ACCESS BY ACCESS
SYSTEM GRANT BY ACCESS BY ACCESS
TABLE BY ACCESS BY ACCESS
TRIGGER BY ACCESS BY ACCESS
TYPE BY ACCESS BY ACCESS
VIEW BY ACCESS BY ACCESS
根据结果,数据库开启了如上审计记录.
使用 sqlplus / as sysdba 进行登陆
SQL> create user test identified by test;
User created.
SQL> drop user test;
User dropped.
之后进行查询
SQL> select * from DBA_AUDIT_TRAIL s WHERE s.action_name = 'CREATE USER' and s.username = 'SYS'
2 ;
no rows selected
却没有找到这一条 create 记录.
之后使用system 进行用户的创建
SQL> create user test identified by test;
User created.
SQL> drop user test;
User dropped.
SQL> select count(*) from DBA_AUDIT_TRAIL s WHERE s.action_name = 'CREATE USER' and s.username = 'SYSTEM';
COUNT(*)
----------
1
发现得到了审计记录
因为就算审计记录被写到了aud$或者dba_audit_trail中,sysdba用户依然可以对其进行delete.
因此推断aud$或者dba_audit_trail不记录sysdba,sysoper用户的操作.
select user_name,audit_option,success,failure from dba_stmt_audit_opts
union
select USER_NAME,privilege,success,failure from dba_priv_audit_opts;
ALTER ANY PROCEDURE BY ACCESS BY ACCESS
ALTER ANY TABLE BY ACCESS BY ACCESS
ALTER DATABASE BY ACCESS BY ACCESS
ALTER PROFILE BY ACCESS BY ACCESS
ALTER SYSTEM BY ACCESS BY ACCESS
ALTER TABLE BY ACCESS BY ACCESS
ALTER USER BY ACCESS BY ACCESS
AUDIT SYSTEM BY ACCESS BY ACCESS
CREATE ANY JOB BY ACCESS BY ACCESS
CREATE ANY LIBRARY BY ACCESS BY ACCESS
CREATE ANY PROCEDURE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
CREATE EXTERNAL JOB BY ACCESS BY ACCESS
CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS
CREATE SESSION BY ACCESS BY ACCESS
CREATE USER BY ACCESS BY ACCESS
DATABASE LINK BY ACCESS BY ACCESS
DROP ANY PROCEDURE BY ACCESS BY ACCESS
DROP ANY TABLE BY ACCESS BY ACCESS
DROP PROFILE BY ACCESS BY ACCESS
DROP USER BY ACCESS BY ACCESS
EXEMPT ACCESS POLICY BY ACCESS BY ACCESS
GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS
GRANT ANY PRIVILEGE BY ACCESS BY ACCESS
GRANT ANY ROLE BY ACCESS BY ACCESS
INDEX BY ACCESS BY ACCESS
MATERIALIZED VIEW BY ACCESS BY ACCESS
PROCEDURE BY ACCESS BY ACCESS
PROFILE BY ACCESS BY ACCESS
PUBLIC SYNONYM BY ACCESS BY ACCESS
ROLE BY ACCESS BY ACCESS
SYNONYM BY ACCESS BY ACCESS
SYSTEM AUDIT BY ACCESS BY ACCESS
SYSTEM GRANT BY ACCESS BY ACCESS
TABLE BY ACCESS BY ACCESS
TRIGGER BY ACCESS BY ACCESS
TYPE BY ACCESS BY ACCESS
VIEW BY ACCESS BY ACCESS
根据结果,数据库开启了如上审计记录.
使用 sqlplus / as sysdba 进行登陆
SQL> create user test identified by test;
User created.
SQL> drop user test;
User dropped.
之后进行查询
SQL> select * from DBA_AUDIT_TRAIL s WHERE s.action_name = 'CREATE USER' and s.username = 'SYS'
2 ;
no rows selected
却没有找到这一条 create 记录.
之后使用system 进行用户的创建
SQL> create user test identified by test;
User created.
SQL> drop user test;
User dropped.
SQL> select count(*) from DBA_AUDIT_TRAIL s WHERE s.action_name = 'CREATE USER' and s.username = 'SYSTEM';
COUNT(*)
----------
1
发现得到了审计记录
因为就算审计记录被写到了aud$或者dba_audit_trail中,sysdba用户依然可以对其进行delete.
因此推断aud$或者dba_audit_trail不记录sysdba,sysoper用户的操作.
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/7569309/viewspace-2132373/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/7569309/viewspace-2132373/