oracle audit system,oracle 审计 audit 学习笔记

最新推荐文章于 2021-04-06 22:03:27 发布
最新推荐文章于 2021-04-06 22:03:27 发布
阅读量267 收藏
点赞数
文章标签: oracle audit system

配置audit

AUDIT_TRAIL参数选项:

--> DB/TRUE enables systemwide auditing where audited records are written to the

database audit trail(the SYS.AUD$ table). The only audit data that will not

be written to the table is the audit data pertaining to the activities of SYSDBA.

--> OS enables systemwide auditing where audit data is written to text files

into the directory specified by the AUDIT_FILE_DEST parameter. This is true for both

privileged and ordinary database users.

--> DB,EXTENDED(DB_EXTENDED) enables systemwide auditing as DB/TRUE does. In addition, it

populates the SQLTEXT and SQLBIND CLOB columns of the SYS.AUD$ table.

--> XML enables systemwide auditing. The audit data will be written to XML files into the

directory specified by the AUDIT_FILE_DEST parameter.

--> XML,EXTENDED(XML_EXTENDED) enables systemwide auditing. It behaves  It also populates

the SQLBIND and SQLTEXT columns.

配置审计需要重启实例

SQL> alter system set AUDIT_TRAIL = DB scope=spfile;

SQL> shutdown immediate

SQL> startup

如果审计表aud$不存在,需要手工创建

SQL> conn / as sysdba

SQL> @?/rdbms/admin/cataudit.sql

----------------------------------------------------------

手工移动审计表所在表空间

alter table AUD$ move tablespace AUD;

alter table aud$ move lob (sqlbind) store as (tablespace );

alter table aud$ move lob (sqltext) store as (tablespace );

-----------------------------------------------------------

移动审计表所在表空间(对于10.2.0.5以上版本)

To move the table to a locally managed tablespace with ASSM and then shrink it do the following:

1)

conn / as sysdba

BEGIN

DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_LOCATION(audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_DB_STD,

audit_trail_location_value => 'USERS');

END;

/

2)

alter table sys.aud$ enable row movement;

alter table sys.aud$ shrink space cascade;

3)If needed the table can be moved back to the SYSTEM tablespace:

BEGIN

DBMS_AUDIT_MGMT.SET_AUDIT_TRAIL_LOCATION(audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_DB_STD,

audit_trail_location_value => 'SYSTEM');

END;

/

---------------------------------------------------------

将审计表移出system表空间的脚本

Script to move SYS.AUD$ table out of SYSTEM tablespace [ID 1019377.6]

---Restart the database with audit_trail=NONE before running the script ---

create tablespace "AUDIT"

datafile '$HOME/data/aud01.dbf' size 500k

default storage (initial 100k next 100k pctincrease 0)

/

create table audx tablespace "AUDIT"

storage (initial 50k next 50k pctincrease 0)

as select * from aud$ where 1 = 2

/

rename AUD$ to AUD$$

/

rename audx to aud$

/

create index i_aud2

on aud$(sessionid, ses$tid)

tablespace "AUDIT" storage(initial 50k next 50k pctincrease 0)

/

------------------------------------------------------------

如何检测潜在的登录攻击

数据库启动审计

开启审计

SQL>AUDIT CREATE SESSION BY ACCESS WHENEVER NOT SUCCESSFUL;

SQL>AUDIT CONNECT BY ACCESS WHENEVER NOT SUCCESSFUL;

过一段时间,检查审计结果

select returncode, action#, userid, userhost, terminal from aud$ where returncode='1017' and action=100;

RETURNCODE ACTION#    USERID   USERHOST             TERMINAL

---------- ---------- -------- -------------------- --------------------

1017       100        SCOTT    WPRATA-BR

1017       100        SCOTT    WPRATA-BR

1017       100        SCOTT    WPRATA-BR

-------------------------------------------------------------

审计速查

Quick Reference to Auditing Information

Database Audit mode

~~~~~~~~~~~~~~~~~~~

show parameter audit

AUDIT_TRAIL   --> DB, DB_EXTENDED, OS, XML, XML_EXTENDED, FALSE or NONE

AUDIT_FILE_DEST --> Audit File location

AUDIT_SYS_OPERATIONS --> Controls whether the activities of SYSDBA are audited or not.

AUDIT_SYSLOG_LEVEL    --> specifies a SYSLOG facility that will receive the audit information

What Statements are being audited ?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To set audit:

AUDIT [option] [BY user|SESSION|ACCESS] [WHENEVER {NOT} SUCCESSFUL]

select * from dba_stmt_audit_opts where USER_NAME='...';

Columns are:

AUDIT_OPTION from STMT_AUDIT_OPTION_MAP

SUCCESS 'BY SESSION', 'BY ACCESS' or 'NOT SET'

FAILURE ""

What Privileges are being audited ?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To set audit:

AUDIT [option] [BY user|SESSION|ACCESS] [WHENEVER {NOT} SUCCESSFUL]

select * from dba_priv_audit_opts where USER_NAME='...';

Columns are:

PRIVILEGEfrom SYSTEM_PRIVILEGE_MAP

SUCCESS 'BY SESSION', 'BY ACCESS' or 'NOT SET'

FAILURE ""

What Objects are being audited ?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To set Auditing:

AUDIT [object_option] ON [schema].object|DEFAULT [BY SESSION|ACCESS]

[WHENEVER {NOT} SUCCESSFUL]

select * from dba_obj_audit_opts where owner='..' and OBJECT_NAME='...';

select * from all_def_audit_opts;

Columns are:

ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE FBK REA

X/Y - is no option set

X is when successful

Y is when Unsuccessful

S set by session

A set by access

Audit results

~~~~~~~~~~~~~

Raw results can go to various places depending on the value of parameter AUDIT_TRAIL:

- when audit_trail is DB or DB_EXTENDED the audit data will go to AUD$ (DBA_AUDIT_TRAIL is a view on top of this table ).

Main where columns are: USERNAME, TIMESTAMP, OWNER

- when audit_trail is OS or XML or XML_EXTENDED the audit data will be written to files located in the AUDIT_FILE_DEST directory

- when AUDIT_SYSLOG_LEVEL is defined and audit_trail is set to OS the audit data will be sent to SYSLOG

For underlying results see:

Select STATEMENT, TIMESTAMP, ACTION, USERID from AUD$;

Auditing administrative connections

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The administrative user connections (CONNECT / AS SYSDBA or CONNECT / AS SYSOPER) are always logged regardless of audit setting.

On UNIX platforms these are logged to *.aud files in $ORACLE_HOME/rdbms/audit when the instance is stopped and to AUDIT_FILE_DEST

when the instance is started regardless of any init.ora parameter settings. See Note 103964.1 for more details.

---------------------------------------------------

例子

audit CREATE TABLE by scott;

audit CREATE TABLE, CREATE VIEW, ALTER USER;

audit INDEX;  --包括CREATE INDEX, DROP INDEX, ALTER INDEX and ANALYZE INDEX

audit INDEX by scott;

audit ALL whenever SUCCESSFUL;

AUDIT DELETE ANY TABLE BY ACCESS WHENEVER NOT SUCCESSFUL;

audit select any table;

audit select any table, delete any table by scott, system;

audit select on SCOTT.EMP whenever successful;

audit delete on SCOTT.EMP by access;

audit ALL on SCOTT.EMP;

audit select on DEFAULT;

AUDIT NETWORK;

AUDIT ROLE WHENEVER NOT SUCCESSFUL;

AUDIT CREATE ANY DIRECTORY;

阅读(8809) | 评论(0) | 转发(1) |

笑活子
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
oracle 审计设置,oracle数据库审计设置
weixin_42510262的博客
04-10 901
--开启oracle审计su - oraclesqlplus / as sysdbaSQL> show parameter audit--看到有下面的内容表示审计没有开启audit_sys_operations 4 Type boolean FALSEaudit_trail 4 NONE--ORACLE实例采用spfile启动下,开启的SQL命令如下:SQ...
oracle 审计设置,oracle审计简单设置
weixin_34885009的博客
04-10 1165
数据库审计参数:audit_trailSQL> show parameter auditNAME TYPE VALUE------------------------------------ ----------- ------------------------------audit_file_dest...
oracle audit_trail,关于Oracle审计(audit)
weixin_36268722的博客
04-05 3293
Oracle审计可以查询到某个用户对DB做了哪些操作,10g后,可以查询到具体的sql语句,很有用。审计功能开户的整个过程:Oracle审计可以查询到某个用户对DB做了哪些操作,10g后,可以查询到具体的sql语句,很有用。审计功能开户的整个过程:1.show parameter audit,可以查询到audit_trail的值,取值包括{none | os | db | db,extended ...
清除sys.aud$
Mr_mxh的博客
08-12 4159
1.手工清理: a.清理审计数据前可先备份一份数据出来: exp "'/ as sysdba'" tables=SYS.AUD$ file=/path/audit_bak_20160403.dmp  log=/path/audit_bak_20160403_exp.log direct=y b.查看当前审计数据大小:select segment_name, bytes/1024/1024/1
oracle创建会话特权,oracle – “按会话审核创建会话”与“按访问审核创建会话”?...
weixin_39884872的博客
04-04 89
当我通过以下方式为创建会话启用审核时:audit create session by session;然后我查询以下内容:select * from dba_priv_audit_opts;结果是:USERNAME | PROXY_NAME | AUDIT_OPTION | SUCCESS | FAILURE |.........................................
oracle审计程序,oracle审计
weixin_36383576的博客
04-04 459
1、启动数据库审计show parameter audit_trail;select value from v$parameter where name='audit_trail';参数取值为true或者db,将审计结果存入基表,os利用操作系统审计功能,none或者false不审计,没有默认值要支持审计必须先创建审计视图,查询语句如下:select view_name from user_vie...
oracle开启audit(审计)
09-28
oracle开启audit(审计)的详细过程.
Oracle Audit 审计
07-01
1、什么是审计 2、和审计相关的两个主要参数 3、审计级别 4、审计的一些其他选项 5、和审计相关的视图 6、取消审计 7、10g中的审计告知一切 8、实例讲解
ORACLE_审计内容_DBA_AUDIT_TRAIL.xlsx
11-11
Oracle审计内容DBA_AUDIT_TRAIL数据字典说明,根据开启的Oracle审计功能,读取dba_audit_trail视图的审计内容包含用户名、操作时间、操作类型、SQL文本、数据库操作次数等等,此文档是对dba_audit_trail视图的中文简介,...
官方资料:用Oracle Audit Vault发现威胁.pdf
06-19
官方资料:用Oracle Audit Vault发现威胁 用户安全( Oracle Identity Management、Enterprise User Security) 访问控制(Oracle Database Vault、Oracle Label Security) 数据保护(Oracle Advanced Security、...
Oracle审计功能介绍.docx
11-28
设置Oracle标准审计需要修改初始化参数文件(init<sid>.ora),设置AUDIT_TRAIL参数,并且重启数据库。 AUDIT_TRAIL参数的取值如下: * DB/TRUE:启动审计功能,并且把审计结果存放在数据库的SYS.AUD$表中。 * OS...
audit时的by session和by access选项的区别!
clt3617的博客
01-26 639
不知道该起一个怎样的标题,总之写这个文章的目的是源于一个从我这儿报名考ocp的哥们的问题,他做了一个针对042题库上第12题的测试然后向我求证答案是否正确,很显然答案A是不正确的,原因就像下面doc说的在语句审计和权限审计审计D...
audit_trail与extended!
clt3617的博客
06-23 647
在修改参数audit_trail=xml,extended时千万不要加单引号...[@more@]受到v$parameter_valid_values显示结果的误导,我以为EXTENDED是一个单独的参数内容,所以直接修改aud...
AUDIT_TRAIL 详解
lyp13696402570的博客
10-24 7840
AUDIT_TRAIL Property Description Parameter type String Syntax AUDIT_TRAIL = { none | os | db [, extended] | xml [, extended] } Default value none Modifiable No Basic No ...
oracle学习笔记(14)——安全管理
成长的足迹
10-28 6283
数据库的安全性主要包括两个方面的含义:一方面是防止非法用户对数据库的访问,未授权的用户不能登录数据库;另一方面是每个数据库用户都有不同的操作权限,只能进行自己权限范围内的操作。Oracle数据库的安全可以分为两类:        1)系统安全性              系统安全性是指在系统级控制数据库的存取和使用的机制,包括有效的用户名与口令的组合、用户是否被授权可连接数据库、用户创建数据库
oracle审计脚本,关于ORACLE 审计的一些视图和脚本
weixin_42525601的博客
04-06 204
关于ORACLE 审计的一些视图和脚本审计视图STMT_AUDIT_OPTION_MAP -- 审计选项类型代码AUDIT_ACTIONS -- action代码ALL_DEF_AUDIT_OPTS -- 对象创建时默认的对象审计选项DBA_STMT_AUDIT_OPTS -- 当前数据库系统审计选项DBA_PRIV_AUDIT_OPTS -- 权限审计选项DBA_O...
手动清理Oracle审计记录
热门推荐
乐沙弥的世界
10-21 1万+
Oracle 数据库审计功能非常强大,通常包括标准审计(包括用户级审计和系统级审计)和细粒度审计。尽管如此,一不小心就容易造成性能问题。同时会把系统表空间给撑爆。下面的内容描述的是如何将审计从系统表空间剥离以及清理Oracle审计记录,供大家参考。
oracle审计功能有什么用,Oracle审计功能
weixin_30358181的博客
04-03 1082
本文参考文章:5概述:5审计功能分类:5一、审计相关实例参数6?audit_sys_operations6一..1 linux/unix6一..2 windows7二、标准审计10(一)权限审计(About Privilege Auditing)101.默认审计1011G :如下特权调用时默认会进行审计。102.如何禁用默认审计项目和启用默认审计项目?11启用默认权限审计:11删除默认特权审计...
oracle audit trail
最新发布
10-19
Oracle Audit Trail是Oracle数据库的一项安全功能,它可以记录数据库中的所有操作,包括登录、DDL语句、DML语句等,以便管理员对数据库进行监控和审计。通过审计功能,管理员可以了解数据库的使用情况,发现潜在的...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值