Oracle审计sys操作记录到操作系统系统日志中
来源:互联网 发布:神机妙算软件安装包 编辑:程序博客网 时间:2024/05/22 16:44
此次以Linux系统为例!
1、查看当前数据库版本及状态信息
SQL> select * from v$version;BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
PL/SQL Release 11.2.0.4.0 - Production
CORE 11.2.0.4.0 Production
TNS for Linux: Version 11.2.0.4.0 - Production
NLSRTL Version 11.2.0.4.0 - Production
SQL> select dbid,name,open_mode from v$database;
DBID NAME OPEN_MODE
---------- --------- --------------------
1435632369 ORCL READ WRITE
2、检查audit默认设置
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /u01/app/oracle/admin/orcl/adu
mp
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB
3、修改如下参数,将sys操作记入/var/log/message中
SQL> alter system set audit_syslog_level='USER.NOTICE' scope=spfile;
System altered.
SQL> alter system set audit_sys_operations=TRUE scope=spfile;
System altered.
SQL> alter system set audit_trail=none scope=spfile;
System altered.SQL> startup force ---生产环境中严禁此操作(强烈建议使用shundown immediate--startup)
ORACLE instance started.
Total System Global Area 413372416 bytes
Fixed Size 2253784 bytes
Variable Size 327158824 bytes
Database Buffers 79691776 bytes
Redo Buffers 4268032 bytes
Database mounted.
Database opened.
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /u01/app/oracle/admin/orcl/adu
mp
audit_sys_operations boolean TRUE
audit_syslog_level string USER.NOTICE
audit_trail string NONE
ID
----------
2
1
3
4、测试结果如下
(1)在服务器上执行select * from test.t1;查询,/var/log/message日志记录如下:
Apr 21 15:41:54 db Oracle Audit[7156]: LENGTH : '174' ACTION :[21] 'select * from test.t1' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[5] 'pts/0' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:42:32 db Oracle Audit[7264]: LENGTH : '159' ACTION :[7] 'CONNECT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[5] 'pts/2' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:42:32 db Oracle Audit[7264]: LENGTH : '158' ACTION :[6] 'COMMIT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[5] 'pts/2' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:42:32 db Oracle Audit[7264]: LENGTH : '158' ACTION :[6] 'COMMIT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[5] 'pts/2' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:42:35 db Oracle Audit[7264]: LENGTH : '174' ACTION :[21] 'alter system register' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle' CLIENT TERMINAL:[5] 'pts/2' STATUS:[1] '0' DBID:[10] '1435632369'
(2)plsql developer用sys as sysdba连接,/var/log/message日志记录如下:
Apr 21 15:42:52 db Oracle Audit[7268]: LENGTH : '158' ACTION :[7] 'CONNECT' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:42:52 db Oracle Audit[7268]: LENGTH : '254' ACTION :[101] 'select length(chr(2000000000)) l4, length(chr(2000000)) l3, length(chr(20000)) l2, 'c' c1 from dual ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:42:52 db Oracle Audit[7268]: LENGTH : '197' ACTION :[45] 'select lengthb(nchr(20)), nchr(20) from dual ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:42:52 db Oracle Audit[7268]: LENGTH : '176' ACTION :[24] 'select * from v$version ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:42:52 db Oracle Audit[7268]: LENGTH : '175' ACTION :[23] 'begin :n := user; end; ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:42:52 db Oracle Audit[7268]: LENGTH : '293' ACTION :[138] 'select grantee, name from sys.plsqldev_authorization where grantee in (user, 'PUBLIC') or grantee in (select role from sys.session_roles) ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[3] '942' DBID:[10] '1435632369'
Apr 21 15:42:52 db Oracle Audit[7270]: LENGTH : '158' ACTION :[7] 'CONNECT' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:42:52 db Oracle Audit[7268]: LENGTH : '174' ACTION :[22] 'select null from dual ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:42:52 db Oracle Audit[7268]: LENGTH : '230' ACTION :[78] 'begin sys.dbms_application_info.set_module('PL/SQL Developer', :action); end; ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:42:52 db Oracle Audit[7268]: LENGTH : '228' ACTION :[76] 'select value from v$nls_parameters where parameter = 'NLS_LENGTH_SEMANTICS' ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:42:52 db Oracle Audit[7270]: LENGTH : '305' ACTION :[152] 'select object_name, object_type from sys.user_objects o where o.object_type in ('TABLE', 'VIEW', 'PACKAGE','TYPE', 'PROCEDURE', 'FUNCTION', 'SEQUENCE') ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:42:52 db Oracle Audit[7268]: LENGTH : '235' ACTION :[83] 'select value from sys.nls_database_parameters where parameter = 'NLS_CHARACTERSET' ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:42:53 db Oracle Audit[7270]: LENGTH : '439' ACTION :[286] 'select s.synonym_name object_name, o.object_type from sys.all_synonyms s, sys.all_objects o where s.owner in ('PUBLIC', user) and o.owner = s.table_owner and o.object_name = s.table_name and o.object_type in ('TABLE', 'VIEW', 'PACKAGE','TYPE', 'PROCEDURE', 'FUNCTION', 'SEQUENCE') ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
(3)plsql developer中执行select * from test.t1;查询,/var/log/message日志记录如下:
Apr 21 15:43:15 db Oracle Audit[7279]: LENGTH : '158' ACTION :[7] 'CONNECT' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:43:15 db Oracle Audit[7279]: LENGTH : '174' ACTION :[22] 'select null from dual ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:43:15 db Oracle Audit[7279]: LENGTH : '254' ACTION :[101] 'select length(chr(2000000000)) l4, length(chr(2000000)) l3, length(chr(20000)) l2, 'c' c1 from dual ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:43:15 db Oracle Audit[7279]: LENGTH : '197' ACTION :[45] 'select lengthb(nchr(20)), nchr(20) from dual ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:43:15 db Oracle Audit[7279]: LENGTH : '230' ACTION :[78] 'begin sys.dbms_application_info.set_module('PL/SQL Developer', :action); end; ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:43:15 db Oracle Audit[7279]: LENGTH : '223' ACTION :[71] 'select sid, serial# from v$session where audsid = userenv('SESSIONID') ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:43:15 db Oracle Audit[7279]: LENGTH : '267' ACTION :[114] 'begin if :enable = 0 then sys.dbms_output.disable; else sys.dbms_output.enable(:size); end if; end; ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:43:15 db Oracle Audit[7268]: LENGTH : '200' ACTION :[48] 'select name from v$statname order by statistic# ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:43:16 db Oracle Audit[7268]: LENGTH : '217' ACTION :[65] 'select value from v$sesstat where sid = :sid order by statistic# ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:43:16 db Oracle Audit[7279]: LENGTH : '213' ACTION :[61] 'begin :id := sys.dbms_transaction.local_transaction_id; end; ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:43:16 db Oracle Audit[7279]: LENGTH : '174' ACTION :[22] 'select * from test.t1 ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:43:16 db Oracle Audit[7279]: LENGTH : '213' ACTION :[61] 'begin :id := sys.dbms_transaction.local_transaction_id; end; ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:43:16 db Oracle Audit[7268]: LENGTH : '217' ACTION :[65] 'select value from v$sesstat where sid = :sid order by statistic# ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
Apr 21 15:43:16 db Oracle Audit[7279]: LENGTH : '225' ACTION :[73] 'begin sys.dbms_output.get_line(line => :line, status => :status); end; ' DATABASE USER:[3] 'SYS' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[3] 'l&k' CLIENT TERMINAL:[5] 'ORAPC' STATUS:[1] '0' DBID:[10] '1435632369'
5、说明
因此项设置会造成message日志增长较快,建议实时监控文件系统使用率。
0 0
- Oracle审计sys操作记录到操作系统系统日志中
- 利用Oracle审计功能记录数据库操作
- Oracle 细粒度审计监控表操作记录
- Linux 系统添加操作记录审计
- SAP系统中,用户登陆IP,主机名,使用事物代码的审计日志记录增强
- 日志审计系统解决方案
- oracle将审计日志转移到其它表空间
- Linux中系统户登录和操作日志的记录
- 定期清理oracle审计日志
- 如何选择日志审计系统
- 为什么需要日志审计系统
- 手动清理Oracle审计记录
- Oracle中审计功能
- Tomcat会话超时时如何记录操作日志,满足安全审计要求
- Oracle EBS 中退货订单流程的系统操作记录
- Oracle 10g Audit(审计) --- 记录登录用户在Oracle中的所有操作
- Oracle 10g Audit(审计) --- 记录登录用户在Oracle中的所有操作
- Oracle 审计和测试操作
- 基于 OSG OpenSceneGraph HTC Vive 的实现
- Java 泛型定义在接口上
- 通过ActionBarActivity和viewpager来设置导航页基本方法和步骤
- 输出js对象的所有属性值
- 199. Binary Tree Right Side View
- Oracle审计sys操作记录到操作系统系统日志中
- 网络编程中套接字创建过程
- 游客好久了,切换到博客模式
- 过滤器
- 在Naoqi中使用OpenCV
- Servlet------文件的下载
- 学习Java开源框架前你应该了解的
- 计算机网络--网络层之IP地址与子网
- Commons IO 2.4