針對SYSDBA的審計,Oracle提供了三種技術:
1、數據庫審計用戶的使用的特權,執行的命令和訪問的表,以及登錄狀態
2、使用數據庫觸發器對發起基於值的審計;
3、細粒度審計可以追蹤到對錶中哪些行進行了訪問;
當初始化參數文件AUDIT_SYS_OPERATIONS被設置爲true時,SYSDBA和SYSOPER執行的語句將被記錄到操作系統的審計文件中;
標準審計
在進行數據庫審計前 AUDIT_TRAIL初始化參數文件需要被設置:
- NONE:不執行審計
- OS:審計文件被寫入到操作系統中——the Application Log on windws, or the AUDIT_FILE_DEST directory on Uinx
- DB:審計文件被寫入到數據庫的數據字典表中:SYS.AUD$
- DB_EXTENDED
- XML
- XML_EXXTENDED
例:
audit create any trigger; --審計所有創建觸發器的操作
auditselect any table by session;
audit insert on scott.emp whenever successful;--還有一個選項是WHENEVER NOT SUCCESSFUL;
audit allon scott.emp;
audit session whenever not successful;--對用戶登錄進行審計;
--查看系統產生的審計信息
select * fromdba_audit_trail;
其他產生的審計信息的視圖還包括:
DBA_AUDIT_OBJECT,DBA_AUDIT_STATEMENT, DBA_AUDIT_SESSION
使用觸發器來對值進行審計
A database trigger is a block of PL/SQL code that wil runautomaitcally whenever in INSERT, UPDATE, OR DELETE is executed against a table.
例:
CREATE ORREPLACE TRIGGER system.creditrating_audit
AFTERUPDAT OF creditrating
ON scott.customers
REFERENCINGNEW AS NEW OLD AS OLD
FOR EACHROW
BEGIN
IF :old.creditrationg!= :new.creditrating THEN
INSERT INTO system.creditrating_audit
VALUES(sys_context('userenv','os_user'),
sys_context('userenv','ip_address'),
:new.customer_id || 'credit rating changed from' || :old.creditrating ||' to ' || :new.creditrating);
END IF;
END;
/
細粒度審計Fine-Grained Auditing(FGA)
FGA isconfigured with the package DBMS_FGA
sql>execute dbms_fga.add_policy(-
object_schema=>'HR',-
object_name=>'EMPLOYEES',-
policy_name=>'POL1',-
audit_condition=>'department_id=80',-
audit_column=>'SALARY');
DBA_AUDIT_TRIALis used for standard database auditing;
DBA_FGA_AUDIT_TRAIL:is used for fine-grained auditing;
DBA_COMMON_AUDIT_TRAIL:is used for both;
To seethe results of auditing with triggers, you must create your own views thataddress your own tables;