在我們日常的工作中,一些安全性的要求高的數據庫需要增加審計操作,哪個用戶什麼時間做了什麼操作。
1.打開數據庫的審計
alter system set audit_sys_operations=TRUE scope=spfile; //審計管理用戶
alter system set audit_trail=db,extended scope=spfile; //將sql語句寫入審計表中2.對數據庫重啓並查看
重啓數據庫
shutdown immediate;
startup;
show parameter audit;3.增加審計策略
我們需要對數據庫的caiwu用戶的所有操作進行審計
// 審計用戶caiwu所有成功的操作
audit all by caiwu by access whenever successful;或者
//針對用戶的審計(未執行成功的也審計)
audit select table by caiwu by access; //查表審計
audit update table by caiwu by access; //更新審計
audit delete table by caiwu by access; //刪除審計
audit insert table by caiwu by access; //插入審計//針對某表的更新、刪除審計(錯誤也審計)
AUDIT UPDATE,DELETE,INSERT ON T_TEST by access; //保護審計
audit all on sys.aud$ by access;4.取消審計
NOAUDIT UPDATE,DELETE,INSERT ON T_TEST by access; 5.查詢審計結果
select OS_USERNAME,username,USERHOST,TERMINAL,TIMESTAMP,OWNER,obj_name,ACTION_NAME,sessionid,os_process,sql_text from dba_audit_trail;6.將審計表查詢開放給某個用戶grant select on dba_audit_trail to caiwu;
7.清空審計記錄DELETE FROM SYS.AUD$;