审计: 跟踪数据库中的可以操作
超级用户的审计
超级用户有三种操作一定会被审计:
- 超级用户的连接
- 数据库的启动
- 数据库的停止
打开超级用户的额外审计:
alter system set audit_sys_operation=true scope=spfile;
超级用户审计的跟踪文件记录在哪里?
show parameter audit_file_dest
SQL> show parameter audit_file_dest
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /u01/app/oracle/admin/cdb1/adu
mp
SQL>
普通用户的审计:
普通用户审计的线索记录在哪里?
audit_trail=DB --> 使用数据字典aud$记录审计的线索
audit_trail=OS --> 使用audit_file_dest指向的目录保存审计文件
打开语句审计:
- audit delete table; -->会话级成功,失败都审计
- audit delete table whenever sucessful; --> 会话级成功
- audit delete table whenever not sucessful; --> 会话级失败
- audit delete table by access; --> 访问级成功、失败都审计
- audit delete table by access whenever successful; --> 访问级成功
- audit delete table by access whenever not successful;--> 访问级失败
audit delete table by scott;
audit delete table by scott whenever successful;
audit delete table by scott whenever not successful;
audit delete table by scott by access;
audit delete table by scott by access whenever successful;
audit delete table by scott by access whenever not sucessful;
查看哪些语句已经被打开了审计:
SQL>
SQL> select audit_option,success,failure from dba_stmt_audit_opts where user_name='SCOTT';
no rows selected
SQL>
查看审计线索
SQL> delete aud$;
1 row deleted.
SQL> commit;
Commit complete.
SQL> select * from aud$;
no rows selected
查看操作代码对应的操作名称:
select name from audit_actions where action=1;
关闭语句审计:
noaudit delete table by scott;
exec print_table('select * from aud$ where userid="SCOTT"');
特权审计: 刚刚打开的审计对已持续的连接无效!!
audit create any table by scott;
查看特权审计:
select PRIVILEGE,SUCCESS,FAILURE from dba_priv_audit_opts where user_name='SCOTT';
对象审计:在具体某一个对象上面打开的审计选项
audit delete on scott.emp;
audit insert on scott.emp by access whenever not successful;
SQL>
SQL> select audit_option,success,failure from dba_stmt_audit_opts;
no rows selected
SQL>