数据库级别的审计

审计: 跟踪数据库中的可以操作

超级用户的审计

超级用户有三种操作一定会被审计:

  • 超级用户的连接
  • 数据库的启动
  • 数据库的停止

打开超级用户的额外审计:

alter system set audit_sys_operation=true scope=spfile;

超级用户审计的跟踪文件记录在哪里?

show parameter audit_file_dest


SQL> show parameter audit_file_dest

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest                      string      /u01/app/oracle/admin/cdb1/adu
                                                 mp
SQL>

普通用户的审计:

普通用户审计的线索记录在哪里?

audit_trail=DB --> 使用数据字典aud$记录审计的线索

audit_trail=OS --> 使用audit_file_dest指向的目录保存审计文件

打开语句审计:

  • audit delete table; -->会话级成功,失败都审计
  • audit delete table whenever sucessful; --> 会话级成功
  • audit delete table whenever not sucessful; --> 会话级失败
  • audit delete table by access; --> 访问级成功、失败都审计
  • audit delete table by access whenever successful; --> 访问级成功
  • audit delete table by access whenever not successful;--> 访问级失败
audit delete table by scott;

audit delete table by scott whenever successful;

audit delete table by scott whenever not successful;

audit delete table by scott by access;

audit delete table by scott by access whenever successful;

audit delete table by scott by access whenever not sucessful;

查看哪些语句已经被打开了审计:

SQL> 
SQL> select audit_option,success,failure from dba_stmt_audit_opts where user_name='SCOTT';

no rows selected

SQL>

查看审计线索

SQL> delete aud$;

1 row deleted.

SQL> commit;

Commit complete.

SQL> select * from aud$;

no rows selected

查看操作代码对应的操作名称:

select name from audit_actions where action=1;

关闭语句审计:

noaudit delete table by scott;
exec print_table('select * from aud$ where userid="SCOTT"');

特权审计: 刚刚打开的审计对已持续的连接无效!!

audit create any table by scott;

查看特权审计:

select PRIVILEGE,SUCCESS,FAILURE from dba_priv_audit_opts where user_name='SCOTT';

对象审计:在具体某一个对象上面打开的审计选项

audit delete on scott.emp;
audit insert on scott.emp by access whenever not successful;
SQL> 
SQL> select audit_option,success,failure from dba_stmt_audit_opts;

no rows selected

SQL> 

你可能感兴趣的:(DBA,数据库,oracle,dba)