当前位置:数据库 > Oracle >>

Oracle 10g审计(audit)实验

Oracle 10g审计(audit)实验
 
1、AUDIT 的功能
AUDIT 用于监控用户在 DATABASE 的 ACTION
  www.zzzyk.com  
2、AUDIT 的分类
SESSION:在同一个 SESSION,相同语句只产生一个 AUDIT 结果(默认)
ACCESS:在同一个SESSION,每个语句产生一个 AUDIT 结果
 
3、启用 AUDIT (默认不启用)  www.zzzyk.com  
SQL> SHOW PARAMETER AUDIT_TRAIL
 
NAME                                 TYPE                              VALUE
------------------------------------ --------------------------------- ------------------------------
AUDIT_TRAIL                          STRING                            NONE
 
SQL> ALTER SYSTEM SET AUDIT_TRAIL=DB SCOPE=SPFILE;
 
SYSTEM ALTERED.
 
SQL> SHUTDOWN IMMEDIATE;
DATABASE CLOSED.
DATABASE DISMOUNTED.
ORACLE INSTANCE SHUT DOWN.
 
SQL> STARTUP
ORACLE INSTANCE STARTED.
 
TOTAL SYSTEM GLOBAL AREA  171966464 BYTES
FIXED SIZE                  1279144 BYTES
VARIABLE SIZE              96471896 BYTES
DATABASE BUFFERS           71303168 BYTES
REDO BUFFERS                2912256 BYTES
DATABASE MOUNTED.
DATABASE OPENED.
SQL> SHOW PARAMETER AUDIT_TRAIL
 
NAME                                 TYPE                              VALUE
------------------------------------ --------------------------------- ------------------------------
AUDIT_TRAIL                          STRING                            DB
 
AUDIT_TRAIL 参数的取值及含义
AUDIT_TRAIL ENABLES OR DISABLES DATABASE AUDITING.
 
VALUES:
NONE
DISABLES DATABASE AUDITING.
 
OS
ENABLES DATABASE AUDITING AND DIRECTS ALL AUDIT RECORDS TO THE OPERATING SYSTEM'S AUDIT TRAIL.
 
DB
ENABLES DATABASE AUDITING AND DIRECTS ALL AUDIT RECORDS TO THE DATABASE AUDIT TRAIL (THE SYS.AUD$ TABLE).
 
DB,EXTENDED 
ENABLES DATABASE AUDITING AND DIRECTS ALL AUDIT RECORDS TO THE DATABASE AUDIT TRAIL (THE SYS.AUD$ TABLE). IN ADDITION, POPULATES THE SQLBIND AND SQLTEXT CLOB COLUMNS OF THE SYS.AUD$ TABLE.
 
XML 
ENABLES DATABASE AUDITING AND WRITES ALL AUDIT RECORDS TO XML FORMAT OS FILES.
 
XML,EXTENDED 
ENABLES DATABASE AUDITING AND PRINTS ALL COLUMNS OF THE AUDIT TRAIL, INCLUDING SQLTEXT AND SQLBIND VALUES.
 
YOU CAN USE THE SQL STATEMENT AUDIT TO SET AUDITING OPTIONS REGARDLESS OF THE SETTING OF THIS PARAMETER.
 
4、审计的对象:(默认情况:SESSION,对成功和不成功的同时审计)
语句审计
SQL> AUDIT TABLE;
AUDIT SUCCEEDED.
 
SQL> AUDIT TABLE BY SCOTT;
AUDIT SUCCEEDED.
 
SQL> AUDIT TABLE BY SCOTT WHENEVER SUCCESSFUL;
AUDIT SUCCEEDED.
 
----------查看审计设置
SQL> SELECT USER_NAME,AUDIT_OPTION FROM DBA_STMT_AUDIT_OPTS;
 
USER_NAME            AUDIT_OPTION
-------------------- --------------------
                     TABLE
SCOTT                TABLE
 
SQL> CONN SCOTT/TIGER
CONNECTED.
 
SQL> DROP TABLE RECOVER_TEST;
TABLE DROPPED.
 
SQL> CREATE TABLE DEPT1 AS SELECT * FROM DEPT;
TABLE CREATED.
 
SQL> CREATE TABLE EMP1 AS SELECT * FROM EMP;
TABLE CREATED.
 
SQL> ALTER TABLE DEPT1 ADD CONSTRAINT DEPTNO_PK PRIMARY KEY(DEPTNO);
TABLE ALTERED.
 
SQL> ALTER TABLE EMP1 ADD CONSTRAINT EMPNO_PK PRIMARY KEY (EMPNO);
TABLE ALTERED.
 
SQL> ALTER TABLE EMP1 ADD CONSTRAINT DEPTNO_FK FOREIGN KEY (DEPTNO) REFERENCES DEPT1(DEPTNO);
TABLE ALTERED.
 
SQL> DROP TABLE DEPT1;
DROP TABLE DEPT1
           *
ERROR AT LINE 1:
ORA-02449: UNIQUE/PRIMARY KEYS IN TABLE REFERENCED BY FOREIGN KEYS
 
SQL> DROP TABLE DEPT1 CASCADE CONSTRAINT PURGE;
TABLE DROPPED.
SQL> CREATE USER TOM IDENTIFIED BY TOM;
 
SQL> CONN / AS SYSDBA
CONNECTED.
SQL> GRANT CREATE SESSION,RESOURCE TO TOM;
GRANT SUCCEEDED.
 
SQL> CONN TOM/TOM
CONNECTED.
SQL> CREATE TABLE TEST(ID NUMBER(2));
TABLE CREATED.
 
SQL> DROP TABLE TEST;
TABLE DROPPED
 
SQL> CONN / AS SYSDBA
CONNECTED.
 
SQL> CONN / AS SYSDBA
CONNECTED.
SQL> ALTER SESSION SET NLS_DATE_FORMAT='YYYYMMDD HH24:MI:SS';
SESSION ALTERED.
 
SQL> DESC DBA_AUDIT_TRAIL;
 NAME                                      NULL?    TYPE
 ----------------------------------------- -------- ----------------------------
 OS_USERNAME                                        VARCHAR2(255)
 USERNAME                                           VARCHAR2(30)
 USERHOST                                           VARCHAR2(128)
 TERMINAL                                           VARCHAR2(255)
 TIMESTAMP                                          DATE
 OWNER                                              VARCHAR2(30)
 OBJ_NAME                
CopyRight © 2022 站长资源库 编程知识问答 zzzyk.com All Rights Reserved
部分文章来自网络,