zoukankan      html  css  js  c++  java
  • 11g默认审计选项

    【注:参考了maclean的网文】
    11g默认审计选项AUDIT_TRAIL参数的缺省值为DB,审计数据记录在数据库中的AUD$审计字典基表上。在11g中CREATE SESSION将被作为受审计的权限来被记录,因此当SYSTEM表空间因磁盘空间而无法扩展时将导致这部分审计记录无法生成,这将最终导致普通用户的新会话将无法正常创建,普通用户将无法登陆数据库。在这种场景中仍可以使用SYSDBA身份的用户创建会话,在将审计数据合适备份后删除一部分记录,或者干脆TRUNCATE AUD$都可以解决上述问题。
    当AUDIT_TRAIL设置为OS时,审计记录文件将在AUDIT_FILE_DEST参数所指定的目录中生成。全部这些文件均可以随时被删除或复制。
    以下权限将对所有用户审计:

    SQL> select privilege,success,failure from dba_priv_audit_opts;
    
    PRIVILEGE                                SUCCESS    FAILURE
    ---------------------------------------- ---------- ----------
    CREATE EXTERNAL JOB                      BY ACCESS  BY ACCESS
    CREATE ANY JOB                           BY ACCESS  BY ACCESS
    GRANT ANY OBJECT PRIVILEGE               BY ACCESS  BY ACCESS
    EXEMPT ACCESS POLICY                     BY ACCESS  BY ACCESS
    CREATE ANY LIBRARY                       BY ACCESS  BY ACCESS
    GRANT ANY PRIVILEGE                      BY ACCESS  BY ACCESS
    DROP PROFILE                             BY ACCESS  BY ACCESS
    ALTER PROFILE                            BY ACCESS  BY ACCESS
    DROP ANY PROCEDURE                       BY ACCESS  BY ACCESS
    ALTER ANY PROCEDURE                      BY ACCESS  BY ACCESS
    CREATE ANY PROCEDURE                     BY ACCESS  BY ACCESS
    
    PRIVILEGE                                SUCCESS    FAILURE
    ---------------------------------------- ---------- ----------
    ALTER DATABASE                           BY ACCESS  BY ACCESS
    GRANT ANY ROLE                           BY ACCESS  BY ACCESS
    CREATE PUBLIC DATABASE LINK              BY ACCESS  BY ACCESS
    DROP ANY TABLE                           BY ACCESS  BY ACCESS
    ALTER ANY TABLE                          BY ACCESS  BY ACCESS
    CREATE ANY TABLE                         BY ACCESS  BY ACCESS
    DROP USER                                BY ACCESS  BY ACCESS
    ALTER USER                               BY ACCESS  BY ACCESS
    CREATE USER                              BY ACCESS  BY ACCESS
    CREATE SESSION                           BY ACCESS  BY ACCESS
    AUDIT SYSTEM                             BY ACCESS  BY ACCESS
    
    PRIVILEGE                                SUCCESS    FAILURE
    ---------------------------------------- ---------- ----------
    ALTER SYSTEM                             BY ACCESS  BY ACCESS
    
    23 rows selected.

    以下语句也将对所有用户审计:

    SQL> select audit_option,success,failure from dba_stmt_audit_opts;
    
    AUDIT_OPTION                             SUCCESS    FAILURE
    ---------------------------------------- ---------- ----------
    ALTER SYSTEM                             BY ACCESS  BY ACCESS
    SYSTEM AUDIT                             BY ACCESS  BY ACCESS
    CREATE SESSION                           BY ACCESS  BY ACCESS
    CREATE USER                              BY ACCESS  BY ACCESS
    ALTER USER                               BY ACCESS  BY ACCESS
    DROP USER                                BY ACCESS  BY ACCESS
    PUBLIC SYNONYM                           BY ACCESS  BY ACCESS
    DATABASE LINK                            BY ACCESS  BY ACCESS
    ROLE                                     BY ACCESS  BY ACCESS
    PROFILE                                  BY ACCESS  BY ACCESS
    DIRECTORY                                BY ACCESS  BY ACCESS
    
    AUDIT_OPTION                             SUCCESS    FAILURE
    ---------------------------------------- ---------- ----------
    CREATE ANY TABLE                         BY ACCESS  BY ACCESS
    ALTER ANY TABLE                          BY ACCESS  BY ACCESS
    DROP ANY TABLE                           BY ACCESS  BY ACCESS
    CREATE PUBLIC DATABASE LINK              BY ACCESS  BY ACCESS
    GRANT ANY ROLE                           BY ACCESS  BY ACCESS
    SYSTEM GRANT                             BY ACCESS  BY ACCESS
    ALTER DATABASE                           BY ACCESS  BY ACCESS
    CREATE ANY PROCEDURE                     BY ACCESS  BY ACCESS
    ALTER ANY PROCEDURE                      BY ACCESS  BY ACCESS
    DROP ANY PROCEDURE                       BY ACCESS  BY ACCESS
    ALTER PROFILE                            BY ACCESS  BY ACCESS
    
    AUDIT_OPTION                             SUCCESS    FAILURE
    ---------------------------------------- ---------- ----------
    DROP PROFILE                             BY ACCESS  BY ACCESS
    GRANT ANY PRIVILEGE                      BY ACCESS  BY ACCESS
    CREATE ANY LIBRARY                       BY ACCESS  BY ACCESS
    EXEMPT ACCESS POLICY                     BY ACCESS  BY ACCESS
    GRANT ANY OBJECT PRIVILEGE               BY ACCESS  BY ACCESS
    CREATE ANY JOB                           BY ACCESS  BY ACCESS
    CREATE EXTERNAL JOB                      BY ACCESS  BY ACCESS
    
    29 rows selected.

    当前数据库中的现有的审计记录:

    SQL> select action_name,count(*) from dba_audit_trail group by action_name;
    
    ACTION_NAME                    COUNT(*)
    ---------------------------- ----------
    LOGOFF BY CLEANUP                    64
    LOGON                              2965
    LOGOFF                             2822
    DROP DIRECTORY                        1
    GRANT ROLE                            2
    CREATE ROLE                           1
    ALTER USER                            1
    CREATE DIRECTORY                     13
    CREATE DATABASE LINK                  1
    DROP ROLE                             1
    
    10 rows selected.
  • 相关阅读:
    [原创]Java在线编辑word文档调用PageOffice实现并发控制
    [原创]Java动态填充word文档并上传到服务器
    mysql数据类型
    mysql 数据增删改查基本语句
    MYSQL中char 与 varchar 的区别
    MYSQL 同时执行多条SQL语句
    关于MyEclipse10编辑JSP卡顿现象
    鼠标悬停放大图片效果
    简单实现 飘浮 广告层特效
    简单实现 特效(董侨JonneyDong)
  • 原文地址:https://www.cnblogs.com/likingzi/p/6096956.html
Copyright © 2011-2022 走看看