標準審計

審計是對選定的用戶動作進行監控和記錄，用來監視用戶對oracle數據庫所做的各種操作。

在語句執行階段產生審計記錄。審計記錄包含有審計的時間、審計的對象，用戶執行的操作，操作的結果等信息。審計記錄可存在數據字典表（稱爲審計記錄）或操作系統審計記錄中。數據庫審計記錄均保存在AUD$表中。

SYS用戶默認不被審計，除非AUDIT_SYS_OPERATIONS 參數置爲true.審計結果存放位置由audit_file_dest參數決定。

Oracle安全審計分爲標準審計，精細審計及強制審計。

啓用標準審計

SQL> show parameter audit_trail;

NAME TYPE VALUE

----------------------------------------------- ------------------------------

audit_trail string NONE

SQL> alter system set audit_trail=dbscope=spfile;

System altered.

SQL> selectisses_modifiable,issys_modifiable,ismodified from v$parameter wherename='audit_trail';

ISSES ISSYS_MOD ISMODIFIED

----- --------- ----------

FALSE FALSE FALSE

SQL> shutdown immediate;

Database closed.

Database dismounted.

ORACLE instance shut down.

SQL> startup

ORACLE instance started.

Total System Global Area 549453824 bytes

Fixed Size 1274816 bytes

Variable Size 255855680 bytes

Database Buffers 289406976 bytes

Redo Buffers 2916352 bytes

Database mounted.

Database opened.

SQL> show parameter audit_trail;

NAME TYPE VALUE

----------------------------------------------- ------------------------------

audit_trail string DB

Audit_trail的值：

NONE:禁用審計（默認值）

DB審計記錄存放在數據庫中

OS審計記錄存放在操作系統文件中，AUDIT_FILE_DEST初參指定審計文件存儲的目錄。

設置標準審計

Oracle支持三種標準審計類型：

語句（statement）審計：對某種類型的SQL語句審計，不指定結果或對象，會話連接也屬於語句審計。

權限（privilege）審計：對執行相應動作的系統權限的使用審計。

對象（object）審計：對一特殊模式對象上的指定語句的審計。

Oracle支持的標準審計條件：

審計條件By user

By user對指定用戶進行審計，默認對所有用戶進行審計。

審計條件by session/byaccess

By session對每個session中發生的重複操作只記錄一次。

By access對每個session中發生的每次操作都記錄，而不管是否重複。

審計條件wheneversuccessful/whenever not successful

Whenever successful表示操作成功後才記錄下來。

Whenever not successful 表示操作失敗後才記錄下來。

默認值兩者都記錄

SQL> audit session;

【記錄每個會話連接（不論成功否）】

Audit succeeded.

SQL> audit create table by scott;

【記錄指定用戶的create table操作（不論成功否），注意：可單獨對錶的create,alter 操作進行審計，但若要審計drop操作則需要使用audit table命令。其同時包含有create table,drop table ,truncate table審計】

Audit succeeded.

SQL> audit insert any table by accesswhenever successful;

【記錄在任何表上執行成功的每次insert操作，注意用戶訪問自己的表不會審計，訪問他人表時將被審計（基本對象的審計除外）】

Audit succeeded.

SQL> audit select,delete on scott.emp byaccess whenever not successful;

【記錄在指定對象上執行失敗的每次select/delete操作】

Audit succeeded.

SQL> select * from dba_stmt_audit_opts;

【查看所有有關於語句的審計選項設置，包括create /drop/truncate table等】

USER_NAME PROXY_NAME AUDIT_OPTION SUCCESS FAILURE

---------- ------------------------------ ------------------------------ ----------

CREATE SESSION BY ACCESS BY ACCESS

SCOTT CREATE TABLE BY ACCESS BY ACCESS

INSERT ANY TABLE BY ACCESS NOT SET

SQL> select * from dba_priv_audit_opts;

【查所有關於權限的審計選項設置，包括audit select /insert/delete/update any table 及grant select any table to a,用戶訪問自己的表不會被審計（基於對象的審計除外）】

USER_NAME PROXY PRIVILEGE SUCCESS FAILURE

---------- ----- --------------- ---------- ----------

CREATE SESSION BY ACCESS BY ACCESS

SCOTT CREATE TABLE BY ACCESS BY ACCESS

INSERT ANY TABL BY ACCESS NOT SET

SQL> select * from dba_obj_audit_opts;【查看所有對象上的審計設置，只審計on關鍵字指定對象上發生的相關操作】

OWNER OBJECT_NAME OBJECT_TYPE ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE CRE REA WRI FBK

------------------------------ ----------------------------------------------- ----- ----- ----- ----- ----- ----- ----- ----- ----- ---------- --- ----- ----- ----- ----- -----

SCOTT EMP TABLE -/- -/- -/- -/A -/- -/- -/- -/- -/- -/A -/- -/- -/- -/- -/- -/- -/-

The character “_”indicates that the audit option is not set.

The character “S”indicates that the audit option is set,BY SESSION.

The character “A”indicates that the audit option is set ,by access.

SQL> noaudit all;

【取消所有語句審計】

Noaudit succeeded.

SQL> noaudit all privileges;

【取消所有權限審計（不能針對用戶）】

Noaudit succeeded.

SQL> noaudit all privileges by scott;

【取消所有權限審計（針對用戶）】

Noaudit succeeded.

SQL> noaudit all on scott.emp;

【取消對象審計（針對用戶）】

Noaudit succeeded.

查詢標準審計結果

SQL> select * from sys.aud$;

【列出審計記錄（基表）】

no rows selected

SQL> select * from dba_audit_trail;

【列出所有審計跟蹤條目（上表的視圖）】

no rows selected

SQL> create or replace view yy_audit asselect substr(username,1,8) username,substr(userhost,1,10) host,

2 to_char(timestamp,'yyyy-mm-ddhh:mi:ss') logintime,

3 to_char(logoff_time,'yyyy-mm-ddhh:mi:ss') logofftime,

4 substr(obj_name,1,10)obj,action,returncode from dba_audit_trail;

【自定義審計視圖】

View created.

SQL> select * from audit_actions;

【列出審計動作類型代碼action的含義】

ACTION NAME

---------- ----------------------------

0 UNKNOWN

1 CREATE TABLE

2 INSERT

3 SELECT

4 CREATE CLUSTER

5 ALTER CLUSTER

6 UPDATE

7 DELETE

8 DROP CLUSTER

9 CREATE INDEX

10DROP INDEX

測試標準審計

[oracle@desktop241 ~]$ sqlplus sys/song assysdba

SQL*Plus: Release 10.2.0.5.0 - Productionon Thu Oct 18 11:36:13 2012

Connected to:

Oracle Database 10g Enterprise EditionRelease 10.2.0.5.0 - Production

With the Partitioning, OLAP, Data Miningand Real Application Testing options

SQL> audit session;

【開啓連結（語句）審計】

Audit succeeded.

SQL> select * from dba_stmt_audit_opts;

【查看語句審計設置】

USER_NAME PROXY_NAME

------------------------------------------------------------

AUDIT_OPTION SUCCESS FAILURE

-------------------------------------------------- ----------

CREATE SESSION BY ACCESS BY ACCESS

[oracle@desktop241 ~]$ sqlplus john/john

[oracle@desktop241 ~]$ sqlplus sys/song assysdba

[oracle@desktop241 ~]$ sqlplus john/john123

另開窗口分別以上述4個身份進行登錄：

SQL> select * from yy_audit;

Sys以正確口令登錄，然後查Yy—audit視圖，可見連結未予記錄；

Kitty以錯誤口令登錄，再查，可見連接已記錄

Kitty 以正確口令登錄，再查,可見成功連接已記錄，退出後

SQL> select * from yy_audit;

USERNAME HOST LOGINTIME LOGOFFTIME

---------------- --------------------------------------- -------------------

OBJ ACTION RETURNCODE

-------------------- ---------- ----------

JOHN desktop241 2012-10-18 11:39:36

100 1017

JOHN desktop241 2012-10-18 11:39:59

100 1045

SQL> select * from yy_audit;

【停止連接審計】

SQL> noaudit session;

Noaudit succeeded.

SQL> truncate table aud$;

【清空審計記錄表】

Table truncated.

[oracle@desktop241 ~]$ sqlplus sys/song assysdba

SQL*Plus: Release 10.2.0.5.0 - Productionon Thu Oct 18 11:48:23 2012

Connected to:

Oracle Database 10g Enterprise EditionRelease 10.2.0.5.0 - Production

With the Partitioning, OLAP, Data Miningand Real Application Testing options

SQL> audit create table by kitty;

【開啓語句審計】

Audit succeeded.

SQL> select * from dba_stmt_audit_opts;

【查看語句審計設置】

USER_NAME PROXY_NAME

------------------------------------------------------------

AUDIT_OPTION SUCCESS FAILURE

-------------------------------------------------- ----------

KITTY

CREATE TABLE BY ACCESS BY ACCESS

[oracle@desktop241 ~]$ sqlplus sys/song assysdba

SQL*Plus: Release 10.2.0.5.0 - Productionon Thu Oct 18 11:50:21 2012

Connected to:

Oracle Database 10g Enterprise EditionRelease 10.2.0.5.0 - Production

With the Partitioning, OLAP, Data Miningand Real Application Testing options

SQL> create table t1 (id number);

Table created.

SQL> create table t1 (id number);

create table t1 (id number)

ERROR at line 1:

ORA-00955: name is already used by anexisting object

【SYS用戶登錄後執行兩次建表操作（前次成功後次失敗），再查yy_audit視圖，可見語句未予記錄】

SQL> select * from yy_audit;

no rows selected

[oracle@desktop241 ~]$ sqlpluskitty/kitty123

SQL*Plus: Release 10.2.0.5.0 - Productionon Thu Oct 18 11:53:28 2012

Connected to:

Oracle Database 10g Enterprise EditionRelease 10.2.0.5.0 - Production

With the Partitioning, OLAP, Data Miningand Real Application Testing options

SQL> create table t2(id number);

Table created.

SQL> create table t2(id number);

create table t2(id number)

ERROR at line 1:

ORA-00955: name is already used by anexisting object

【Kitty用戶登錄後執行兩次建表操作（前次成功後次失敗），再查yy_audit視圖，可見兩條語句（不論成功否）已經記錄】

SQL> select * from yy_audit;

USERNAME HOST LOGINTIME LOGOFFTIME

---------------- --------------------------------------- -------------------

OBJ ACTION RETURNCODE

-------------------- ---------- ----------

KITTY desktop241 2012-10-18 11:53:55

T2 1 0

KITTY desktop241 2012-10-18 11:53:56

T2 1 955

[oracle@desktop241 ~]$ sqlplus scott/tiger

SQL*Plus: Release 10.2.0.5.0 - Productionon Thu Oct 18 11:58:05 2012

Connected to:

Oracle Database 10g Enterprise EditionRelease 10.2.0.5.0 - Production

With the Partitioning, OLAP, Data Miningand Real Application Testing options

SQL> create table t3(id number);

Table created.

SQL> create table t3(id number);

create table t3(id number)

ERROR at line 1:

ORA-00955: name is already used by anexisting object

SQL> select * from yy_audit;

USERNAME HOST LOGINTIME LOGOFFTIME

---------------- --------------------------------------- -------------------

OBJ ACTION RETURNCODE

-------------------- ---------- ----------

KITTY desktop241 2012-10-18 11:53:55

T2 1 0

KITTY desktop241 2012-10-18 11:53:56

T2 1 955

【scott用戶登錄後執行兩次建表操作（前次成功後次失敗），再查Yy_audit視圖，可見語句未予記錄】

SQL> noaudit create table by kitty;【停止語句審計】

Noaudit succeeded.

SQL> truncate table aud$;

【清空審計記錄表】

Table truncated.

[oracle@desktop241 ~]$ sqlplus sys/song assysdba

SQL> audit insert any table by accesswhenever successful;

【開啓權限審計】

Audit succeeded.

SQL> select * from dba_priv_audit_opts;

【查看權限審計設置】

USER_NAME PROXY_NAME

------------------------------------------------------------

PRIVILEGE SUCCESS FAILURE

-------------------------------------------------- ----------

INSERT ANY TABLE BY ACCESS NOTSET

[oracle@desktop241 ~]$ sqlplus sys/song assysdba

SQL> insert into kitty.t2 values (111);

1 row created.

SQL> insert into kitty.t2 values ("aaa");

insert into kitty.t2 values ("aaa")

ERROR at line 1:

ORA-00984: column not allowed here

SQL> grant connect,resource,insert anytable to john;

Grant succeeded.

【以sys用戶登錄後執行兩次insert操作（前次成功後次失敗），再查yy_audit視圖，可見語句未予記錄（sys用戶不被審計）】

SQL> select * from yy_audit;

no rows selected

[oracle@desktop241 ~]$ sqlpluskitty/kitty123

SQL> insert into kitty.t2 values (222);

1 row created.

SQL> insert into kitty.t2 values ("bbb");

insert into kitty.t2 values ("bbb")

ERROR at line 1:

ORA-00984: column not allowed here

【Kitty 用戶登錄後執行兩次insert操作（前次成功後次失敗），再查yy_audit視圖，可見語句未予記錄（用戶訪問自己的表不被權限審計規則進行審計）】

[oracle@desktop241 ~]$ sqlplus john/john123

SQL> insert into kitty.t2 values (333);

1 row created.

SQL> insert into kitty.t2 values("ccc");

insert into kitty.t2 values("ccc")

ERROR at line 1:

ORA-00984: column not allowed here

【john用戶登錄後對他人所屬基表執行兩insert操作（前次成功後才失敗），再查yy_audit視圖，可見前一條成功語句已經記錄，而後一條失敗語句未記錄】

SQL> select * from yy_audit;

USERNAME HOST LOGINTIME LOGOFFTIME

---------------- --------------------------------------- -------------------

OBJ ACTION RETURNCODE

-------------------- ---------- ----------

JOHN desktop241 2012-10-18 03:52:54

T2 2 0

SQL> noaudit insert any table;

【停止權限審計】

Noaudit succeeded.

SQL> truncate table aud$;

【清空審計記錄表】

Table truncated.

[oracle@desktop241 ~]$ sqlplus sys/song assysdba

SQL> audit select,delete on kitty.t2 byaccess whenever not successful;

【開啓對象審計】

Audit succeeded.

SQL> select * from dba_obj_audit_opts;

【查看對象審計設置】

OWNER OBJECT_NAME OBJECT_TYPE

------------------------------------------------------------ -----------------

ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE

----- ----- ----- ----- ----- ----- ---------- ----- ----- ----- --- -----

CRE REA WRI FBK

----- ----- ----- -----

KITTY T2 TABLE

-/- -/- -/- -/A -/- -/- -/- -/- -/- -/A -/- -/- -/-

-/- -/- -/- -/-

[oracle@desktop241 ~]$ sqlplus sys/song assysdba

SQL> delete from kitty.t2 where id=111;

1 row deleted.

SQL> delete from kitty.t2 where id=kkk;

delete from kitty.t2 where id=kkk

ERROR at line 1:

ORA-00904: "KKK": invalididentifier

【以sys用戶登錄後執行兩次delete操作（前次成功後次失敗），再查yy_audit視圖，可見語句未予記錄】

SQL> select * from yy_audit;

no rows selected

[oracle@desktop241 ~]$ sqlpluskitty/kitty123【kitty用戶登錄後執行測試操作】

SQL> select * from t2 where id=222;

【查詢成功，未記錄】

----------

222

SQL> delete from t2 where id=222;

【刪除成功，查未記錄】

1 row deleted.

SQL> select * from t2 where id=kkk;

select * from t2 where id=kkk【查詢失敗，查yy_audit已記錄】

ERROR at line 1:

ORA-00904: "KKK": invalididentifier

SQL> delete from t2 where id=kkk;

delete from t2 where id=kkk

*【刪除失敗，查yy_audit已記錄】

ERROR at line 1:

ORA-00903: invalid table name

SQL> select * from t0l

2 ;【查詢失敗，未記錄（因非指定對象）】

select * from t0l

ERROR at line 1:

ORA-00942: table or view does not exist

SQL> delete from table t0;

delete from table t0

*【查詢失敗，未記錄（因非指定對象）】

ERROR at line 1:

ORA-00903: invalid table name

SQL> select * from yy_audit;

USERNAME HOST LOGINTIME LOGOFFTIME

---------------- --------------------------------------- -------------------

OBJ ACTION RETURNCODE

-------------------- ---------- ----------

KITTY desktop241 2012-10-18 04:07:05

T2 3 904

KITTY desktop241 2012-10-18 04:09:36

T2 7 904

[oracle@desktop241 ~]$ sqlplus john/john123

SQL> delete from kitty.t2 where id=333;

delete from kitty.t2 where id=333

ERROR at line 1:

ORA-01031: insufficient privileges

SQL> select * from yy_audit;

USERNAME HOST LOGINTIME LOGOFFTIME

---------------- --------------------------------------- -------------------

OBJ ACTION RETURNCODE

-------------------- ---------- ----------

KITTY desktop241 2012-10-18 04:07:05

T2 3 904

KITTY desktop241 2012-10-18 04:09:36

T2 7 904

JOHN desktop241 2012-10-18 04:14:51

T2 7 2004

USERNAME HOST LOGINTIME LOGOFFTIME

---------------- --------------------------------------- -------------------

OBJ ACTION RETURNCODE

-------------------- ---------- ----------

JOHN desktop241 2012-10-18 04:15:11

T2 3 2004

JOHN desktop241 2012-10-18 04:16:28

T2 7 2004

SCOTT desktop241 2012-10-18 04:17:45

T2 7 2004

6 rows selected.

【john 用戶登錄後執行兩次delete操作（前次成功後次失敗），再查yy_audit視圖，可見語句未記錄】

SQL> select * from audit_actions;

ACTION NAME

---------- ----------------------------

0 UNKNOWN

1 CREATE TABLE

2 INSERT

3 SELECT

4 CREATE CLUSTER

5 ALTER CLUSTER

6 UPDATE

7 DELETE

8 DROP CLUSTER

9 CREATE INDEX

10DROP INDEX

ACTION NAME

---------- ----------------------------

11ALTER INDEX

12 DROP TABLE

13CREATE SEQUENCE

14ALTER SEQUENCE

15ALTER TABLE

16DROP SEQUENCE

17GRANT OBJECT

18REVOKE OBJECT

19CREATE SYNONYM

20DROP SYNONYM

21CREATE VIEW

ACTION NAME

---------- ----------------------------

22DROP VIEW

23VALIDATE INDEX

24CREATE PROCEDURE

25ALTER PROCEDURE

26LOCK

27NO-OP

28RENAME

29COMMENT

30AUDIT OBJECT

31NOAUDIT OBJECT

32CREATE DATABASE LINK

ACTION NAME

---------- ----------------------------

33DROP DATABASE LINK

34CREATE DATABASE

35ALTER DATABASE

36CREATE ROLLBACK SEG

37ALTER ROLLBACK SEG

38DROP ROLLBACK SEG

39CREATE TABLESPACE

40ALTER TABLESPACE

41DROP TABLESPACE

42ALTER SESSION

43ALTER USER

ACTION NAME

---------- ----------------------------

44 COMMIT

45ROLLBACK

46SAVEPOINT

47PL/SQL EXECUTE

48SET TRANSACTION

49ALTER SYSTEM

50EXPLAIN

51CREATE USER

52CREATE ROLE

53DROP USER

54DROP ROLE

ACTION NAME

---------- ----------------------------

55SET ROLE

56CREATE SCHEMA

57CREATE CONTROL FILE

59CREATE TRIGGER

60ALTER TRIGGER

61DROP TRIGGER

62ANALYZE TABLE

63ANALYZE INDEX

64ANALYZE CLUSTER

65CREATE PROFILE

66DROP PROFILE

ACTION NAME

---------- ----------------------------

67ALTER PROFILE

68DROP PROCEDURE

70ALTER RESOURCE COST

71CREATE MATERIALIZED VIEW LOG

72ALTER MATERIALIZED VIEW LOG

73DROP MATERIALIZED VIEW LOG

74CREATE MATERIALIZED VIEW

75ALTER MATERIALIZED VIEW

76DROP MATERIALIZED VIEW

77CREATE TYPE

78DROP TYPE

ACTION NAME

---------- ----------------------------

79ALTER ROLE

80ALTER TYPE

81CREATE TYPE BODY

82ALTER TYPE BODY

83DROP TYPE BODY

84DROP LIBRARY

85TRUNCATE TABLE

86TRUNCATE CLUSTER

91CREATE FUNCTION

92ALTER FUNCTION

93DROP FUNCTION

ACTION NAME

---------- ----------------------------

94CREATE PACKAGE

95ALTER PACKAGE

96DROP PACKAGE

97CREATE PACKAGE BODY

98ALTER PACKAGE BODY

99DROP PACKAGE BODY

100 LOGON

101 LOGOFF

102 LOGOFF BY CLEANUP

103 SESSION REC

104 SYSTEM AUDIT

ACTION NAME

---------- ----------------------------

105 SYSTEM NOAUDIT

106 AUDIT DEFAULT

107 NOAUDIT DEFAULT

108 SYSTEM GRANT

109 SYSTEM REVOKE

110 CREATE PUBLIC SYNONYM

111 DROP PUBLIC SYNONYM

112 CREATE PUBLIC DATABASE LINK

113 DROP PUBLIC DATABASE LINK

114 GRANT ROLE

115 REVOKE ROLE

ACTION NAME

---------- ----------------------------

116 EXECUTE PROCEDURE

117 USER COMMENT

118 ENABLE TRIGGER

119 DISABLE TRIGGER

120 ENABLE ALL TRIGGERS

121 DISABLE ALL TRIGGERS

122 NETWORK ERROR

123 EXECUTE TYPE

128 FLASHBACK

129 CREATE SESSION

157 CREATE DIRECTORY

ACTION NAME

---------- ----------------------------

158 DROP DIRECTORY

159 CREATE LIBRARY

160 CREATE JAVA

161 ALTER JAVA

162 DROP JAVA

163 CREATE OPERATOR

164 CREATE INDEXTYPE

165 DROP INDEXTYPE

167 DROP OPERATOR

168 ASSOCIATE STATISTICS

169 DISASSOCIATE STATISTICS

ACTION NAME

---------- ----------------------------

170 CALL METHOD

171 CREATE SUMMARY

172 ALTER SUMMARY

173 DROP SUMMARY

174 CREATE DIMENSION

175 ALTER DIMENSION

176 DROP DIMENSION

177 CREATE CONTEXT

178 DROP CONTEXT

179 ALTER OUTLINE

180 CREATE OUTLINE

ACTION NAME

---------- ----------------------------

181 DROP OUTLINE

182 UPDATE INDEXES

183 ALTER OPERATOR

197 PURGE USER_RECYCLEBIN

198 PURGE DBA_RECYCLEBIN

199 PURGE TABLESAPCE

200 PURGE TABLE

201 PURGE INDEX

202 UNDROP OBJECT

204 FLASHBACK DATABASE

205 FLASHBACK TABLE

ACTION NAME

---------- ----------------------------

206 CREATE RESTORE POINT

207 DROP RESTORE POINT

208 PROXY AUTHENTICATION ONLY

209 DECLARE REWRITE EQUIVALENCE

210 ALTER REWRITE EQUIVALENCE

211 DROP REWRITE EQUIVALENCE

160 rows selected.

標準審計

標準審計

啓用標準審計

設置標準審計

Oracle支持的標準審計條件：

查詢標準審計結果

測試標準審計

OCP-1Z0-052-V8.02-50題

關於OCP

寫下感受--阿里

標準審計

OCP 052 -PLSQL

Mac下配置sublime實現LaTeX

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結