配置 Oracle 审计(传统审计和统一审计)

最新推荐文章于 2023-09-11 15:05:26 发布
最新推荐文章于 2023-09-11 15:05:26 发布
阅读量1k 收藏 1
点赞数 1
文章标签: oracle 数据库 linux 运维
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/cxj252/article/details/132086271
版权

配置 Oracle 审计(传统审计和统一审计)

在19c环境里面想关闭传统审计,只使用同一审计(默认是audit_trail 为 DB,混合审计模式,两者都可以使用);
然后就将参数设置为none,结果过了一段时间发现同一审计也是没有记录的(因为没有执行make操作,本文会有操作描述)

-- Oracle 审计
-- 官档:https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/introduction-to-auditing.html#GUID-94381464-53A3-421B-8F13-BD171C867405
-- 盖国强老师介绍统一审计:https://www.modb.pro/db/21964,在 Oracle 20c 中,传统审计(Traditional Auditing)不再支持,统一审计(Unified Auditing)成为主流。

/*混合模式审计和纯统一审计之间的差异
模式          特征                                                               启用
混合模式审核  既有传统审计,也有统一审计;可以使用统一审计工具和传统的审计工具   启用任何统一审计策略。无需重新启动数据库。依赖audit_trail为 DB 或DB,EXTENDED
纯统一审计    只有统一审计;只能使用统一审计工具                                 以uniaud_on选项链接二进制文件oracle,然后重新启动数据库。
*/

-- 调整统一审计 AUD$UNIFIED 基表默认表空间,
create tablespace AUDIT_TBS datafile size 100m autoextend on next 100m maxsize unlimited;
alter tablespace AUDIT_TBS add datafile size 100m autoextend on next 100m maxsize unlimited;
BEGIN
  DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_LOCATION(AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED, AUDIT_TRAIL_LOCATION_VALUE => 'AUDIT_TBS');
  DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_LOCATION(AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_DB_STD, AUDIT_TRAIL_LOCATION_VALUE => 'AUDIT_TBS');
END;
/


-- 查看启
col segment_name FOR a35
col partition_name FOR a20
col segment_type FOR a20
col tablespace_name FOR a15
col mbytes FOR 999,990.00
SELECT segment_name,
       segment_type,
       partition_name,
       bytes / 1024 / 1024 AS MBytes,
       tablespace_name
  FROM dba_segments
 WHERE owner = 'AUDSYS';

-- 调整审计记录分区间隔
BEGIN
  dbms_audit_mgmt.alter_partition_interval(interval_number => 1, interval_frequency => 'DAY');
END;
/

-- 创建策略
CREATE AUDIT POLICY DBA_AUDIT_DDL_ACTIONS
PRIVILEGES
CREATE PUBLIC DATABASE LINK,DROP PUBLIC DATABASE LINK
ACTIONS
ALTER FUNCTION,ALTER INDEX,ALTER PACKAGE,ALTER PACKAGE BODY,ALTER SEQUENCE,ALTER TABLE,ALTER VIEW,ALTER MATERIALIZED VIEW,ALTER PROCEDURE,ALTER TABLESPACE,ALTER TRIGGER,
CHANGE PASSWORD,CREATE FUNCTION,CREATE INDEX,CREATE PACKAGE,CREATE PACKAGE BODY,CREATE PROCEDURE,CREATE SEQUENCE,CREATE TABLE,CREATE SYNONYM,CREATE VIEW,CREATE MATERIALIZED VIEW,CREATE TABLESPACE,CREATE AUDIT POLICY,CREATE TRIGGER,
DROP FUNCTION,DROP INDEX,DROP PACKAGE,DROP PACKAGE BODY,DROP PROCEDURE,DROP SEQUENCE,DROP TABLE,DROP SYNONYM,DROP VIEW,DROP MATERIALIZED VIEW,DROP TABLESPACE,DROP AUDIT POLICY,DROP TRIGGER,
TRUNCATE TABLE,GRANT,REVOKE,COMMENT,AUDIT,FLASHBACK TABLE,NOAUDIT,RENAME
ACTIONS COMPONENT=DATAPUMP ALL
ACTIONS COMPONENT=DIRECT_LOAD LOAD;

-- 启用策略
AUDIT POLICY DBA_AUDIT_DDL_ACTIONS;

-- 停用策略
-- NOAUDIT POLICY DBA_AUDIT_DDL_ACTIONS;

-- 删除策略
-- DROP AUDIT POLICY DBA_AUDIT_DDL_ACTIONS;

-- 删除定时作业
BEGIN
    DBMS_SCHEDULER.drop_job ( job_name => 'UPDATE_AUDIT_TSTAMP_UNIFIED');
    DBMS_SCHEDULER.drop_job ( job_name => 'PURGE_AUDIT_TRAIL_UNIFIED');
END;
/

-- 设置更新 last archive time 定时任务
BEGIN
    DBMS_SCHEDULER.create_job (
        job_name          => 'UPDATE_AUDIT_TSTAMP_UNIFIED',
        job_type          => 'PLSQL_BLOCK',
        job_action        => 'BEGIN DBMS_AUDIT_MGMT.SET_LAST_ARCHIVE_TIMESTAMP(DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED,TRUNC(SYSTIMESTAMP)-180); END;',
        start_date        => SYSTIMESTAMP,
        repeat_interval   => 'freq=daily;interval=1;byhour=5;byminute=0;bysecond=0;',
        end_date          => NULL,
        enabled           => TRUE,
        comments          => 'Automatically update Unified Audit last archive time @05:00 everyday.');
END;
/

-- 设置基于 last archive time 清理审计记录定时任务
BEGIN
    DBMS_SCHEDULER.create_job (
        job_name              => 'PURGE_AUDIT_TRAIL_UNIFIED',
        job_type              => 'PLSQL_BLOCK',
        job_action            => 'BEGIN dbms_audit_mgmt.clean_audit_trail(audit_trail_type => dbms_audit_mgmt.audit_trail_unified,use_last_arch_timestamp => TRUE);END;',
        number_of_arguments   => 0,
        start_date            => SYSDATE,
        repeat_interval       => 'freq=DAILY;interval=1;byhour=5;byminute=05;bysecond=0',
        enabled               => TRUE,
        auto_drop             => FALSE,
        comments              => 'Purge Unified Audit Trail befor update last archive time @05:05 everyday.');
END;
/

-- 官档创建统一审计purge job (基于 last archive time,不更新last archive time的话,只执行一次,需要另外制定last archive time更新job)
BEGIN
  DBMS_AUDIT_MGMT.CREATE_PURGE_JOB (
   AUDIT_TRAIL_TYPE            => DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED,
   AUDIT_TRAIL_PURGE_INTERVAL  => 24,
   AUDIT_TRAIL_PURGE_NAME      => 'Audit_Trail_Purge_24h',
   USE_LAST_ARCH_TIMESTAMP     => TRUE,
   CONTAINER                   => DBMS_AUDIT_MGMT.CONTAINER_CURRENT);
END;
/

-- 修改统一审计job间隔
BEGIN DBMS_AUDIT_MGMT.SET_PURGE_JOB_INTERVAL (
        AUDIT_TRAIL_PURGE_NAME       => 'Audit_Trail_Purge_24h',
        AUDIT_TRAIL_INTERVAL_VALUE   => 24);
END;
/

-- 删除job
BEGIN
    DBMS_SCHEDULER.drop_job (
        job_name              => 'AUDSYS.Audit_Trail_Purge_24h');
END;
/

-- 停用传统审计(12C - 19C,停用后统一审计也不能使用,除非执行 make 操作,启用统一审计)
alter system set audit_trail=NONE scope=spfile sid='*';

-- 查询所有定时任务
col SCHEMA_USER for a18
col "id/name" for a25
col INTERVAL for a45
col WHAT for a75
col JOB_TYPE for a10
select * from (
-- JOBS
SELECT SCHEMA_USER, TO_CHAR(JOB) AS "id/name", INTERVAL, WHAT, 'JOBS' JOB_TYPE
  FROM DBA_JOBS
 WHERE BROKEN='N'
UNION ALL
-- SCHEDULER
SELECT OWNER, JOB_NAME, REPEAT_INTERVAL, JOB_ACTION, 'SCHEDULER'
  FROM DBA_SCHEDULER_JOBS
 WHERE ENABLED = 'TRUE')
 ORDER BY 1, 2;

-- 查看已有策略审计的内容
SELECT T.POLICY_NAME,
       T.ENABLED_OPTION,
       T.SUCCESS,
       T.FAILURE,
       p.AUDIT_OPTION,
       p.AUDIT_OPTION_TYPE,
       p.OBJECT_SCHEMA,
       p.OBJECT_NAME,
       p.COMMON
  FROM AUDIT_UNIFIED_ENABLED_POLICIES T
       LEFT JOIN audit_unified_policies p ON T.POLICY_NAME = p.POLICY_NAME
ORDER BY 5;

-- CREATE_PURGE_JOB Procedure Parameters(CREATE_PURGE_JOB 参数信息)
Parameter                   Description
audit_trail_type            The audit trail type for which the purge job needs to be created. Audit trail types are listed in Table 27-1 .
audit_trail_purge_interval  The interval, in hours, at which the clean up procedure is called. A lower value means that the cleanup is performed more often.
audit_trail_purge_name      A name to identify the purge job.
use_last_arch_timestamp     Specifies whether the last archived timestamp should be used for deciding on the records that should be deleted.
                              A value of TRUE indicates that only audit records created before the last archive timestamp should be deleted.
                              A value of FALSE indicates that all audit records should be deleted.
                              The default value is TRUE.
container                   Values: CONTAINER_CURRENT for the connected pluggable database (PDB) or CONTAINER_ALL for all pluggable databases (PDBs).
                              When CONTAINER is set to CONTAINER_ALL, it creates one job in the Root PDB and the invocation of this job will invoke cleanup in all the PDBs.


--混合模式切换为纯统一审计
sqlplus / as sysdba
SQL> SHUTDOWN IMMEDIATE
SQL> EXIT
lsnrctl stop
cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk uniaud_on ioracle ORACLE_HOME=$ORACLE_HOME
lsnrctl start
sqlplus / as sysdba
SQL> STARTUP
/* 调整后查询 (DB, EXTENDED 是之前人为设置的,默认是 DB,多数情况会选择关闭none)
col PARAMETER for a25
col VALUE for a35
SELECT PARAMETER,VALUE FROM V$OPTION WHERE PARAMETER = 'Unified Auditing'
union all
select name,value from v$parameter where name='audit_trail';SQL> SQL>   2    3

PARAMETER                 VALUE
------------------------- -----------------------------------
Unified Auditing          TRUE
audit_trail               DB, EXTENDED

Elapsed: 00:00:00.00

*/


-- 查看是否使用Unified Auditing
col PARAMETER for a25
col VALUE for a35
SELECT PARAMETER,VALUE FROM V$OPTION WHERE PARAMETER = 'Unified Auditing'
union all
select name,value from v$parameter where name='audit_trail';
PARAMETER                 VALUE
------------------------- -----------------------------------
Unified Auditing          FALSE
audit_trail               DB, EXTENDED
-- TRUE为纯统一审计,FALSE为使用混合模式审计

--查看统一审计记录
SELECT a.EVENT_TIMESTAMP,
       a.AUDIT_TYPE,
       a.SYSTEM_PRIVILEGE_USED,
       a.USERHOST,
       a.DBUSERNAME,
       a.OS_USERNAME,
       a.UNIFIED_AUDIT_POLICIES,
       a.ACTION_NAME,
       a.SQL_TEXT,
       a.AUTHENTICATION_TYPE,
       a.*
  FROM UNIFIED_AUDIT_TRAIL a
ORDER BY 1 DESC;

--删除统一审计记录,Purge the audit trail records by running the DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL PL/SQL procedure.
BEGIN
  DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL(
   AUDIT_TRAIL_TYPE           =>  DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED,
   USE_LAST_ARCH_TIMESTAMP    =>  TRUE,
   CONTAINER                  =>  DBMS_AUDIT_MGMT.CONTAINER_CURRENT);
END;
/

-- 相关视图说明
DBA_AUDIT_MGMT_CLEAN_EVENTS
Displays the history of purge events of the traditional (that is, non-unified) audit trails. Periodically, as a user who has been granted the AUDIT_ADMIN role, you should delete the contents of this view so that it does not grow too large. For example:
DELETE FROM DBA_AUDIT_MGMT_CLEAN_EVENTS;
This view applies to read-write databases only. For read-only databases, a history of purge events is in the alert log.
For unified auditing, you can find a history of purged events by querying the UNIFIED_AUDIT_TRAIL data dictionary view, using the following criteria: OBJECT_NAME is DBMS_AUDIT_MGMT, OBJECT_SCHEMA is SYS, and SQL_TEXT is set to LIKE %DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL%.

DBA_AUDIT_MGMT_CLEANUP_JOBS
Displays the currently configured audit trail purge jobs

DBA_AUDIT_MGMT_CONFIG_PARAMS
Displays the currently configured audit trail properties that are used by the DBMS_AUDIT_MGMT PL/SQL package

DBA_AUDIT_MGMT_LAST_ARCH_TS
Displays the last archive timestamps that have set for audit trail purges

-- 相关参数
col Description format a70
col Parameter format a35
col value for a15
select a.ksppinm "Parameter",a.KSPPDESC "Description",
       b.ksppstvl "Value"
from sys.x$ksppi a, sys.x$ksppcv b
where a.indx = b.indx and a.ksppinm like '%unified_audit%';
Parameter                           Description                                                            Value
----------------------------------- ---------------------------------------------------------------------- ---------------
_unified_audit_policy_disabled      Disable Default Unified Audit Policies on DB Create                    FALSE
unified_audit_sga_queue_size        Size of Unified audit SGA Queue                                        1048576
_unified_audit_flush_threshold      Unified Audit SGA Queue Flush Threshold                                85
_unified_audit_flush_interval       Unified Audit SGA Queue Flush Interval                                 3
unified_audit_systemlog             Syslog facility and level for Unified Audit
unified_audit_common_systemlog      Syslog facility and level for only common unified audit records


-- 1. 谁可以进行审计
Oracle 为执行审计的用户提供了两个角色:AUDIT_ADMIN和AUDIT_VIEWER。
AUDIT_ADMIN:创建统一和细粒度的审计策略、查看审计数据及管理审计跟踪管理(读写权限)
AUDIT_VIEWER:查看和分析审计数据(只读权限),需要此角色的用户通常是外部审计员。

-- 2. 查看启用的统一审计策略
col POLICY_NAME for a25
col ENTITY_NAME for a15
select T.* from AUDIT_UNIFIED_ENABLED_POLICIES T;
POLICY_NAME               ENABLED_OPTION  ENTITY_NAME     ENTITY_ SUC FAI
------------------------- --------------- --------------- ------- --- ---
ORA_SECURECONFIG          BY USER         ALL USERS       USER    YES YES
ORA_LOGON_FAILURES        BY USER         ALL USERS       USER    NO  YES
-- ORA_LOGON_FAILURES,用于仅审计登陆失败的操作
-- ORA_SECURECONFIG审计策略详细参考 http://docs.oracle.com/database/121/DBSEG/audit_config.htm#CHDIGFHG
-- ORA_LOGON_FAILURES审计策略详细参考 http://docs.oracle.com/database/121/DBSEG/audit_config.htm#DBSEG703

-- 3. 禁用查询到的统一审计策略
noaudit policy ORA_SECURECONFIG;
noaudit policy ORA_LOGON_FAILURES;
-- 删除:
DROP AUDIT POLICY policy_name;

-- 启用:
audit policy ORA_SECURECONFIG;
audit policy ORA_LOGON_FAILURES;
AUDIT POLICY role_connect_audit_pol BY SYS, SYSTEM;
AUDIT POLICY admin_audit_pol BY USERS WITH GRANTED ROLES DBA, CDB_DBA;
AUDIT POLICY role_connect_audit_pol EXCEPT rlee, jrandolph;
AUDIT POLICY role_connect_audit_pol WHENEVER NOT SUCCESSFUL;


-- 4. 创建统一审计策略 policy
CREATE AUDIT POLICY policy_name
    { {privilege_audit_clause [action_audit_clause ] [role_audit_clause ]}
        | { action_audit_clause  [role_audit_clause ] }
        | { role_audit_clause }
     }
    [WHEN audit_condition EVALUATE PER {STATEMENT|SESSION|INSTANCE}]
    [ONLY TOPLEVEL]
    [CONTAINER = {CURRENT | ALL}];

-- privilege_audit_clause describes privilege-related audit option
privilege_audit_clause  :=  PRIVILEGES  privilege1 [, privilege2]

-- action_audit_clause and standard_actions describe object action-related audit options.
action_audit_clause := {standard_actions | component_actions}
                                         [, component_actions ]
standard_actions :=
     ACTIONS action1 [ ON {schema.obj_name
                                          | DIRECTORY directory_name
                                          | MINING MODEL schema.obj_name
                                           }
                ]
           [, action2 [ ON {schema.obj_name
                                          | DIRECTORY directory_name
                                          | MINING MODEL schema.obj_name
                   }
                ]

-- component_actions enables you to create an audit policy for Oracle Label Security, Oracle Database Real Application Security, Oracle Database Vault, Oracle Data Pump, or Oracle SQL*Loader.
component_actions :=
     ACTIONS COMPONENT=[OLS|XS] action1 [,action2 ] |
     ACTIONS COMPONENT=DV DV_action ON DV_object_name |
     ACTIONS COMPONENT=DATAPUMP [ EXPORT | IMPORT | ALL ] |
     ACTIONS COMPONENT=DIRECT_LOAD [ LOAD | ALL ]

-- role_audit_clause enables you to audit roles.
role_audit_clause := ROLES role1 [, role2]

-- WHEN audit_condition EVALUATE PER enables you to specify a function to create a condition for the audit policy and the evaluation frequency. You must include the EVALUATE PER clause with the WHEN condition.
WHEN 'audit_condition := function operation value_list'
EVALUATE PER {STATEMENT|SESSION|INSTANCE}


CREATE AUDIT POLICY os_users_priv_pol
 PRIVILEGES SELECT ANY TABLE, CREATE LIBRARY
 WHEN 'SYS_CONTEXT (''USERENV'', ''OS_USER'') IN (''psmith'', ''jrawlins'')'
 EVALUATE PER SESSION;
AUDIT POLICY os_users_priv_pol;

-- 审计 datapump 操作
CREATE AUDIT POLICY policy_name ACTIONS COMPONENT=DATAPUMP { EXPORT | IMPORT | ALL };
CREATE AUDIT POLICY policy_name ACTIONS COMPONENT=DATAPUMP ALL;

-- 审计 SQL*Loader Direct Load
CREATE AUDIT POLICY audit_sqlldr_pol ACTIONS COMPONENT=DIRECT_LOAD LOAD;

-- Auditing Both Actions and Privileges on an Object
CREATE AUDIT POLICY actions_on_hr_emp_pol2
 PRIVILEGES CREATE LIBRARY
 ACTIONS EXECUTE, GRANT
 ON app_lib;
AUDIT POLICY actions_on_hr_emp_pol2 BY jrandolph, phawkins;

-- 审计DBA权限使用
CREATE AUDIT POLICY role_dba_audit_pol
 ROLES DBA
 CONTAINER = ALL;

AUDIT POLICY role_dba_audit_pol;


统一审计结果写入模式设定
通过DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_PROPERTY函数,对数据库默认的写入模式进行修改。需要注意的是,该设置仅对当前的CDB或PDB有效。

--设定立即写模式(Immediate-write mode)
BEGIN
 DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_PROPERTY(
    DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED,
    DBMS_AUDIT_MGMT.AUDIT_TRAIL_WRITE_MODE,
    DBMS_AUDIT_MGMT.AUDIT_TRAIL_IMMEDIATE_WRITE);
END;
/

--确认写入模式
SELECT PARAMETER_VALUE
FROM DBA_AUDIT_MGMT_CONFIG_PARAMS
WHERE PARAMETER_NAME = 'AUDIT WRITE MODE';

PARAMETER_VALUE
-------------------------------------------------
IMMEDIATE WRITE MODE

--设定队列写入模式(Queued-write mode)-- 19C默认
BEGIN
 DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_PROPERTY(
    DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED,
    DBMS_AUDIT_MGMT.AUDIT_TRAIL_WRITE_MODE,
    DBMS_AUDIT_MGMT.AUDIT_TRAIL_QUEUED_WRITE);
END;
/

PL/SQL procedure successfully completed.

--确认写入模式
SELECT PARAMETER_VALUE
FROM DBA_AUDIT_MGMT_CONFIG_PARAMS
WHERE PARAMETER_NAME = 'AUDIT WRITE MODE';

PARAMETER_VALUE
-------------------------------------------------
QUEUED WRITE MODE

-- 手动清理统一审计记录
BEGIN
DBMS_AUDIT_MGMT.CLEAN_AUDIT_TRAIL(
audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_UNIFIED, -- AUDIT_TRAIL_ALL
container => DBMS_AUDIT_MGMT.CONTAINER_CURRENT, -- CONTAINER_ALL
use_last_arch_timestamp => FALSE);
END;

禁用统一审计 Disabling Unified Auditing
-- Query the POLICY_NAME and ENABLED_OPT columns of the AUDIT_UNIFIED_ENABLED_POLICIES data dictionary view to find unified audit policies that are enabled.
select T.* from AUDIT_UNIFIED_ENABLED_POLICIES T;
-- Run the NOAUDIT POLICY statement to disable each enabled policy.
-- For example, to disable a policy that had been applied to user psmith:
NOAUDIT POLICY audit_pol BY psmith;
-- Shut down the database.
SHUTDOWN IMMEDIATE
-- In a multitenant environment, this command shuts down all PDBs in the CDB.
-- UNIX systems: Run the following commands:
cd $ORACLE_HOME/rdbms/lib
make -f ins_rdbms.mk uniaud_off ioracle
-- Windows systems: Rename the %ORACLE_HOME%/bin/orauniaud12.dll file to %ORACLE_HOME%/bin/orauniaud19.dll.dbl.
-- In a multitenant environment, these actions disable unified auditing in all PDBs in the CDB.
-- restart the database.
STARTUP
-- In a multitenant environment, this command restarts all PDBs in the CDB.
干仗路上的DBA
关注
  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Oracle审计篇——统一审计
Hehuyi_In的博客
09-15 5939
一、 统一审计作用 统一审计跟踪从各种来源捕获审计信息。通过统一审计,您可以从以下来源捕获审计记录: 来自统一审计策略和AUDIT设置中的审计记录(包括sys的审计记录) 来自DBMS_FGA的细粒度审计记录 Oracle Database Real Application Security审计记录 Oracle Recovery Manager审计记录 Oracle Database...
oracle审计详解,Oracle 审计详解(一)
weixin_39866974的博客
04-05 469
一、审计分类:Oracle审计总体上可分为“标准审计”和“细粒度审计”后者也称为“基于政策的审计”,在Oracle10G之后功能得到很大增强。其中标准审计可分为用户级审计和系统级审计。用户级审计是任何Oracle用户可设置的审计,主要是用户针对自己创建的数据库表或视图进行审计,记录所有用户对这些表或视图的一切成功和(或)不成功的访问要求以及各种类型的SQL操作。系统级审计只能由DBA设置,用以监...
ORACLE AUDIT 审计
2301_76957510的博客
03-21 2118
审计(Audit)用于监视用户所执行的数据库操作,并且Oracle会将审计跟踪结果存放到OS文件(默认位置为$ORACLE_BASE/admin/$ORACLE_SID/adump/)或数据库(存储在system表空间中的SYS.AUD$表中,可通过视图dba_audit_trail查看)中。在Oracle11g之前,oracle数据库自带的审计功能是关闭的,考虑到性能和审计管理的复杂性,用户一般不打开审计功能.如果有审计要求,DBA会采用trigger来实现对DDL审计的方法来折中.例如 ...
19c的审计增强
q195136130的专栏
04-19 927
19c上unified audit又进一步功能增强
Oracle数据库审计
干货满满~
08-11 1154
审计是用来监控和记录用户的数据库操作的。
Oracle审计和日志的记录
互联网知识分享
09-11 2760
数据库提供了审计和日志记录功能,用于跟踪和记录数据库中发生的活动和事件。日志记录是指将数据库的活动和事件记录到日志文件中,以便后续的分析和故障排查。数据库用于恢复和故障恢复的关键组件,它记录了数据库中发生的所有事务操作。数据库提供了多种日志记录功能,包括错误日志、跟踪日志、重做日志和监听器日志等。监听器的活动信息,包括监听器的启动、连接请求的处理等。除了全局的审计配置外,还可以为特定的数据库对象启用审计,例如表、视图、存储过程等。视图:该视图包含了所有的审计日志记录,通过查询该视图可以获取审计的详细信息。
ORACLE初始化参数:AUDIT_TRAIL
cqq1799的博客
02-25 625
ORACLE初始化参数:AUDIT_TRAIL AUDIT_TRAIL:初始化参数AUDIT_TRAIL用于控制数据库审计,默认值为none。 参数类型:String 默认值:non...
Oracle审计仓库和数据库防火墙
最新发布
04-07
Oracle审计仓库和数据库防火墙
Oracle审计功能介绍.docx
11-28
Oracle审计功能是一种强大的工具,用于跟踪和记录数据库中的各种操作活动,以确保数据库的安全和完整性。本文将对Oracle审计功能进行详细的介绍,包括审计分类、标准审计、细粒度审计审计类型、审计记录、审计表和...
ORACLE12C 开启统一审计
11-20
unified auditing ,oracle 12c 以后开启归档的方法。包括了开启,关闭,rman,DML审计
AudTool审计工具.exe
05-21
审计专版(AudTool),是一款基于Excel的工具箱软件,主要提供审计行业常用的功能。常用功能包括:粘贴未锁定、提取文件、提取工作表、提取单元格、生成附注、单元格透视、添加Round等近百个功能
oracle数据库审计
08-19
审计(Audit)用于监视用户所执行的数据库操作,并且Oracle会将审计跟踪结果存放到OS文件(默认位置为$ORACLE_BASE/admin/$ORACLE_SID/adump/)或数据库(存储在system表空间中的 SYS.AUD$表中,可通过视图dba_audit_trail查看)中。默认情况下审计是没有开启的。
Oracle安全审计技术设计
07-04
Oracle数据库自身没有针对安全审计数据的分析工具,为了改进与完善Oracle当前安全审计机制,采用了数据挖掘技术,将数据挖掘技术应用至Oracle数据库安全审计中来,对数据库的记录特点进行分析,通过审计记录的分析,提出了...
Oracle 细粒度审计(FGA)初步认识
09-10
1. **审计策略配置**:使用AUDIT POLICY命令创建和管理审计策略,定义需要审计的对象、操作和条件。 2. **存储和管理审计数据**:审计产生的大量信息需要妥善处理,可以设置审计记录的保存期限和存储位置(如表空间...
oracle开启审计日志
一天不看代码浑身难受
05-23 2521
当已形成很对日志时,可删除里面的记录,目前是直接删除,未对数据库造成影响。一般建议部署完oracle后如不用审计功能,即关闭以节省空间。说明:VALUE值为FALSE,表面审计功能为关闭的状态。OS 将审计记录写入操作系统的一个文件。根据查询结果可知,已经开启数据库审计功能。DB (默认)开启审计功能。FALSE 关闭审计功能。TRUE 开启审计功能。NONE 关闭审计功能。最后重启服务即可开启。参数取值 说明。
Oracle 11g 审计功能的使用 —— 筑梦之路
筑梦之路
05-25 1801
--启用sys审计 alter system set audit_sys_operations='TRUE' --启用db审计 alter system set audit_trail='DB_EXTENDED' scope=spfile ; --迁移aud$表到用户自定义表空间 BEGIN DBMS_AUDIT_MGMT.set_audit_trail_location( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, .
Oracle审计表AUD$处理方法
热门推荐
' 忍一时风平浪静 退一步海阔天空 '
07-08 1万+
Oracle审计表AUD$处理方法 Oracle版本:11.2.0,其他版本要测试DBMS_AUDIT_MGMT能否成功 1. 查询表,然后truncate      select count(*) from aud$;      truncate table aud$;      select count(*) from aud$; 2.创建表空间 create tablesp
oracle数据库审计(audit)
hanruiding的博客
07-19 6311
oracle数据库审计(audit)audit是否开启audit参数1、audit_file_dest2、audit_sys_operations3、audit_syslog_level4、audit_trail审计级别1、Statement2、Privilege3、Object4、其他选项审计相关视图dba_audit_traildba_stmt_audit_optsall_def_audit_...
oracle审计
DBDoctor的博客
06-22 8332
oracle audit
oracle 审计
07-27
Oracle审计是指对Oracle数据库进行监控和记录,以确保数据库的安全性和合规性。审计可以跟踪和记录数据库中发生的各种操作,如登录、查询、修改、删除等,以及对数据库对象的访问和权限控制。通过审计,可以追踪数据库的使用情况,发现潜在的安全风险和数据泄露,并且满足合规要求。 Oracle提供了一系列的工具和功能来实现审计,包括Oracle Audit Vault and Database Firewall、Oracle Database Vault、Oracle Database Security检查器等。这些工具可以帮助管理员设置审计策略、配置审计参数、收集审计日志,并提供报告和警报功能。 管理员可以根据需求和安全要求,选择不同的审计级别和对象进行审计,如用户级别、操作级别、对象级别等。审计日志可以保存在数据库中或者外部存储中,管理员可以通过查询日志或使用审计工具进行分析和监控。 总之,Oracle审计是保证数据库安全和合规性的重要手段,通过对数据库操作的监控和记录,可以及时发现和应对安全威胁,确保数据的机密性、完整性和可用性。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值