当前位置:Gxlcms > mysql > Oracle数据库审计概述

Oracle数据库审计概述

时间:2021-07-01 10:21:17 帮助过:148人阅读

针对SYSDBA的审计,Oracle提供了三种技术:1、数据库审计用户的使用的特权,执行的命令和访问的表,以及登录状态2、使用数据库触

针对SYSDBA的审计,,Oracle提供了三种技术:

1、数据库审计用户的使用的特权,执行的命令和访问的表,以及登录状态

2、使用数据库触发器对发起基于值的审计;

3、细粒度审计可以追踪到对表中哪些行进行了访问;

当初始化参数文件AUDIT_SYS_OPERATIONS被设置为true时,SYSDBA和SYSOPER执行的语句将被记录到操作系统的审计文件中;

标准审计

在进行数据库审计前 AUDIT_TRAIL初始化参数文件需要被设置:

  • NONE:不执行审计
  • OS:审计文件被写入到操作系统中——the Application Log on windws, or the AUDIT_FILE_DEST directory on Uinx
  • DB:审计文件被写入到数据库的数据字典表中:SYS.AUD$
  • DB_EXTENDED
  • XML
  • XML_EXXTENDED
  • 例:

    audit create any trigger; --审计所有创建触发器的操作

    auditselect any table by session;

    audit insert on scott.emp whenever successful;--还有一个选项是WHENEVER NOT SUCCESSFUL;

    audit allon scott.emp;

    audit session whenever not successful;--对用户登录进行审计;

    --查看系统产生的审计信息

    select * fromdba_audit_trail;

    其他产生的审计信息的视图还包括:

    DBA_AUDIT_OBJECT,DBA_AUDIT_STATEMENT, DBA_AUDIT_SESSION

    使用触发器来对值进行审计

    A database trigger is a block of PL/SQL code that wil runautomaitcally whenever in INSERT, UPDATE, OR DELETE is executed against a table.

    例:

    CREATE ORREPLACE TRIGGER system.creditrating_audit

    AFTERUPDAT OF creditrating

    ON scott.customers

    REFERENCINGNEW AS NEW OLD AS OLD

    FOR EACHROW

    BEGIN

    IF :old.creditrationg!= :new.creditrating THEN

    INSERT INTO system.creditrating_audit

    VALUES(sys_context('userenv','os_user'),

    sys_context('userenv','ip_address'),

    :new.customer_id || 'credit rating changed from' || :old.creditrating ||' to ' || :new.creditrating);

    END IF;

    END;

    /

    细粒度审计Fine-Grained Auditing(FGA)

    FGA isconfigured with the package DBMS_FGA

    sql>execute dbms_fga.add_policy(-

    object_schema=>'HR',-

    object_name=>'EMPLOYEES',-

    policy_name=>'POL1',-

    audit_condition=>'department_id=80',-

    audit_column=>'SALARY');

    DBA_AUDIT_TRIALis used for standard database auditing;

    DBA_FGA_AUDIT_TRAIL:is used for fine-grained auditing;

    DBA_COMMON_AUDIT_TRAIL:is used for both;

    To seethe results of auditing with triggers, you must create your own views thataddress your own tables;

    人气教程排行