oracle-审计2

原创

ocpyang 2012-03-30 09:25:00 博主文章分类：oracle ©著作权

文章标签 sql database user access table insert 文章分类 Oracle 数据库

©著作权归作者所有：来自51CTO博客作者ocpyang的原创作品，请联系作者获取转载授权，否则将追究法律责任

三、语句审计：
语句审计选项包括：

/*
语句审计选项触发SQL语句
alter sequence alter sequence

alter table alter table

comment table comment on table、comment on column

database link create database link、drop database link

delete table delete

execute procedure 执行任意一个过程、函数或对一个报中的任意一个游标或变量的访问

grant procedure one function or package or grant on procedure

grant sequence a grant on sequence(一个序列上的grant)

grant table grant of one table or view (一个表或视图上的grant)

index create index

insert table insert of table or view（表或视图上的insert）

lock table lock

not exists all sql(所有的SQL语句)

procedure create function;drop function;create package; create package body;
drop package;create procedure;drop procedure;

profile create profile;alter profile;drop profile;

role create role;alter role;drop role; set role;

select sequence select of a sequence(一个序列上的select)

select table select from table or view(从表或视图上的select)

sequence create sequence; drop sequence

session logon

synonym create synonym;drop synonym;

system audit audit;noaudit

system grant grant; revoke

table create table;drop table; truncate table

tablespace create tablespace; alter tablespace; drop tablespace

trigger create trigger;alter trigger;alter table;

update table update of a table or view(一个表或视图上的update)

user create user; alter user; drop user;

view create view; drop view

-- 3.1 查看数据库中已经启用审计的选项

SQL> select user_name, audit_option, success, failure
2 from dba_stmt_audit_opts;

未选定行

SQL> audit table;

审计已成功。

SQL> select user_name, audit_option, success, failure from dba_stmt_audit_opts;

USER_NAME                      AUDIT_OPTION
------------------------------ ---------------------------------------
SUCCESS    FAILURE
---------- ----------
                               TABLE
BY ACCESS BY ACCESS

-- 3.2 启用指定语句审计

SQL> audit table;

审计已成功。

-- 3.3 启用指定用户审计

SQL> show parameters audit_trail

NAME TYPE VALUE
------------------------------------ ----------- ---------------
audit_trail string DB
SQL> audit table by scott;

审计已成功。

-- 3.4 启用针对用户失败时的审计

SQL> audit table by scott whenever not successful;

审计已成功。

SQL> select user_name, audit_option, success, failure from dba_stmt_audit_opts;

USER_NAME AUDIT_OPTION SUCCESS FAILURE
------------------------------ ---------------------------------------- ---------- ----------
SCOTT TABLE NOT SET BY ACCESS

-- 3.5 启用针对用户成功时的审计

SQL> audit table by scott whenever successful;

SQL> select user_name, audit_option, success, failure from dba_stmt_audit_opts;

USER_NAME AUDIT_OPTION SUCCESS FAILURE
------------------------------ ---------------------------------------- ---------- ----------
SCOTT TABLE BY ACCESS NOT SET

-- 3.6 启用非DDL审计
SQL> select user_name, audit_option, success, failure from dba_stmt_audit_opts;

USER_NAME AUDIT_OPTION SUCCESS FAILURE
------------------------------ ---------------------------------------- ---------- ----------

SQL> audit insert table by scott by access;

Audit succeeded

SQL> conn scott/tiger
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.1.0
Connected as scott

SQL> create table t1
2 (sid int);

Table created

SQL> insert into t1 values (1001);

1 row inserted

SQL> select * from t1;

SID
---------------------------------------
1001

SQL> update t1 set sid=2003 where sid=1001;

1 row updated

SQL> delete from t1;

1 row deleted

SQL> conn sys as sysdba
Connected to Oracle Database 10g Enterprise Edition Release 10.2.0.1.0
Connected as SYS

SQL> select user_name, audit_option, success, failure from dba_stmt_audit_opts;

USER_NAME AUDIT_OPTION SUCCESS FAILURE
------------------------------ ---------------------------------------- ---------- ----------
SCOTT INSERT TABLE BY ACCESS BY ACCESS

-- 3.7 关闭语句审计
SQL> noaudit table;

审计未成功。

SQL> noaudit insert table by scott;

Noaudit succeeded

----------------------------------------------------------------------------------------
****************************************************************************************
四、管理特权审计：
****************************************************************************************
----------------------------------------------------------------------------------------
管理特权审计包括监视和记录需要一个指定系统特权的SQL语句的执行；可以审计任意一个系统特权。

-- 4.1 启用审计特权

SQL> audit create any table;

Audit succeeded

-- 4.2 审计具体用户

/*
环境准备：

create user win identified by password
quota 100m on users;

grant create session, create table to win;

--步骤1：检查已经启用特权审计

SQL> select user_name, privilege, success, failure from dba_priv_audit_opts ;

USER_NAME PRIVILEGE SUCCESS FAILURE
------------------------------ ---------------------------------------- ---------- ----------

--步骤2：启用特权审计
SQL> audit select any table by scott by access;

Audit succeeded

--步骤3：检查已经启用特权审计

SQL> select user_name, privilege, success, failure from dba_priv_audit_opts ;

USER_NAME PRIVILEGE SUCCESS FAILURE
------------------------------ ---------------------------------------- ---------- ----------
SCOTT SELECT ANY TABLE BY ACCESS BY ACCESS

--步骤4：连接到scott账户操作

SQL> conn scott/tiger
已连接。
SQL> select * from win.accp;

TID
----------
1001

--步骤5：检查审计跟踪

SQL> select username, to_char(timestamp,'yyyy:mm:dd:hh'), action_name
from dba_audit_trail where username= 'SCOTT';

USERNAME TIME ACTION_NAME
------------------------------ ------------- ----------------------------
SCOTT 2008:10:29:01 SELECT

--步骤6：清空审计记录

SQL> delete from sys.aud$ ;