最新oracle审计功能
合集下载
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Connected.
sys@ORCL)> insert into zbtestt1 values(1);
1 row created.
ORCL> create table zbtestt2(c1 number);
Table created.
sys@ORCL(128.192.128.1)> delete from zbtestt2;
打开审计并记录sqltext
sys@ORCL>alter system set audit_trail=db_extended scope=spfile;
-----------------------------------------------------------------------------------------------------
ORCL>select db_user,sql_text from dba_fga_audit_trail;
DB_USER SQL_TEXT
---------- --------------------------------------------------
SEC select * fromzbtestt1
PL/SQL procedure successfully completed.
解释:
Object_schema:用户名
Object_name:对象名
Policy_name:策略名
Statemenet_types:对哪种操作进行审计
2)对t_audit表增删改查操作一番
ORCL>connzbtest/zbtest
Connected.
sec@ora10g> select * fromzbtestt1;
X
---------
7
6 rows selected.
ORCL>delete fromzbtestt1where x=5;
1 row deleted.
ORCL>update t_zbtestt1set x=8 where x=7;
使策略失效的方法:
ORCL>exec dbms_fga.disable_policy(object_schema=>'ZBTEST', object_name=> 'zbtestt1', policy_name=> 'check_t_audit');
使策略生效的方法:
ORCL>exec dbms_fga.enable_policy(object_schema=>'ZBTEST', object_name=> 'zbtestt1', policy_name=> 'check_t_audit');
重启数据库
sys@ORCL>shutdownimmediate;
sys@ORCL(128.192.128.1)> startup
ORACLE instance started.
Total System Global Area 1895825408 bytes
Fixed Size 2046296 bytes
db_extended————打开并记录sql_text和sql_band
xml————记录到xml文件
xml————记录到xml并记录sql_text和sql_band
-----------------------------------------------------------------------------------------------------
ZBTEST insert into zbtestt1 values(1)
ZBTEST create table zbtestt2(c1 number)
ZBTEST delete from zbtestt2
取消对用户的统计
noaudit all by zbtest
其他功能分析
也可以用dbms_fga.add_policy进行更加灵活的审计
oracle审计功能
ORACLE 审计功能测试
功能介绍
使用10g的审计功能,可以指定审计某一用户的操作,对某对象的指定操作审计等
操作
1)审计的细节设定
参数audit_trail配置选项
none | os | db | db,extended | xml | xml,extended
none————不打开审计
SEC delete fromzbtestt1where x=5
SEC updatezbtestt1set x=8 where x=7
SEC insert intozbtestt1values (1)
针对上面添加的审计策略进行调整:disable_policy、enable_policy和drop_policy的方法
1 row updated.
ORCL>insert into t_zbtestt1values (1);
1 row created.
ORCL>commit;
Commit complete.
4)详细查看一下对应的SQL操作,FGA还是很强悍的
ORCL>col DB_USER for a10
ORCL>col SQL_TEXT for a50
ORCL>conn / as sysdba
Connected.
exec dbms_fga.add_policy(object_schema=>'ZBTEST', object_name=> 'zbtestt1', policy_name=> 'check_t_audit',statement_types => 'INSERT, UPDATE, DELETE, SELECT');
Variable Size 1157629608 bytes
Database Buffers 721420288 bytes
Redo Buffers 14729216 bytes
设置对用户的审计
sys@ORCL>audit all by zbtest by access;
ZBTEST用户操作测试
sys@ORCL> conn zbtest/zbtest
0 rows deleted.
查看是否成功抓取SQL
select username,sql_text from dba_audit_trail;
USERNAME SQL_TEXT
---------- --------------------------------------------------
sys@ORCL)> insert into zbtestt1 values(1);
1 row created.
ORCL> create table zbtestt2(c1 number);
Table created.
sys@ORCL(128.192.128.1)> delete from zbtestt2;
打开审计并记录sqltext
sys@ORCL>alter system set audit_trail=db_extended scope=spfile;
-----------------------------------------------------------------------------------------------------
ORCL>select db_user,sql_text from dba_fga_audit_trail;
DB_USER SQL_TEXT
---------- --------------------------------------------------
SEC select * fromzbtestt1
PL/SQL procedure successfully completed.
解释:
Object_schema:用户名
Object_name:对象名
Policy_name:策略名
Statemenet_types:对哪种操作进行审计
2)对t_audit表增删改查操作一番
ORCL>connzbtest/zbtest
Connected.
sec@ora10g> select * fromzbtestt1;
X
---------
7
6 rows selected.
ORCL>delete fromzbtestt1where x=5;
1 row deleted.
ORCL>update t_zbtestt1set x=8 where x=7;
使策略失效的方法:
ORCL>exec dbms_fga.disable_policy(object_schema=>'ZBTEST', object_name=> 'zbtestt1', policy_name=> 'check_t_audit');
使策略生效的方法:
ORCL>exec dbms_fga.enable_policy(object_schema=>'ZBTEST', object_name=> 'zbtestt1', policy_name=> 'check_t_audit');
重启数据库
sys@ORCL>shutdownimmediate;
sys@ORCL(128.192.128.1)> startup
ORACLE instance started.
Total System Global Area 1895825408 bytes
Fixed Size 2046296 bytes
db_extended————打开并记录sql_text和sql_band
xml————记录到xml文件
xml————记录到xml并记录sql_text和sql_band
-----------------------------------------------------------------------------------------------------
ZBTEST insert into zbtestt1 values(1)
ZBTEST create table zbtestt2(c1 number)
ZBTEST delete from zbtestt2
取消对用户的统计
noaudit all by zbtest
其他功能分析
也可以用dbms_fga.add_policy进行更加灵活的审计
oracle审计功能
ORACLE 审计功能测试
功能介绍
使用10g的审计功能,可以指定审计某一用户的操作,对某对象的指定操作审计等
操作
1)审计的细节设定
参数audit_trail配置选项
none | os | db | db,extended | xml | xml,extended
none————不打开审计
SEC delete fromzbtestt1where x=5
SEC updatezbtestt1set x=8 where x=7
SEC insert intozbtestt1values (1)
针对上面添加的审计策略进行调整:disable_policy、enable_policy和drop_policy的方法
1 row updated.
ORCL>insert into t_zbtestt1values (1);
1 row created.
ORCL>commit;
Commit complete.
4)详细查看一下对应的SQL操作,FGA还是很强悍的
ORCL>col DB_USER for a10
ORCL>col SQL_TEXT for a50
ORCL>conn / as sysdba
Connected.
exec dbms_fga.add_policy(object_schema=>'ZBTEST', object_name=> 'zbtestt1', policy_name=> 'check_t_audit',statement_types => 'INSERT, UPDATE, DELETE, SELECT');
Variable Size 1157629608 bytes
Database Buffers 721420288 bytes
Redo Buffers 14729216 bytes
设置对用户的审计
sys@ORCL>audit all by zbtest by access;
ZBTEST用户操作测试
sys@ORCL> conn zbtest/zbtest
0 rows deleted.
查看是否成功抓取SQL
select username,sql_text from dba_audit_trail;
USERNAME SQL_TEXT
---------- --------------------------------------------------