zoukankan      html  css  js  c++  java
  • 关于ORACLE 审计的一些视图和脚本

    审计视图

    STMT_AUDIT_OPTION_MAP    -- 审计选项类型代码
    AUDIT_ACTIONS    -- action代码
    ALL_DEF_AUDIT_OPTS    -- 对象创建时默认的对象审计选项
    DBA_STMT_AUDIT_OPTS    -- 当前数据库系统审计选项
    DBA_PRIV_AUDIT_OPTS    -- 权限审计选项
    DBA_OBJ_AUDIT_OPTS   
    USER_OBJ_AUDIT_OPTS    -- 对象审计选项
    DBA_AUDIT_TRAIL   
    USER_AUDIT_TRAIL    -- 审计记录
    DBA_AUDIT_OBJECT   
    USER_AUDIT_OBJECT    -- 审计对象列表
    DBA_AUDIT_SESSION   
    USER_AUDIT_SESSION    -- session审计
    DBA_AUDIT_STATEMENT   
    USER_AUDIT_STATEMENT    -- 语句审计
    DBA_AUDIT_EXISTS    -- 使用BY AUDIT NOT EXISTS选项的审计
    DBA_AUDIT_POLICIES    -- 审计POLICIES
    DBA_COMMON_AUDIT_TRAIL    -- 标准审计+精细审计

    一些脚本

    下面这个脚本可以找出系统开了哪些 系统审计功能(非object 审计)

    select nvl(user_name,'SYSTEM WIDE AUDITING')"User_Name",proxy_name "Proxy_Name",audit_option "Audit_Option",
    success "Success?",failure "Failure?" from DBA_STMT_AUDIT_OPTS;

    例子:

    SQL> select nvl(user_name,'SYSTEM WIDE AUDITING')"User_Name",proxy_name "Proxy_Name",audit_option "Audit_Option",
      2  success "Success?",failure "Failure?" from DBA_STMT_AUDIT_OPTS;

    User_Name                      Proxy_Name                     Audit_Option                             Success?   Failure?
    ------------------------------ ------------------------------ ---------------------------------------- ---------- ----------
    SYSTEM WIDE AUDITING                                          CREATE ANY TABLE                         BY ACCESS  BY ACCESS
    SCOTT                                                         CREATE ANY VIEW                          BY ACCESS  BY ACCESS
    可以看到系统对任何一个 用户 执行create table 做了审计,对scott 用户做了 create any view 审计

    下面这个脚本可以查出系统开了哪些 对象审计功能

    select owner || '.' || object_name "Object",object_type "Object_Type",
    decode(alt,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Alter",
    decode(aud,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Audit",
    decode(com,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Commit",
    decode(del,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Delete",
    decode(gra,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Grant",
    decode(ind,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Index",
    decode(ins,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Insert",
    decode(loc,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Lock",
    decode(ren,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Rename",
    decode(sel,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Select",
    decode(upd,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Update",
    decode(ref,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Reference",
    decode(exe,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Execute",
    decode(cre,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Create",
    decode(rea,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Read",
    decode(wri,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Write",
    decode(fbk,'-/-','NONE','S/-','WHENEVER SUCCESSFUL','-/S','WHENEVER UNSUCCESSFUL','S/S',
    'WHENEVER SUCCESSFUL AND UNSUCCESSFUL')"Flashback"
    from dba_obj_audit_opts;

    由于显示效果不好 ,就不贴执行结果了

    下面这个脚本可以查看系统 开了哪些FGA 审计

    当然你也可以select * from dba_audit_policies;我只是将其还原回了dbms_fga.add_policies。

    declare
    cursor fga_defination is
    select object_schema, object_name ,policy_name ,policy_text ,
    policy_column ,nvl(pf_schema,'NULL') pf_schema ,NVL(pf_package,'NULL') pf_package,nvl(pf_function,'NULL') pf_function,
    decode(enabled,'YES','TRUE','NO','FALSE') enabled,
    decode(sel||','||ins||','||upd||','||del,'YES,YES,YES,YES','SELECT,INSERT,UPDATE,DELETE','YES,YES,YES,NO','SELECT,INSERT,UPDATE','YES,YES,NO,NO',
    'SELECT,INSERT','YES,NO,NO,NO','SELECT','YES,YES,NO,YES','SELECT,INSERT,DELETE','NO,YES,NO,YES','INSERT,DELETE','NO,NO,YES,YES','UPDATE,DELETE',
    'YES,NO,NO,YES','SELECT,DELETE','YES,NO,YES,NO','SELECT,UPDATE','YES,NO,YES,YES','SELECT,UPDATE,DELETE',
    'NO,YES,YES,YES','INSERT,UPDATE,DELETE','NO,YES,YES,NO','INSERT,UPDATE','NO,YES,NO,NO','INSERT','NO,NO,YES,NO','UPDATE','NO,NO,NO,YES','DELETE') stat,
    substr(audit_trail,0,instr(audit_trail,'+')-1) audit_trail1,substr(audit_trail,instr(audit_trail,'+')+1) audit_trail2,policy_column_options from dba_audit_policies;
    begin
    dbms_output.enable(100000000);
    for fga in fga_defination loop
    dbms_output.put_line('- - - - - - - - - - - - - - - - - - -  - - - - - - - - - - -  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -');
    dbms_output.put_line('    DBMS_FGA.ADD_POLICY(');
    dbms_output.put_line('        object_schema     => '''|| fga.object_schema ||''','  );
    dbms_output.put_line('        object_name       => '''|| fga.object_name ||''','  );
    dbms_output.put_line('        policy_name       => '''|| fga.policy_name ||''','  );
    dbms_output.put_line('        audit_condition   => '''|| fga.policy_text ||''','  );
    dbms_output.put_line('        audit_column      => '''|| fga.policy_column  ||''','  );
    if (fga.pf_schema!='NULL') then
    dbms_output.put_line('        handler_schema    => '''|| fga.pf_schema ||''','  );
    end if;
    if (fga.pf_package!='NULL') then
    dbms_output.put_line('        handler_module    => '''|| fga.pf_package ||'.' ||fga.pf_function ||''','  );
    end if;
    dbms_output.put_line('        enable            =>  ' || fga.enabled  || ','  );
    dbms_output.put_line('        statement_types   => '''|| fga.stat ||''',');
    if (fga.audit_trail1 IS NULL)  then
    dbms_output.put_line('        audit_trail       => '  || 'DBMS_FGA.' ||fga.audit_trail2  || ','  );
    else
    dbms_output.put_line('        audit_trail       => '  || 'DBMS_FGA.' || fga.audit_trail1 || '+DBMS_FGA.' ||fga.audit_trail2  || ','  );
    end if;
    dbms_output.put_line('        audit_column_opts => '  || 'DBMS_FGA.' || fga.policy_column_options   );
    dbms_output.put_line('                       );' );
    end loop;
    dbms_output.put_line('- - - - - - - - - - - - - - - - - - -  - - - - - - - - - - -  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -');
    end;
    /

    例子:(部分结果)

    Found FGA Audit:ROBINSON4
        DBMS_FGA.ADD_POLICY(
            object_schema     => 'SCOTT',
            object_name       => 'EMP',
            policy_name       => 'ROBINSON4',
            audit_condition   => 'sal>1000',
            audit_column      => 'SAL',
            enable            =>  TRUE,
            statement_types   => 'INSERT,UPDATE,DELETE',
            audit_trail       => DBMS_FGA.DB+DBMS_FGA.EXTENDED,
            audit_column_opts => DBMS_FGA.ANY_COLUMNS
                           );

  • 相关阅读:
    MongoDB理解
    jQuery+Ajax+PHP实现异步分页数据显示
    PHP设计模式四:适配器模式
    PHP设计模式三:原型设计模式
    Event Managers
    NetAdvantage
    英语
    CA1060
    DateTime和DateTime2
    宿主进程 vshost.exe
  • 原文地址:https://www.cnblogs.com/hehe520/p/6330621.html
Copyright © 2011-2022 走看看