Oracle 11g数据库默认审计选项说明详解
在Oracle 11g中默认启用审计选项,AUDIT_TRAIL参数的缺省值为DB,而在Oracle 10g中该参数默认值为none,即不启用审计。审计数据默认存放SYSTEM 表空间下的AUD$审计字典基表上。Oracle官方宣称默认启用的审计日志不会对绝大多数产品数据库的性能带来过大的负面影响,同时Oracle公司还推荐使用基于OS文件的审计日志记录方式(OS audit trail files)。
创新互联是一家专注于成都网站设计、成都网站制作与策划设计,高安网站建设哪家好?创新互联做网站,专注于网站建设10多年,网设计领域的专业建站公司;建站业务涵盖:高安等地区。高安做网站价格咨询:028-86922220
注意在Oracle11g中CREATE SESSION将被作为受审计的权限来被记录,因此当SYSTEM表空间因磁盘空间而无法扩展时将导致这部分审计记录无法生成,这将最终导致普通用户的新会话将无法正常创建,普通用户将无法登陆数据库。在这种场景中仍可以使用SYSDBA身份的用户创建会话,在将审计数据合适备份后删除一部分记录,或者干脆TRUNCATE AUD$都可以解决上述问题。
当AUDIT_TRAIL设置为OS时,审计记录文件将在AUDIT_FILE_DEST参数所指定的目录中生成。全部这些文件均可以随时被删除或复制。
注意在默认情况下会以AUTOEXTEND ON自动扩展选项创建SYSTEM表空间,因此系统表空间在必要情况下还是会自动增长的,我们所需注意的是磁盘上的剩余空间是否能够满足其增长需求,以及数据文件扩展的上限,对于普通的8k smallfile表空间而言单个数据文件的最大尺寸是32G。
- SQL> select * from v$version whererownum=1;
- BANNER
- --------------------------------------------------------------------------------
- Oracle Database 11g Enterprise EditionRelease 11.2.0.1.0 - Production
以下权限将对所有用户审计:
- DBA_PRIV_AUDIT_OPTS describescurrent system privileges being audited across the system and by user.
- SQL> select privilege,success,failurefrom dba_priv_audit_opts;
- PRIVILEGE SUCCESS FAILURE
- -------------------------------------------------- ----------
- CREATE EXTERNAL JOB BY ACCESS BY ACCESS
- CREATE ANY JOB BY ACCESS BY ACCESS
- GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS
- EXEMPT ACCESS POLICY BY ACCESS BY ACCESS
- CREATE ANY LIBRARY BY ACCESS BY ACCESS
- GRANT ANY PRIVILEGE BY ACCESS BY ACCESS
- DROP PROFILE BY ACCESS BY ACCESS
- ALTER PROFILE BY ACCESS BY ACCESS
- DROP ANY PROCEDURE BY ACCESS BY ACCESS
- ALTER ANY PROCEDURE BY ACCESS BY ACCESS
- CREATE ANY PROCEDURE BY ACCESS BY ACCESS
- PRIVILEGE SUCCESS FAILURE
- -------------------------------------------------- ----------
- ALTER DATABASE BY ACCESS BY ACCESS
- GRANT ANY ROLE BY ACCESS BY ACCESS
- CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS
- DROP ANY TABLE BY ACCESS BY ACCESS
- ALTER ANY TABLE BY ACCESS BY ACCESS
- CREATE ANY TABLE BY ACCESS BY ACCESS
- DROP USER BY ACCESS BY ACCESS
- ALTER USER BY ACCESS BY ACCESS
- CREATE USER BY ACCESS BY ACCESS
- CREATE SESSION BY ACCESS BY ACCESS
- AUDIT SYSTEM BY ACCESS BY ACCESS
- PRIVILEGE SUCCESS FAILURE
- -------------------------------------------------- ----------
- ALTER SYSTEM BY ACCESS BY ACCESS
- 23 rows selected.
- SQL>
以下语句也将对所有用户审计:
- DBA_STMT_AUDIT_OPTS describescurrent system auditing options across the system and by user.
- SQL> select audit_option,success,failurefrom dba_stmt_audit_opts;
- AUDIT_OPTION SUCCESS FAILURE
- -------------------------------------------------- ----------
- ALTER SYSTEM BY ACCESS BY ACCESS
- SYSTEM AUDIT BY ACCESS BY ACCESS
- CREATE SESSION BY ACCESS BY ACCESS
- CREATE USER BY ACCESS BY ACCESS
- ALTER USER BY ACCESS BY ACCESS
- DROP USER BY ACCESS BY ACCESS
- PUBLIC SYNONYM BY ACCESS BY ACCESS
- DATABASE LINK BY ACCESS BY ACCESS
- ROLE BYACCESS BY ACCESS
- PROFILE BYACCESS BY ACCESS
- CREATE ANY TABLE BY ACCESS BY ACCESS
- AUDIT_OPTION SUCCESS FAILURE
- -------------------------------------------------- ----------
- ALTER ANY TABLE BY ACCESS BY ACCESS
- DROP ANY TABLE BY ACCESS BY ACCESS
- CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS
- GRANT ANY ROLE BY ACCESS BY ACCESS
- SYSTEM GRANT BY ACCESS BY ACCESS
- ALTER DATABASE BY ACCESS BY ACCESS
- CREATE ANY PROCEDURE BY ACCESS BY ACCESS
- ALTER ANY PROCEDURE BY ACCESS BY ACCESS
- DROP ANY PROCEDURE BY ACCESS BY ACCESS
- ALTER PROFILE BY ACCESS BY ACCESS
- DROP PROFILE BY ACCESS BY ACCESS
- AUDIT_OPTION SUCCESS FAILURE
- -------------------------------------------------- ----------
- GRANT ANY PRIVILEGE BY ACCESS BY ACCESS
- CREATE ANY LIBRARY BY ACCESS BY ACCESS
- EXEMPT ACCESS POLICY BY ACCESS BY ACCESS
- GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS
- CREATE ANY JOB BY ACCESS BY ACCESS
- CREATE EXTERNAL JOB BY ACCESS BY ACCESS
- 28 rows selected.
查询当前数据库中的现有的审计记录:
- DBA_AUDIT_TRAIL displaysall standard audit trail entries.
- SQL> select action_name,count(*) from dba_audit_trail group by action_name;
- ACTION_NAME COUNT(*)
- ---------------------------- ----------
- SYSTEM REVOKE 1
- LOGON 90
- DROP DATABASE LINK 5
- LOGOFF 59
- ALTER SYSTEM 5
- CREATE PUBLIC SYNONYM 2
- ALTER DATABASE 3
- DROP PUBLIC SYNONYM 2
- CREATE DATABASE LINK 5
- 9 rows selected.
关于Oracle 11g数据库默认审计选项说明的相关知识就介绍到这里了,希望本次的介绍能够对您有所帮助。
【编辑推荐】
- SQL Server日期时间格式转换字符串详解
- SQL Server数据库流水号的使用方法详解
- 初学SQL Server存储过程调用的代码示例
- SQL Server 2005数据库排序的SQL实例解析
- SQL Server 2008 MDX学习笔记之理解元数组
网页标题:Oracle 11g数据库默认审计选项说明详解
浏览路径:http://www.csdahua.cn/qtweb/news21/157271.html
网站建设、网络推广公司-快上网,是专注品牌与效果的网站制作,网络营销seo公司;服务项目有等
声明:本网站发布的内容(图片、视频和文字)以用户投稿、用户转载内容为主,如果涉及侵权请尽快告知,我们将会在第一时间删除。文章观点不代表本网站立场,如需处理请联系客服。电话:028-86922220;邮箱:631063699@qq.com。内容未经允许不得转载,或转载时需注明来源: 快上网
- Linux下复制文件名的技巧(linux复制文件名)
- 8个超实用的Java测试工具和框架
- server服务器怎么重置密码?(服务器账号修改密码)
- tl-er3229g企业级路由器怎么设置双网合一?(堆叠网关设置,如何设置网关)
- Linux服务器:如何安全清理内存(linux服务器内存清理)
- 如何在Ubuntu和Debian中安装OpenJDKJava9/8
- 创新互联JSON教程:直接在JS里创建JSON数据然后遍历使用
- Redis超时失效快速提高使用效率(redis超时失效设置)
- 解析混合云的优缺点
- 精通Redis源码从入门到编写(redis 源码编写)
- Redis读写不安全安全千万不可忽视(redis读写不安全)
- 创新互联Python教程:Python如何实现条件变量同步
- Scratch轻松读取数据库(scratch读取数据库)
- 云服务器运维常见故障怎么处理
- 天选四开机后的基本设置?windows夏令时