Oracle FGA审计的使用

0、参考资料

Oracle® Database Security Guide 11g Release 2 (11.2) E16543-059 Verifying Security Access with Auditin

Oracle Audit Vault Administrator’s Guid (about Oracle Audit Vault, which provides advanced auditing features)

Oracle Database Auditing (Doc ID 1681398.2)

1、FGA审计

1.1、简单使用步骤:

精细审计(Fine-Grained Audit)

使用FGA策略实现精细审计的时候,不需要激活数据库审计,并且oracle会自动将审计结果放到数据字典表FGA_LOG$中。

–创建审计策略

exec dbms_fga.add_policy(object_schema=>'som', object_name=>'n_agent', policy_name=>'check_n_agent',audit_condition=>'agent_id=270',audit_column=>'balance',statement_types => 'UPDATE');

–执行dml语句

update n_agent set balance=99 where agent_id=270;

–查询审计结果

select * from dba_fga_audit_trail;

–停用审计策略

exec dbms_fga.disable_policy(object_schema=>'som',object_name=>'n_agent',policy_name=>'check_n_agent');

–启用审计策略

exec dbms_fga.enable_policy(object_schema=>'som',object_name=>'n_agent',policy_name=>'check_n_agent');

–删除审计策略

exec dbms_fga.drop_policy(object_schema=>'som',object_name=>'n_agent',policy_name=>'check_n_agent');

–删除精细审计结果

delete from sys.fga_log$

参数说明:

object_schema: 指定方案名
object_name: 指定数据库对象名
audit_condition:指定审计条件
audit_column:指定审计列
statement_types:指定需要审计的sql语句

1.2、使用FGA制作蜜罐

  • 使用存储过程创建蜜罐表以及审计策略

存储过程,实施每个open的用户下创建表,创建审计

declare               
  cursor cur_usr is 
 select username from dba_users where account_status='OPEN' and username not in (select username from V_$PWFILE_USERS)
 and username not in (select distinct owner from dba_tables where table_name ='T_VIP_USER_INFO');
   v_user varchar2(200);
begin
  open cur_usr;
  loop
    fetch cur_usr into v_user;
    exit when cur_usr%notfound;
	--execute immediate 'drop table '||v_user||'.T_VIP_USER_INFO purge';
    execute immediate 'create table '||v_user||'.T_VIP_USER_INFO(id int,customer_name varchar(100),pass varchar(100))';
	execute immediate 'insert into '||v_user||q'[.T_VIP_USER_INFO values (13028194391,'zhaojianguo','zhao_13028194391')]';
    execute immediate 'insert into '||v_user||q'[.T_VIP_USER_INFO values (18636100393,'chenming','chenming123')]';
    execute immediate 'insert into '||v_user||q'[.T_VIP_USER_INFO values (18828194341,'wangshuo','ws18828194391')]';
    execute immediate 'insert into '||v_user||q'[.T_VIP_USER_INFO values (18973189395,'liuhai','hai2010520')]';
    execute immediate 'insert into '||v_user||q'[.T_VIP_USER_INFO values (15528194397,'liupengfei','12345678')]';
    execute immediate 'insert into '||v_user||q'[.T_VIP_USER_INFO values (15010152391,'chenmomo','chen666momo')]';
	commit;
    --dbms_fga.drop_policy(object_schema=>v_user,object_name=>'T_VIP_USER_INFO',policy_name=>'P_FGA_'||v_user);
	dbms_fga.add_policy(object_schema=>v_user,object_name=>'T_VIP_USER_INFO',policy_name=>'P_FGA_'||v_user,statement_types=>'SELECT,INSERT,UPDATE,DELETE');
    end loop;
   close cur_usr;
end;
/
  • 删除审计策略
declare               
  cursor cur_usr is 
select OBJECT_SCHEMA from DBA_AUDIT_POLICIES where OBJECT_NAME='T_VIP_USER_INFO';
   v_user varchar2(200);
begin
  open cur_usr;
  loop
    fetch cur_usr into v_user;
    exit when cur_usr%notfound;
    dbms_fga.drop_policy(object_schema=>v_user,object_name=>'T_VIP_USER_INFO',policy_name=>'P_FGA_'||v_user);
    end loop;
   close cur_usr;
end;
/
  • 检查审计策略和审计日志
--检查审计日志
col TIMESTAMP for a30
col DB_USER for a12
col OBJECT_NAME for a20
col SQL_TEXT for a50
col POLICY_NAME for a20
select to_char(TIMESTAMP,'yyyy-mm-dd hh24:mi:ss') TIMESTAMP,POLICY_NAME,DB_USER,OBJECT_NAME,SQL_TEXT from dba_fga_audit_trail;

--检查审计策略
set linesize 200
col OBJECT_SCHEMA for a16
col OBJECT_NAME for a20
col POLICY_NAME for a14
col POLICY_TEXT for a50
col POLICY_COLUMN for a10
col ENABLED for a8
select OBJECT_SCHEMA, OBJECT_NAME, POLICY_NAME, POLICY_TEXT,
POLICY_COLUMN, ENABLED, SEL, INS, UPD, DEL
from DBA_AUDIT_POLICIES ;
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值