Oracle审计

--审计
--1.system privilege 系统权限审计
--查询有哪些系统权限供审计
SELECT * FROM System_Privilege_Map;
        
--审计记录保存于该视图，源于aud$系统表，要删除历史审计记录可以删除aud$表
SELECT * FROM DBA_AUDIT_TRAIL ORDER BY TIMESTAMP DESC;
--查看已经配置的权限审计
SELECT * FROM Dba_Priv_Audit_Opts;
AUDIT CREATE SESSION BY scott BY ACCESS;
--即使是设置为by session还是默认为by access
AUDIT DROP ANY TABLE BY SESSION WHENEVER SUCCESSFUL;
        
--2.object privilege, 默认by session
--查看配置的审计对象权限
SELECT * FROM Dba_Obj_Audit_Opts;
AUDIT DELETE ON SCOTT.TEMP1 BY ACCESS;
AUDIT SELECT ON SCOTT.TEMP1 BY ACCESS;
--不审计
NOAUDIT TABLE ... BY <USERNAME>
--使用sys用户以外的其他用户登录并进行操作
SELECT * FROM TEMP1;
--删除审计记录
DELETE from aud$;
--3.语句审计
--4.细粒度审计FGA
BEGIN
  dbms_fga.add_policy(object_schema => 'SCOTT', policy_name => 'scott_temp1_select', object_name => 'TEMP1', statement_types => 'SELECT');
END;
/
--查看定义的
SELECT * FROM DBA_AUDIT_POLICIES;
--查看记录
SELECT * FROM DBA_FGA_AUDIT_TRAIL;
SELECT * FROM SCOTT.TEMP1;
--审计记录（包含审计的类型，session_id等）
SELECT * FROM dba_common_audit_trail;