ORACLE审计初步入门
来源:互联网 发布:漫画人物制作软件 编辑:程序博客网 时间:2024/05/17 06:37
【转自】http://space.itpub.net/9240380/viewspace-614029
1,术语简解
dbms_fga包是oracle本身自具功能强大的pl/sql包,实现表级各种select,insert ,delete,update操作的日志记录
dbms_fga包适用于oracle cbo优化器模型.(注:从oracle 9i后,oracle默认就是采用cbo优化器模型,rbo模型基本已经f废弃)
Dbms_fga包含以下函数:
Summary of DBMS_FGA Subprograms
Table 40-1DBMS_FGA Package Subprograms
Subprogram
Description
ADD_POLICY Procedure
Creates an audit policy using the supplied predicate as the audit condition
DISABLE_POLICY Procedure
Disables an audit policy
DROP_POLICY Procedure
Drops an audit policy
ENABLE_POLICY Procedure
Enables an audit policy
2,实施步骤
a,添加一个审计策略
Sqlplus ‘/as sysdba’
SQL>exec dbms_fga.add_policy(object_schema=>'zxy',
object_name=>'mv',
policy_name=>'mypolicy1',
statement_types=>'select,insert,update,delete');
PL/SQL procedure successfully completed.
测试审计功能
SQL> conn zxy/system
Connected.
SQL> select * from mv;
no rows selected
SQL> conn /as sysdba
Connected.
SQL> select timestamp,db_user,os_user,sql_text from dba_fga_audit_trail;
TIMESTAMP DB_USER OS_USER SQL_TEXT
--------------- ---------------- ------------------------------ -------------------------------------------
03-SEP-09 ZXY ora10g select * from mv
SQL> conn zxy/system
Connected.
SQL> insert into mv values(1);
1 row created.
SQL> commit;
Commit complete.
SQL> conn /as sysdba
Connected.
SQL> select timestamp,db_user,os_user,sql_text from dba_fga_audit_trail;
TIMESTAMP DB_USER OS_USER SQL_TEXT
-------------- ---------------- ------------------------- -----------------------------------------------------------
03-SEP-09 ZXY ora10g select * from mv
03-SEP-09 ZXY ora10g insert into mv values(1)
b,禁用申计策略
SQL>exec dbms_fga.disable_policy(object_schema=>'zxy',
object_name=>'mv',
policy_name=>'mypolicy1');
PL/SQL procedure successfully completed.
测试审计功能
SQL> conn zxy/system
Connected.
SQL> delete from mv;
1 row deleted.
SQL> commit;
Commit complete.
SQL> select timestamp,db_user,os_user,sql_text from dba_fga_audit_trail; --注:delete的操作日志未被申计记录
TIMESTAMP DB_USER OS_USER SQL_TEXT
-------------- ------------------ -------------------------- -----------------------------------------------------------------
03-SEP-09 ZXY ora10g select * from mv
03-SEP-09 ZXY ora10g insert into mv values(1)
SQL> conn zxy/system
Connected.
SQL> insert into mv values(1);
1 row created.
SQL> insert into mv values(2);
1 row created.
SQL> commit;
Commit complete.
SQL>conn /as sysdba
SQL> select timestamp,db_user,os_user,sql_text from dba_fga_audit_trail;
注:以上两句insert未被申计记录
TIMESTAMP DB_USER OS_USER SQL_TEXT
-------------- ---------------------- ------------------------ --------------------------------------------------------
03-SEP-09 ZXY ora10g select * from mv
03-SEP-09 ZXY ora10g insert into mv values(1)
c,启用申计策略
SQL>exec dbms_fga.enable_policy(object_schema=>'zxy',
object_name=>'mv',
policy_name=>'mypolicy1');
PL/SQL procedure successfully completed.
测试审计功能
SQL> delete from mv where a=2; --此delete已被申计记录
1 row deleted.
SQL> commit;
Commit complete.
SQL> select timestamp,db_user,os_user,sql_text from dba_fga_audit_trail;
TIMESTAMP DB_USER OS_USER SQL_TEXT
-------------- ---------------------- ------------------------ --------------------------------------------------------
03-SEP-09 ZXY ora10g delete from mv where a=2
SQL> select * from mv;
A
----------
1
select timestamp,db_user,os_user,sql_text from dba_fga_audit_trail;
03-SEP-09 ZXY
ora10g
select * from mv
TIMESTAMP DB_USER
--------- ------------------------------
OS_USER
--------------------------------------------------------------------------------
SQL_TEXT
--------------------------------------------------------------------------------
TIMESTAMP DB_USER OS_USER SQL_TEXT
-------------- ---------------------- ------------------------ --------------------------------------------------------
03-SEP-09 ZXY ora10g insert into mv values(1)
03-SEP-09 ZXY ora10g delete from mv where a=2
03-SEP-09 ZXY ora10g select * from mv
03-SEP-09 ZXY ora10g select * from mv
03-SEP-09 ZXY ora10g select * from mv
03-SEP-09 ZXY ora10g
d,删除申计策略
SQL>exec dbms_fga.drop_policy(object_schema=>'zxy',
object_name=>'mv',
policy_name=>'mypolicy1');
PL/SQL procedure successfully completed.
测试申计功能
SQL> insert into mv values(9);
1 row created.
SQL> delete from mv where a=9;
1 row deleted.
SQL> commit;
Commit complete.
SQL> select timestamp,db_user,os_user,sql_text from dba_fga_audit_trail; --以上insert及delete语句的操作未被申计记录
TIMESTAMP DB_USER OS_USER SQL_TEXT
-------------- ---------------------- ------------------------ --------------------------------------------------------
03-SEP-09 ZXY ora10g delete from mv where a=2
03-SEP-09 ZXY ora10g select * from mv
03-SEP-09 ZXY ora10g select * from mv
03-SEP-09 ZXY ora10g select * from mv
03-SEP-09 ZXY ora10g insert into mv values(1)
SQL> select * from mv;
A
----------
1
SQL> select timestamp,db_user,os_user,sql_text from dba_fga_audit_trail; --以上select的操作未被申请记录
TIMESTAMP DB_USER OS_USER SQL_TEXT
-------------- ---------------------- ------------------------ --------------------------------------------------------
03-SEP-09 ZXY ora10g delete from mv where a=2
03-SEP-09 ZXY ora10g select * from mv
03-SEP-09 ZXY ora10g select * from mv
03-SEP-09 ZXY ora10g select * from mv
03-SEP-09 ZXY ora10g insert into mv values(1)
- ORACLE审计初步入门
- Oracle 细粒度审计(FGA)初步
- Oracle Audit 审计功能-入门基础
- oracle 审计
- oracle审计
- ORACLE审计
- oracle审计
- Oracle 审计
- ORACLE审计
- Oracle审计
- oracle 审计
- ORACLE审计
- ORACLE审计
- oracle审计
- oracle审计
- oracle审计
- iOS安全审计入门
- oracle 数据库审计
- 会计造假与审计对策(转)
- 如何识别企业会计造假(转)
- showDialog
- OpenCV使用简单举例-图像显示
- [練]UML設計_Class Diagram
- ORACLE审计初步入门
- 判断字符串是不是回文
- 看到一篇好文
- cmake使用总结(二)---工程目录下子目录CMakeLists文件编写
- linux tc介绍
- php 如何获得url参数中具有&的值
- 不要抱怨网速慢
- joomla初始接触
- C字符串分割
