配置Oracle安全審計選項audit
2. SYSDBA/SYSOPER操做的審計
SQL>show parameter audit;
NAME TYPE VALUE
------------------------------------ ----------- ---------------
audit_file_dest string /oracle/PQ1/102_64/rdbms/audit
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string OS
設置步驟
SQL> alter system set audit_trail=os scope=spfile;
System altered.
SQL> alter system set audit_sys_operations=true scope=spfile;
System altered.
SQL> alter system set audit_file_dest='C:\APP\tom\ADMIN\ORCL\ADUMP' scope=spfile;
System altered.
從新啓動數據庫:
SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 523108352 bytes
Fixed Size 1375704 bytes
Variable Size 465568296 bytes
Database Buffers 50331648 bytes
Redo Buffers 5832704 bytes
Database mounted.
Database opened.
檢查當前的審計參數:
SQL> show parameter audit;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string C:\APP\tom\ADMIN\ORCL\ADUMP
audit_sys_operations boolean TRUE
audit_trail string OS
請根據實際須要將C:\APP\tom\ADMIN\ORCL\ADUMP 修改成/oracle/PQ1/102_64/rdbms/audit 或其餘審計目錄
3. 語句級別的審計命令
腳本:
audit create session by tom by access;
audit SELECT TABLE by tom by access;
audit INSERT TABLE by tom by access;
audit UPDATE TABLE by tom by access;
audit DELETE TABLE by tom by access;
請按照實際須要將tom修改成須要審計的數據庫用戶
示範:
SQL> select * from dba_stmt_audit_opts;
no rows selected
SQL> audit create session by tom by access;
Audit succeeded.
SQL> audit SELECT TABLE by tom by access;
Audit succeeded.
SQL> audit INSERT TABLE by tom by access;
Audit succeeded.
SQL> audit UPDATE TABLE by tom by access;
Audit succeeded.
SQL> audit DELETE TABLE by tom by access;
Audit succeeded.
SQL> select * from dba_stmt_audit_opts;
USER_NAME PROX AUDIT_OPTION SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom CREATE SESSION BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom SELECT TABLE BY ACCESS BY ACCESS
tom INSERT TABLE BY ACCESS BY ACCESS
tom UPDATE TABLE BY ACCESS BY ACCESS
tom DELETE TABLE BY ACCESS BY ACCESS
關閉語句審計
noaudit create session by tom;
noaudit select table by tom;
noaudit insert table by tom;
noaudit update table by tom;
noaudit delete table by tom;
4. 權限級別的審計
腳本:
audit drop any table by tom by access;
audit select any table by tom by access;
audit create session by tom by access;
請按照實際須要將tom修改成須要審計的數據庫用戶
示範
SQL> audit drop any table by tom by access;
Audit succeeded.
SQL> audit select any table by tom by access;
Audit succeeded.
SQL> audit create session by tom by access;
Audit succeeded.
SQL> select * from dba_priv_audit_opts;
USER_NAME PROX PRIVILEGE SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
tom CREATE SESSION BY ACCESS BY ACCESS
關閉權限審計
noaudit drop any table by tom;
noaudit select any table by tom;
noaudit create session by tom;
5. 默認對象的審計
腳本:
audit alter on default by session;
audit audit on default by session;
audit delete on default by session;
audit grant on default by access;
audit lock on default by session;
示範:
SQL> select * from all_def_audit_opts;
ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE FBK REA
--- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
-/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/-
SQL> audit alter on default by session;
Audit succeeded.
SQL> audit audit on default by session;
Audit succeeded.
SQL> audit delete on default by session;
Audit succeeded.
SQL> audit grant on default by access;
Audit succeeded.
SQL> audit lock on default by session;
Audit succeeded.
SQL> select * from all_def_audit_opts;
ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE FBK REA
--- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
S/S S/S -/- S/S A/A -/- -/- S/S -/- -/- -/- -/- -/- -/- -/-
關閉默認對象審計:
noaudit alter on default ;
noaudit audit on default ;
noaudit delete on default ;
noaudit grant on default;
noaudit lock on default;
6. 其餘注意事項
1. 審計命令選項
by session對每一個session中發生的重複操做只記錄一次,by access對每一個session中發生的每次操做都記錄,而無論是否重複
Whenever [not] successful/whenever successful
操做成功(dba_audit_trail中returncode字段爲0) 才審計. whenever not successful 操做失敗才設計.
省略該子句(Whenever [not] successful/whenever successful )的話,無論操做成功與否都會審計。
2. 審計數據庫初始化參數文件中AUDIT_TRAIL=OS時,審計記錄存在操做系統的文件中,即參數AUDIT_FILE_DEST 指定的值,若是是windows,審計記錄存放在事件管理器的應用程序日誌中。數據庫初始化參數文件中AUDIT_TRAIL=DB時,審計記錄存在數據庫中
3. 審計信息相關的數據字典視圖
DBA_AUDIT_TRAIL 全部審計記錄
DBA_AUDIT_EXISTS NOT EXISTS 審計產生的記錄
DBA_AUDIT_OBJECT 關於對象的審計記錄
DBA_AUDIT_SESSION 鏈接和斷開的記錄
DBA_AUDIT_STATEMENT 語句級別的審計記錄
SYS.AUD$ 是惟一保留審計結果的表。其它的都是視圖
AUDIT_ACTIONS 包含對審計跟蹤動做類型代碼的說明
ALL_DEF_AUDIT_OPTS 包含默認對象審計選項。當建立對象時將應用這些選項
DBA_STMT_AUDIT_OPTS 由用戶設置的跨系統的當前系統審計選項
DBA_PRIV_AUDIT_OPTS 由用戶正在審計的跨系統的當前系統權限
DBA_OBJ_AUDIT_OPTS 在全部對象上的審計選項
USER_OBJ_AUDIT_OPTS USER 視圖描述當前用戶擁有的全部對象上的審計選項
4. 有時候「語句審計」和「權限審計」是相互重複的。並不須要明確的區分這2種類型。例以下面紅色粗體部分:
SQL> audit create table;
Audit succeeded.
SQL> SELECT * FROM DBA_STMT_AUDIT_OPTS;
USER_NAME PROX AUDIT_OPTION SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom CREATE SESSION BY ACCESS BY ACCESS
CREATE TABLE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom SELECT TABLE BY ACCESS BY ACCESS
tom INSERT TABLE BY ACCESS BY ACCESS
tom UPDATE TABLE BY ACCESS BY ACCESS
tom DELETE TABLE BY ACCESS BY ACCESS
9 rows selected.
SQL> SELECT * FROM DBA_PRIV_AUDIT_OPTS;
USER_NAME PROX PRIVILEGE SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
CREATE TABLE BY ACCESS BY ACCESS
tom CREATE SESSION BY ACCESS BY ACCESS
5. ALL_DEF_AUDIT_OPTS 數據字典視圖說明
-/-: no default auditing
S/-: auditing whenever successful
-/S: auditing whenever not successful
Column Datatype NULL Description
ALT VARCHAR2(3) Auditing ALTER WHENEVER SUCCESSFUL / UNSUCCESSFUL
AUD VARCHAR2(3) Auditing AUDIT WHENEVER SUCCESSFUL / UNSUCCESSFUL
COM VARCHAR2(3) Auditing COMMENT WHENEVER SUCCESSFUL / UNSUCCESSFUL
DEL VARCHAR2(3) Auditing DELETE WHENEVER SUCCESSFUL / UNSUCCESSFUL
GRA VARCHAR2(3) Auditing GRANT WHENEVER SUCCESSFUL / UNSUCCESSFUL
IND VARCHAR2(3) Auditing INDEX WHENEVER SUCCESSFUL / UNSUCCESSFUL
INS VARCHAR2(3) Auditing INSERT WHENEVER SUCCESSFUL / UNSUCCESSFUL
LOC VARCHAR2(3) Auditing LOCK WHENEVER SUCCESSFUL / UNSUCCESSFUL
REN VARCHAR2(3) Auditing RENAME WHENEVER SUCCESSFUL / UNSUCCESSFUL
SEL VARCHAR2(3) Auditing SELECT WHENEVER SUCCESSFUL / UNSUCCESSFUL
UPD VARCHAR2(3) Auditing UPDATE WHENEVER SUCCESSFUL / UNSUCCESSFUL
REF CHAR(3) This column is obsolete and maintained for backward compatibility. The value of this column is always -/-
EXE VARCHAR2(3) Auditing EXECUTE WHENEVER SUCCESSFUL / UNSUCCESSFUL
FBK VARCHAR2(3) Auditing FLASHBACK WHENEVER SUCCESSFUL / UNSUCCESSFUL
REA VARCHAR2(3) Auditing READ WHENEVER SUCCESSFUL / UNSUCCESSFUL
SQL>show parameter audit;
NAME TYPE VALUE
------------------------------------ ----------- ---------------
audit_file_dest string /oracle/PQ1/102_64/rdbms/audit
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string OS
設置步驟
SQL> alter system set audit_trail=os scope=spfile;
System altered.
SQL> alter system set audit_sys_operations=true scope=spfile;
System altered.
SQL> alter system set audit_file_dest='C:\APP\tom\ADMIN\ORCL\ADUMP' scope=spfile;
System altered.
從新啓動數據庫:
SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 523108352 bytes
Fixed Size 1375704 bytes
Variable Size 465568296 bytes
Database Buffers 50331648 bytes
Redo Buffers 5832704 bytes
Database mounted.
Database opened.
檢查當前的審計參數:
SQL> show parameter audit;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string C:\APP\tom\ADMIN\ORCL\ADUMP
audit_sys_operations boolean TRUE
audit_trail string OS
請根據實際須要將C:\APP\tom\ADMIN\ORCL\ADUMP 修改成/oracle/PQ1/102_64/rdbms/audit 或其餘審計目錄
3. 語句級別的審計命令
腳本:
audit create session by tom by access;
audit SELECT TABLE by tom by access;
audit INSERT TABLE by tom by access;
audit UPDATE TABLE by tom by access;
audit DELETE TABLE by tom by access;
請按照實際須要將tom修改成須要審計的數據庫用戶
示範:
SQL> select * from dba_stmt_audit_opts;
no rows selected
SQL> audit create session by tom by access;
Audit succeeded.
SQL> audit SELECT TABLE by tom by access;
Audit succeeded.
SQL> audit INSERT TABLE by tom by access;
Audit succeeded.
SQL> audit UPDATE TABLE by tom by access;
Audit succeeded.
SQL> audit DELETE TABLE by tom by access;
Audit succeeded.
SQL> select * from dba_stmt_audit_opts;
USER_NAME PROX AUDIT_OPTION SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom CREATE SESSION BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom SELECT TABLE BY ACCESS BY ACCESS
tom INSERT TABLE BY ACCESS BY ACCESS
tom UPDATE TABLE BY ACCESS BY ACCESS
tom DELETE TABLE BY ACCESS BY ACCESS
關閉語句審計
noaudit create session by tom;
noaudit select table by tom;
noaudit insert table by tom;
noaudit update table by tom;
noaudit delete table by tom;
4. 權限級別的審計
腳本:
audit drop any table by tom by access;
audit select any table by tom by access;
audit create session by tom by access;
請按照實際須要將tom修改成須要審計的數據庫用戶
示範
SQL> audit drop any table by tom by access;
Audit succeeded.
SQL> audit select any table by tom by access;
Audit succeeded.
SQL> audit create session by tom by access;
Audit succeeded.
SQL> select * from dba_priv_audit_opts;
USER_NAME PROX PRIVILEGE SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
tom CREATE SESSION BY ACCESS BY ACCESS
關閉權限審計
noaudit drop any table by tom;
noaudit select any table by tom;
noaudit create session by tom;
5. 默認對象的審計
腳本:
audit alter on default by session;
audit audit on default by session;
audit delete on default by session;
audit grant on default by access;
audit lock on default by session;
示範:
SQL> select * from all_def_audit_opts;
ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE FBK REA
--- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
-/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/- -/-
SQL> audit alter on default by session;
Audit succeeded.
SQL> audit audit on default by session;
Audit succeeded.
SQL> audit delete on default by session;
Audit succeeded.
SQL> audit grant on default by access;
Audit succeeded.
SQL> audit lock on default by session;
Audit succeeded.
SQL> select * from all_def_audit_opts;
ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE FBK REA
--- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
S/S S/S -/- S/S A/A -/- -/- S/S -/- -/- -/- -/- -/- -/- -/-
關閉默認對象審計:
noaudit alter on default ;
noaudit audit on default ;
noaudit delete on default ;
noaudit grant on default;
noaudit lock on default;
6. 其餘注意事項
1. 審計命令選項
by session對每一個session中發生的重複操做只記錄一次,by access對每一個session中發生的每次操做都記錄,而無論是否重複
Whenever [not] successful/whenever successful
操做成功(dba_audit_trail中returncode字段爲0) 才審計. whenever not successful 操做失敗才設計.
省略該子句(Whenever [not] successful/whenever successful )的話,無論操做成功與否都會審計。
2. 審計數據庫初始化參數文件中AUDIT_TRAIL=OS時,審計記錄存在操做系統的文件中,即參數AUDIT_FILE_DEST 指定的值,若是是windows,審計記錄存放在事件管理器的應用程序日誌中。數據庫初始化參數文件中AUDIT_TRAIL=DB時,審計記錄存在數據庫中
3. 審計信息相關的數據字典視圖
DBA_AUDIT_TRAIL 全部審計記錄
DBA_AUDIT_EXISTS NOT EXISTS 審計產生的記錄
DBA_AUDIT_OBJECT 關於對象的審計記錄
DBA_AUDIT_SESSION 鏈接和斷開的記錄
DBA_AUDIT_STATEMENT 語句級別的審計記錄
SYS.AUD$ 是惟一保留審計結果的表。其它的都是視圖
AUDIT_ACTIONS 包含對審計跟蹤動做類型代碼的說明
ALL_DEF_AUDIT_OPTS 包含默認對象審計選項。當建立對象時將應用這些選項
DBA_STMT_AUDIT_OPTS 由用戶設置的跨系統的當前系統審計選項
DBA_PRIV_AUDIT_OPTS 由用戶正在審計的跨系統的當前系統權限
DBA_OBJ_AUDIT_OPTS 在全部對象上的審計選項
USER_OBJ_AUDIT_OPTS USER 視圖描述當前用戶擁有的全部對象上的審計選項
4. 有時候「語句審計」和「權限審計」是相互重複的。並不須要明確的區分這2種類型。例以下面紅色粗體部分:
SQL> audit create table;
Audit succeeded.
SQL> SELECT * FROM DBA_STMT_AUDIT_OPTS;
USER_NAME PROX AUDIT_OPTION SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom CREATE SESSION BY ACCESS BY ACCESS
CREATE TABLE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom SELECT TABLE BY ACCESS BY ACCESS
tom INSERT TABLE BY ACCESS BY ACCESS
tom UPDATE TABLE BY ACCESS BY ACCESS
tom DELETE TABLE BY ACCESS BY ACCESS
9 rows selected.
SQL> SELECT * FROM DBA_PRIV_AUDIT_OPTS;
USER_NAME PROX PRIVILEGE SUCCESS FAILURE
-------------------- ---- ------------------------------ ---------- ----------
tom SELECT ANY TABLE BY ACCESS BY ACCESS
tom DROP ANY TABLE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
CREATE TABLE BY ACCESS BY ACCESS
tom CREATE SESSION BY ACCESS BY ACCESS
5. ALL_DEF_AUDIT_OPTS 數據字典視圖說明
-/-: no default auditing
S/-: auditing whenever successful
-/S: auditing whenever not successful
Column Datatype NULL Description
ALT VARCHAR2(3) Auditing ALTER WHENEVER SUCCESSFUL / UNSUCCESSFUL
AUD VARCHAR2(3) Auditing AUDIT WHENEVER SUCCESSFUL / UNSUCCESSFUL
COM VARCHAR2(3) Auditing COMMENT WHENEVER SUCCESSFUL / UNSUCCESSFUL
DEL VARCHAR2(3) Auditing DELETE WHENEVER SUCCESSFUL / UNSUCCESSFUL
GRA VARCHAR2(3) Auditing GRANT WHENEVER SUCCESSFUL / UNSUCCESSFUL
IND VARCHAR2(3) Auditing INDEX WHENEVER SUCCESSFUL / UNSUCCESSFUL
INS VARCHAR2(3) Auditing INSERT WHENEVER SUCCESSFUL / UNSUCCESSFUL
LOC VARCHAR2(3) Auditing LOCK WHENEVER SUCCESSFUL / UNSUCCESSFUL
REN VARCHAR2(3) Auditing RENAME WHENEVER SUCCESSFUL / UNSUCCESSFUL
SEL VARCHAR2(3) Auditing SELECT WHENEVER SUCCESSFUL / UNSUCCESSFUL
UPD VARCHAR2(3) Auditing UPDATE WHENEVER SUCCESSFUL / UNSUCCESSFUL
REF CHAR(3) This column is obsolete and maintained for backward compatibility. The value of this column is always -/-
EXE VARCHAR2(3) Auditing EXECUTE WHENEVER SUCCESSFUL / UNSUCCESSFUL
FBK VARCHAR2(3) Auditing FLASHBACK WHENEVER SUCCESSFUL / UNSUCCESSFUL
REA VARCHAR2(3) Auditing READ WHENEVER SUCCESSFUL / UNSUCCESSFUL
相關文章
- 1. 信息安全審計系統S-Audit
- 2. mysql安全-數據庫審計(audit)
- 3. mysql 審計(audit)
- 4. 審計日誌audit
- 5. MySQL Audit日誌審計
- 6. Linux audit 審計工具
- 7. Oracle 審計失敗的用戶登錄(Oracle audit)
- 8. Oracle 10g Audit(審計) --- 記錄登陸用戶在Oracle中的全部操做
- 9. Linux安全審計功能的實現——audit詳解
- 10. MongoDB安全的3A -- 認證(Authentication)、授權(Authorization)和審計(Audit
- 更多相關文章...
- • Git 安裝配置 - Git 教程
- • ASP.NET MVC - 安全 - ASP.NET 教程
- • IntelliJ IDEA 代碼格式化配置和快捷鍵
- • IDEA下SpringBoot工程配置文件沒有提示
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章