oracle 审计功能
时间:2021-07-01 10:21:17
帮助过:3人阅读
+ Oracle
10.2.
0.4
1. Oracle 10g 审计功能
2. 对数据库监听器的关闭和启动设置密码
1. Oracle 10g 审计功能
Oracle 10g审计功能默认是关闭的。
需要注意开启审计功能必然会额外消耗一部分数据库性能,开启审计需要重启数据库生效。
具体的审计策略则需要根据项目实际要求自行配置。
1.1 查看audit相关参数
--查看audit相关参数
set linesize
200
show parameter audit
--结果如下
NAME TYPE VALUE
------------------------------------ -------------------------------- ------------------------------
audit_file_dest string
/opt
/app
/oracle
/admin
/vas
/adum
p
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string NONE
1.2 开启审计
--开启审计
alter system
set audit_sys_operations
=TRUE scope
=spfile;
alter system
set audit_trail
=db,extended scope
=spfile;
--重启库生效
shutdown immediate
startup
--最后再次查看确定审计已开启
SQL
> show parameter audit
NAME TYPE VALUE
------------------------------------ -------------------------------- ------------------------------
audit_file_dest string
/opt
/app
/oracle
/admin
/vas
/adum
p
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB, EXTENDED
1.3 配置审计策略
--查看审计策略
select * from DBA_STMT_AUDIT_OPTS;
--配置审计策略(参考11g默认开启的审计选项设置如下基本审计内容)
AUDIT
ALTER ANY PROCEDURE ;
AUDIT ALTER ANY TABLE ;
AUDIT ALTER DATABASE ;
AUDIT ALTER PROFILE ;
AUDIT ALTER SYSTEM ;
AUDIT ALTER USER ;
AUDIT CREATE ANY JOB ;
AUDIT CREATE ANY LIBRARY ;
AUDIT CREATE ANY PROCEDURE ;
AUDIT CREATE ANY TABLE ;
AUDIT CREATE EXTERNAL JOB ;
AUDIT CREATE PUBLIC DATABASE LINK ;
AUDIT CREATE SESSION ;
AUDIT CREATE USER ;
AUDIT DATABASE LINK ;
AUDIT DIRECTORY ;
AUDIT DROP ANY PROCEDURE ;
AUDIT DROP ANY TABLE ;
AUDIT DROP PROFILE ;
AUDIT DROP USER ;
AUDIT EXEMPT ACCESS POLICY ;
AUDIT GRANT ANY OBJECT PRIVILEGE ;
AUDIT GRANT ANY PRIVILEGE ;
AUDIT GRANT ANY ROLE ;
AUDIT PROFILE ;
AUDIT PUBLIC SYNONYM ;
AUDIT ROLE ;
AUDIT SYSTEM AUDIT ;
AUDIT SYSTEM GRANT ;
--其他特殊需求的审计策略
----审计对业务用户JINGYU下的核心表T1数据的删除,更新和插入操作
AUDIT
DELETE,
UPDATE,
INSERT ON JINGYU.T1;
----审计核心表T2(包括查询)
AUDIT
ALL ON JINGYU.T2;
----审计核心表T2,每一次都生成一行审计记录
AUDIT
ALL ON JINGYU.T2
BY ACCESS;
----取消特殊需求的审计策略
NOAUDIT
DELETE,
UPDATE,
INSERT ON JINGYU.T1;
NOAUDIT ALL ON JINGYU.T2;
--取消审计策略
NOAUDIT
ALTER ANY PROCEDURE ;
NOAUDIT ALTER ANY TABLE ;
NOAUDIT ALTER DATABASE ;
NOAUDIT ALTER PROFILE ;
NOAUDIT ALTER SYSTEM ;
NOAUDIT ALTER USER ;
NOAUDIT CREATE ANY JOB ;
NOAUDIT CREATE ANY LIBRARY ;
NOAUDIT CREATE ANY PROCEDURE ;
NOAUDIT CREATE ANY TABLE ;
NOAUDIT CREATE EXTERNAL JOB ;
NOAUDIT CREATE PUBLIC DATABASE LINK ;
NOAUDIT CREATE SESSION ;
NOAUDIT CREATE USER ;
NOAUDIT DATABASE LINK ;
NOAUDIT DIRECTORY ;
NOAUDIT DROP ANY PROCEDURE ;
NOAUDIT DROP ANY TABLE ;
NOAUDIT DROP PROFILE ;
NOAUDIT DROP USER ;
NOAUDIT EXEMPT ACCESS POLICY ;
NOAUDIT GRANT ANY OBJECT PRIVILEGE ;
NOAUDIT GRANT ANY PRIVILEGE ;
NOAUDIT GRANT ANY ROLE ;
NOAUDIT PROFILE ;
NOAUDIT PUBLIC SYNONYM ;
NOAUDIT ROLE ;
NOAUDIT SYSTEM AUDIT ;
NOAUDIT SYSTEM GRANT ;
--再次查看审计策略
select * from DBA_STMT_AUDIT_OPTS;
1.4 查看审计日志
--查看审计日志
select * from DBA_AUDIT_TRAIL;
1.5 关闭审计
--关闭审计
alter system
set audit_trail
=none scope
=spfile;
alter system
set audit_sys_operations
=false scope
=spfile;
--重启库生效
shutdown immediate
startup
--最后确定审计已关闭
SQL
> show parameter audit
NAME TYPE VALUE
------------------------------------ -------------------------------- ------------------------------
audit_file_dest string
/opt
/app
/oracle
/admin
/vas
/adum
p
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string NONE
oracle 审计功能
标签:基本 lse 内容 data roc inux sel app object
