标签:基本 lse 内容 data roc inux sel app object
环境: Linux 6.4 + Oracle 10.2.0.4 1. Oracle 10g 审计功能 2. 对数据库监听器的关闭和启动设置密码 1. Oracle 10g 审计功能 Oracle 10g审计功能默认是关闭的。 需要注意开启审计功能必然会额外消耗一部分数据库性能,开启审计需要重启数据库生效。 具体的审计策略则需要根据项目实际要求自行配置。 1.1 查看audit相关参数 --查看audit相关参数 set linesize 200 show parameter audit --结果如下 NAME TYPE VALUE ------------------------------------ -------------------------------- ------------------------------ audit_file_dest string /opt/app/oracle/admin/vas/adum p audit_sys_operations boolean FALSE audit_syslog_level string audit_trail string NONE 1.2 开启审计 --开启审计 alter system set audit_sys_operations=TRUE scope=spfile; alter system set audit_trail=db,extended scope=spfile; --重启库生效 shutdown immediate startup --最后再次查看确定审计已开启 SQL> show parameter audit NAME TYPE VALUE ------------------------------------ -------------------------------- ------------------------------ audit_file_dest string /opt/app/oracle/admin/vas/adum p audit_sys_operations boolean TRUE audit_syslog_level string audit_trail string DB, EXTENDED 1.3 配置审计策略 --查看审计策略 select * from DBA_STMT_AUDIT_OPTS; --配置审计策略(参考11g默认开启的审计选项设置如下基本审计内容) AUDIT ALTER ANY PROCEDURE ; AUDIT ALTER ANY TABLE ; AUDIT ALTER DATABASE ; AUDIT ALTER PROFILE ; AUDIT ALTER SYSTEM ; AUDIT ALTER USER ; AUDIT CREATE ANY JOB ; AUDIT CREATE ANY LIBRARY ; AUDIT CREATE ANY PROCEDURE ; AUDIT CREATE ANY TABLE ; AUDIT CREATE EXTERNAL JOB ; AUDIT CREATE PUBLIC DATABASE LINK ; AUDIT CREATE SESSION ; AUDIT CREATE USER ; AUDIT DATABASE LINK ; AUDIT DIRECTORY ; AUDIT DROP ANY PROCEDURE ; AUDIT DROP ANY TABLE ; AUDIT DROP PROFILE ; AUDIT DROP USER ; AUDIT EXEMPT ACCESS POLICY ; AUDIT GRANT ANY OBJECT PRIVILEGE ; AUDIT GRANT ANY PRIVILEGE ; AUDIT GRANT ANY ROLE ; AUDIT PROFILE ; AUDIT PUBLIC SYNONYM ; AUDIT ROLE ; AUDIT SYSTEM AUDIT ; AUDIT SYSTEM GRANT ; --其他特殊需求的审计策略 ----审计对业务用户JINGYU下的核心表T1数据的删除,更新和插入操作 AUDIT DELETE,UPDATE,INSERT ON JINGYU.T1; ----审计核心表T2(包括查询) AUDIT ALL ON JINGYU.T2; ----审计核心表T2,每一次都生成一行审计记录 AUDIT ALL ON JINGYU.T2 BY ACCESS; ----取消特殊需求的审计策略 NOAUDIT DELETE,UPDATE,INSERT ON JINGYU.T1; NOAUDIT ALL ON JINGYU.T2; --取消审计策略 NOAUDIT ALTER ANY PROCEDURE ; NOAUDIT ALTER ANY TABLE ; NOAUDIT ALTER DATABASE ; NOAUDIT ALTER PROFILE ; NOAUDIT ALTER SYSTEM ; NOAUDIT ALTER USER ; NOAUDIT CREATE ANY JOB ; NOAUDIT CREATE ANY LIBRARY ; NOAUDIT CREATE ANY PROCEDURE ; NOAUDIT CREATE ANY TABLE ; NOAUDIT CREATE EXTERNAL JOB ; NOAUDIT CREATE PUBLIC DATABASE LINK ; NOAUDIT CREATE SESSION ; NOAUDIT CREATE USER ; NOAUDIT DATABASE LINK ; NOAUDIT DIRECTORY ; NOAUDIT DROP ANY PROCEDURE ; NOAUDIT DROP ANY TABLE ; NOAUDIT DROP PROFILE ; NOAUDIT DROP USER ; NOAUDIT EXEMPT ACCESS POLICY ; NOAUDIT GRANT ANY OBJECT PRIVILEGE ; NOAUDIT GRANT ANY PRIVILEGE ; NOAUDIT GRANT ANY ROLE ; NOAUDIT PROFILE ; NOAUDIT PUBLIC SYNONYM ; NOAUDIT ROLE ; NOAUDIT SYSTEM AUDIT ; NOAUDIT SYSTEM GRANT ; --再次查看审计策略 select * from DBA_STMT_AUDIT_OPTS; 1.4 查看审计日志 --查看审计日志 select * from DBA_AUDIT_TRAIL; 1.5 关闭审计 --关闭审计 alter system set audit_trail=none scope=spfile; alter system set audit_sys_operations=false scope=spfile; --重启库生效 shutdown immediate startup --最后确定审计已关闭 SQL> show parameter audit NAME TYPE VALUE ------------------------------------ -------------------------------- ------------------------------ audit_file_dest string /opt/app/oracle/admin/vas/adum p audit_sys_operations boolean FALSE audit_syslog_level string audit_trail string NONE
标签:基本 lse 内容 data roc inux sel app object
原文地址:https://www.cnblogs.com/chendian0/p/10600968.html