Oracle Audit 审计
时间:2010-12-15 来源:x-i-x
审计 Audit
作用:监视和记录指定的数据库活动,包括权限
鉴权函数:password_verify_function,必须在sys用户下创建
语法:ALTER PROFILE student LIMIT password_verify_function my_password_verify;
保存鉴权记录的设置:
保存方式:数据库或者操作系统文件
语法: ALTER SYSTEM SET audit_trail=DB SCOPE=SPFILE; 缺省none,执行语句后需bounce实例才能生效
结果保存: SYS.AUD$ 需要定期清理,
DBA_AUDIT_TRAIL,USER_AUDIT_TRAIL 审计类型
enable方式:AUDIT table [BY juanita] [WHENEVER NOT SUCCESSFUL];
包括:CREATE, DROP, or TRUNCATE
AUDIT INSERT TABLE BY juanita BY ACCESS;
AUDIT create any table;
AUDIT select ON hr.employee_salary BY ACCESS WHENEVER SUCCESSFUL;
disable方式:
NOAUDIT session;
NOAUDIT not exists;
NOAUDIT table [BY juanita];不必包含 WHENEVER NOT SUCCESSFUL
NOAUDIT select ON hr.employee_salary WHENEVER NOT SUCCESSFUL;
选项:
DATABASE LINK, SEQUENCE, LOCK TABLE, INDEX, PROFILE, ROLE, SYNONYM, SESSION,SYSTEM AUDIT, TRIGGER, SYSTEM GRANT
数据字典:
SYS.AUD$ 审计结果详情,需要定期清理,
DBA_AUDIT_TRAIL,USER_AUDIT_TRAIL 审计结果简要
DBA_STMT_AUDIT_OPTS 已经开启的审计
OWNER OBJECT_NAME OBJECT_TY INS SEL
------------ ------------------------- --------- --- ---
HR EMPLOYEE_SALARY TABLE -/- A/S
A:ACCESS
S:SESSION
/:前面的字符代表成功之后的操作,后面的代表失败后的操作
细粒度审计Fine-grained auditing (FGA)
作用:允许细粒度审计,列,数据内容
规则制定:DBMS_FGA.ADD_POLICY(object_schema => ’HR’,
object_name => ’EMPLOYEES’,
policy_name => ’COMPENSATION_AUD’,
audit_column => ’SALARY,
COMMISSION_PCT’,
enable => FALSE,
statement_types => ’SELECT’);
规则启用:DBMS_FGA.ENABLE_POLICY(object_schema => 'HR',
object_name => 'EMPLOYEES',
policy_name => 'COMPENSATION_AUD');
规则停用:DBMS_FGA.DISABLE_POLICY(object_schema => 'HR',
object_name => 'EMPLOYEES',
policy_name => 'COMPENSATION_AUD');
数据字典:DBA_AUDIT_POLICIES 规则定义
DBA_FGA_AUDIT_TRAIL 审计详情
相关阅读 更多 +
