zoukankan      html  css  js  c++  java

  • ORACLE审计

    一.开启审计

    alter system set audit_sys_operations=TRUE scope=spfile;  --审计管理用户
alter system set audit_trail=db,extended scope=spfile;  //将sql语句写入审计表中

    重启数据库查看

    shutdown immediate;
startup;
show parameter audit;

    二.迁移审计表(因审计表默认存放于system表空间,为避免发生审计表过大将system表空间撑满,故移出审计表)

    create tablespace AUDITSPACE datafile '/dbfile/oracle/oradata/system/AUDITSPACE.dbf' size 30G;

    BEGIN
    DBMS_AUDIT_MGMT.set_audit_trail_location(
    audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,
    audit_trail_location_value => 'AUDITSPACE');
    END;
    /

    BEGIN
    DBMS_AUDIT_MGMT.set_audit_trail_location(
    audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_FGA_STD,--this moves table FGA_LOG$
    audit_trail_location_value => 'AUDITSPACE');
    END;
    /

    alter table audit$ move tablespace AUDITSPACE;

    alter index i_audit rebuild online tablespace AUDITSPACE;

    alter table audit_actions move tablespace AUDITSPACE;

    alter index i_audit_actions rebuild online tablespace AUDITSPACE;

    三.增加审计对象

    审计用户username所有成功的操作

    audit all by username by access whenever successful;

    针对用户的审计(未执行成功的也审计)

    audit select table by username by access; //查表审计
audit update table by username by access; //更新审计
audit delete table by username by access; //删除审计
audit insert table by username by access; //插入审计

    针对某表的更新、删除审计(错误也审计)

    AUDIT UPDATE,DELETE,INSERT ON T_TEST by access;

    保护审计

    audit all on sys.aud$ by access;

    其他审计:

    select * from AUDIT_ACTIONS t;    --所有可审计的操作

    audit alter table by USERNAME by access;

    audit alter sequence by USERNAME by access;

    查看审计

    select * from dba_audit_trail;

    select * from dba_stmt_audit_opts where user_name='USERNAME';

     四.自动删除审计表

    BEGIN --做审计清理的初始化工作
SYS.dbms_audit_mgmt.init_cleanup(audit_trail_type => SYS.DBMS_AUDIT_MGMT.AUDIT_TRAIL_DB_STD,
default_cleanup_interval => 24 );
END;
/
    BEGIN --新建调度,对审计日志符合过期要求(要求自定义)的数据打上时间戳,交由后面的清理JOB完成清理,保留7天的审计日志,每晚22点打标签。
DBMS_SCHEDULER.CREATE_JOB(job_name => 'DAILY_AUD_TIMESTAMP',
job_type => 'PLSQL_BLOCK',
job_action => 'BEGIN DBMS_AUDIT_MGMT.SET_LAST_ARCHIVE_TIMESTAMP(AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,LAST_ARCHIVE_TIME => SYSDATE-7); END;', --为超过7天的数据打上过期标签
start_date => sysdate,
repeat_interval => 'FREQ=DAILY;BYHOUR=22', --每天的22点执行
enabled => TRUE,
comments => 'Create an archive timestamp');
END;
/
    BEGIN --清理JOB,每天清理一次
SYS.DBMS_AUDIT_MGMT.CREATE_PURGE_JOB(AUDIT_TRAIL_TYPE => SYS.DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD,
AUDIT_TRAIL_PURGE_INTERVAL => 24, --单位小时
AUDIT_TRAIL_PURGE_NAME => 'AudPurge',
USE_LAST_ARCH_TIMESTAMP => TRUE);
END;
/
  • 相关阅读:
    Tips_信息列表(手风琴)效果的多种实现方法
    JS_ Date对象应用实例
    JS _函数作用域及变量提升
    C_使用clock()函数获取程序执行时间
    C_输入一个整数N,输出从0~N(算法思考)
    Chrome_查看 webSocket 连接信息
    Chrome_断点调试(使用vue-resource进行数据交互)
    Tips_利用padding实现高度可控的分隔线
    CSS_圣杯布局和双飞翼布局
    Tips_一级菜单栏实现
  • 原文地址:https://www.cnblogs.com/taihao/p/14191825.html
Copyright © 2011-2022 走看看