在11.2中,Oracle对于AUDIT语句进行了增强。
这一篇介绍将AUDIT的ALL STATEMENT语句。
在以前的版本中,审计只支持AUDIT ALL和AUDIT ALL PRIVILEGES,在11.2中,审计又增加了AUDIT ALL STATEMENTS,可以审计所有的顶级的SQL语句。
SQL> SELECT * FROM V$VERSION;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
PL/SQL Release 11.2.0.1.0 - Production
CORE 11.2.0.1.0 Production
TNS for Linux: Version 11.2.0.1.0 - Production
NLSRTL Version 11.2.0.1.0 - Production
SQL> AUDIT ALL STATEMENTS;
审计已成功。
SQL> SELECT USER_NAME, AUDIT_OPTION, SUCCESS, FAILURE
2 FROM DBA_STMT_AUDIT_OPTS;
USER_NAME AUDIT_OPTION SUCCESS FAILURE
------------------------------ ---------------------------------------- ---------- ----------
ALTER SYSTEM BY ACCESS BY ACCESS
SYSTEM AUDIT BY ACCESS BY ACCESS
CREATE SESSION BY ACCESS BY ACCESS
CREATE USER BY ACCESS BY ACCESS
ALTER USER BY ACCESS BY ACCESS
DROP USER BY ACCESS BY ACCESS
PUBLIC SYNONYM BY ACCESS BY ACCESS
DATABASE LINK BY ACCESS BY ACCESS
ROLE BY ACCESS BY ACCESS
PROFILE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
ALTER ANY TABLE BY ACCESS BY ACCESS
DROP ANY TABLE BY ACCESS BY ACCESS
ALL STATEMENTS BY SESSION BY SESSION
CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS
GRANT ANY ROLE BY ACCESS BY ACCESS
SYSTEM GRANT BY ACCESS BY ACCESS
ALTER DATABASE BY ACCESS BY ACCESS
CREATE ANY PROCEDURE BY ACCESS BY ACCESS
ALTER ANY PROCEDURE BY ACCESS BY ACCESS
DROP ANY PROCEDURE BY ACCESS BY ACCESS
ALTER PROFILE BY ACCESS BY ACCESS
DROP PROFILE BY ACCESS BY ACCESS
GRANT ANY PRIVILEGE BY ACCESS BY ACCESS
CREATE ANY LIBRARY BY ACCESS BY ACCESS
EXEMPT ACCESS POLICY BY ACCESS BY ACCESS
GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS
CREATE ANY JOB BY ACCESS BY ACCESS
CREATE EXTERNAL JOB BY ACCESS BY ACCESS
已选择29行。
下面利用其他用户执行一些操作:
SQL> SHOW USER
USER 为 "YANGTK"
SQL> CREATE TABLE T_TEST (ID NUMBER);
表已创建。
SQL> INSERT INTO T_TEST VALUES (1);
已创建 1 行。
SQL> SELECT * FROM T_TEST;
ID
----------
1
SQL> DROP TABLE T_TEST PURGE;
表已删除。
检查审计结果:
SQL> SELECT USERID, ACTION#, OBJ$NAME
2 FROM SYS.AUD$
3 WHERE OBJ$NAME = 'T_TEST';
USERID ACTION# OBJ$NAME
------------------------------ ---------- ----------
YANGTK 1 T_TEST
YANGTK 2 T_TEST
YANGTK 3 T_TEST
YANGTK 12 T_TEST
通过使用NOAUDIT ALL STATEMENTS语句,可以关闭所有语句的统计:
SQL> NOAUDIT ALL STATEMENTS;
审计未成功。
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/4227/viewspace-627071/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/4227/viewspace-627071/