《oracle审计功能复习进程.doc》由会员分享,可在线阅读,更多相关《oracle审计功能复习进程.doc(7页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、Good is good, but better carries it.精益求精,善益求善。oracle审计功能-ORACLE审计功能测试功能介绍使用10g的审计功能,可以指定审计某一用户的操作,对某对象的指定操作审计等操作测试步骤1)审计的细节设定参数audit_trail配置选项none|os|db|db,extended|xml|xml,extendednone不打开审计db_extended打开并记录sql_text和sql_bandxml记录到xml文件xml记录到xml并记录sql_text和sql_band-打开审计并记录sqltextsysORCLaltersystemseta
2、udit_trail=db_extendedscope=spfile;-重启数据库sysORCLshutdownimmediate;sysORCL(128.192.128.1)startupORACLEinstancestarted.TotalSystemGlobalArea1895825408bytesFixedSize2046296bytesVariableSize1157629608bytesDatabaseBuffers721420288bytesRedoBuffers14729216bytes设置对用户的审计sysORCLauditallbyzbtestbyaccess;ZBTEST
3、用户操作测试sysORCLconnzbtest/zbtestConnected.sysORCL)insertintozbtestt1values(1);1rowcreated.ORCLcreatetablezbtestt2(c1number);Tablecreated.sysORCL(128.192.128.1)deletefromzbtestt2;0rowsdeleted.查看是否成功抓取SQLselectusername,sql_textfromdba_audit_trail;USERNAMESQL_TEXT-ZBTESTinsertintozbtestt1values(1)ZBTESTc
4、reatetablezbtestt2(c1number)ZBTESTdeletefromzbtestt2取消对用户的统计noauditallbyzbtest其他功能分析也可以用dbms_fga.add_policy进行更加灵活的审计ORCLconn/assysdbaConnected.execdbms_fga.add_policy(object_schema=ZBTEST,object_name=zbtestt1,policy_name=check_t_audit,statement_types=INSERT,UPDATE,DELETE,SELECT);PL/SQLproceduresucce
5、ssfullycompleted.解释:Object_schema:用户名Object_name:对象名Policy_name:策略名Statemenet_types:对哪种操作进行审计2)对t_audit表增删改查操作一番ORCLconnzbtest/zbtestConnected.secora10gselect*fromzbtestt1;X-2345676rowsselected.ORCLdeletefromzbtestt1wherex=5;1rowdeleted.ORCLupdatet_zbtestt1setx=8wherex=7;1rowupdated.ORCLinsertintot_
6、zbtestt1values(1);1rowcreated.ORCLcommit;Commitcomplete.4)详细查看一下对应的SQL操作,FGA还是很强悍的ORCLcolDB_USERfora10ORCLcolSQL_TEXTfora50ORCLselectdb_user,sql_textfromdba_fga_audit_trail;DB_USERSQL_TEXT-SECselect*fromzbtestt1SECdeletefromzbtestt1wherex=5SECupdatezbtestt1setx=8wherex=7SECinsertintozbtestt1values(1
7、)针对上面添加的审计策略进行调整:disable_policy、enable_policy和drop_policy的方法使策略失效的方法:ORCLexecdbms_fga.disable_policy(object_schema=ZBTEST,object_name=zbtestt1,policy_name=check_t_audit);使策略生效的方法:ORCLexecdbms_fga.enable_policy(object_schema=ZBTEST,object_name=zbtestt1,policy_name=check_t_audit);彻底删除策略的方法:ORCLexecdbms_fga.drop_policy(object_schema=ZBTEST,object_name=zbtestt1,policy_name=check_t_audit);PL/SQLproceduresuccessfullycompleted.-