Oracle 11g数据库默认审计选项说明详解
在Oracle 11g中默认启用审计选项,AUDIT_TRAIL参数的缺省值为DB,而在Oracle 10g中该参数默认值为none,即不启用审计。审计数据默认存放SYSTEM 表空间下的AUD$审计字典基表上。Oracle官方宣称默认启用的审计日志不会对绝大多数产品数据库的性能带来过大的负面影响,同时Oracle公司还推荐使用基于OS文件的审计日志记录方式(OS audit trail files)。
创新互联是一家专注于成都网站设计、成都网站制作与策划设计,高安网站建设哪家好?创新互联做网站,专注于网站建设10多年,网设计领域的专业建站公司;建站业务涵盖:高安等地区。高安做网站价格咨询:028-86922220
注意在Oracle11g中CREATE SESSION将被作为受审计的权限来被记录,因此当SYSTEM表空间因磁盘空间而无法扩展时将导致这部分审计记录无法生成,这将最终导致普通用户的新会话将无法正常创建,普通用户将无法登陆数据库。在这种场景中仍可以使用SYSDBA身份的用户创建会话,在将审计数据合适备份后删除一部分记录,或者干脆TRUNCATE AUD$都可以解决上述问题。
当AUDIT_TRAIL设置为OS时,审计记录文件将在AUDIT_FILE_DEST参数所指定的目录中生成。全部这些文件均可以随时被删除或复制。
注意在默认情况下会以AUTOEXTEND ON自动扩展选项创建SYSTEM表空间,因此系统表空间在必要情况下还是会自动增长的,我们所需注意的是磁盘上的剩余空间是否能够满足其增长需求,以及数据文件扩展的上限,对于普通的8k smallfile表空间而言单个数据文件的最大尺寸是32G。
- SQL> select * from v$version whererownum=1;
- BANNER
- --------------------------------------------------------------------------------
- Oracle Database 11g Enterprise EditionRelease 11.2.0.1.0 - Production
以下权限将对所有用户审计:
- DBA_PRIV_AUDIT_OPTS describescurrent system privileges being audited across the system and by user.
- SQL> select privilege,success,failurefrom dba_priv_audit_opts;
- PRIVILEGE SUCCESS FAILURE
- -------------------------------------------------- ----------
- CREATE EXTERNAL JOB BY ACCESS BY ACCESS
- CREATE ANY JOB BY ACCESS BY ACCESS
- GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS
- EXEMPT ACCESS POLICY BY ACCESS BY ACCESS
- CREATE ANY LIBRARY BY ACCESS BY ACCESS
- GRANT ANY PRIVILEGE BY ACCESS BY ACCESS
- DROP PROFILE BY ACCESS BY ACCESS
- ALTER PROFILE BY ACCESS BY ACCESS
- DROP ANY PROCEDURE BY ACCESS BY ACCESS
- ALTER ANY PROCEDURE BY ACCESS BY ACCESS
- CREATE ANY PROCEDURE BY ACCESS BY ACCESS
- PRIVILEGE SUCCESS FAILURE
- -------------------------------------------------- ----------
- ALTER DATABASE BY ACCESS BY ACCESS
- GRANT ANY ROLE BY ACCESS BY ACCESS
- CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS
- DROP ANY TABLE BY ACCESS BY ACCESS
- ALTER ANY TABLE BY ACCESS BY ACCESS
- CREATE ANY TABLE BY ACCESS BY ACCESS
- DROP USER BY ACCESS BY ACCESS
- ALTER USER BY ACCESS BY ACCESS
- CREATE USER BY ACCESS BY ACCESS
- CREATE SESSION BY ACCESS BY ACCESS
- AUDIT SYSTEM BY ACCESS BY ACCESS
- PRIVILEGE SUCCESS FAILURE
- -------------------------------------------------- ----------
- ALTER SYSTEM BY ACCESS BY ACCESS
- 23 rows selected.
- SQL>
以下语句也将对所有用户审计:
- DBA_STMT_AUDIT_OPTS describescurrent system auditing options across the system and by user.
- SQL> select audit_option,success,failurefrom dba_stmt_audit_opts;
- AUDIT_OPTION SUCCESS FAILURE
- -------------------------------------------------- ----------
- ALTER SYSTEM BY ACCESS BY ACCESS
- SYSTEM AUDIT BY ACCESS BY ACCESS
- CREATE SESSION BY ACCESS BY ACCESS
- CREATE USER BY ACCESS BY ACCESS
- ALTER USER BY ACCESS BY ACCESS
- DROP USER BY ACCESS BY ACCESS
- PUBLIC SYNONYM BY ACCESS BY ACCESS
- DATABASE LINK BY ACCESS BY ACCESS
- ROLE BYACCESS BY ACCESS
- PROFILE BYACCESS BY ACCESS
- CREATE ANY TABLE BY ACCESS BY ACCESS
- AUDIT_OPTION SUCCESS FAILURE
- -------------------------------------------------- ----------
- ALTER ANY TABLE BY ACCESS BY ACCESS
- DROP ANY TABLE BY ACCESS BY ACCESS
- CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS
- GRANT ANY ROLE BY ACCESS BY ACCESS
- SYSTEM GRANT BY ACCESS BY ACCESS
- ALTER DATABASE BY ACCESS BY ACCESS
- CREATE ANY PROCEDURE BY ACCESS BY ACCESS
- ALTER ANY PROCEDURE BY ACCESS BY ACCESS
- DROP ANY PROCEDURE BY ACCESS BY ACCESS
- ALTER PROFILE BY ACCESS BY ACCESS
- DROP PROFILE BY ACCESS BY ACCESS
- AUDIT_OPTION SUCCESS FAILURE
- -------------------------------------------------- ----------
- GRANT ANY PRIVILEGE BY ACCESS BY ACCESS
- CREATE ANY LIBRARY BY ACCESS BY ACCESS
- EXEMPT ACCESS POLICY BY ACCESS BY ACCESS
- GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS
- CREATE ANY JOB BY ACCESS BY ACCESS
- CREATE EXTERNAL JOB BY ACCESS BY ACCESS
- 28 rows selected.
查询当前数据库中的现有的审计记录:
- DBA_AUDIT_TRAIL displaysall standard audit trail entries.
- SQL> select action_name,count(*) from dba_audit_trail group by action_name;
- ACTION_NAME COUNT(*)
- ---------------------------- ----------
- SYSTEM REVOKE 1
- LOGON 90
- DROP DATABASE LINK 5
- LOGOFF 59
- ALTER SYSTEM 5
- CREATE PUBLIC SYNONYM 2
- ALTER DATABASE 3
- DROP PUBLIC SYNONYM 2
- CREATE DATABASE LINK 5
- 9 rows selected.
关于Oracle 11g数据库默认审计选项说明的相关知识就介绍到这里了,希望本次的介绍能够对您有所帮助。
【编辑推荐】
- SQL Server日期时间格式转换字符串详解
- SQL Server数据库流水号的使用方法详解
- 初学SQL Server存储过程调用的代码示例
- SQL Server 2005数据库排序的SQL实例解析
- SQL Server 2008 MDX学习笔记之理解元数组
当前文章:Oracle 11g数据库默认审计选项说明详解
标题路径:http://www.shufengxianlan.com/qtweb/news21/157271.html
网站建设、网络推广公司-创新互联,是专注品牌与效果的网站制作,网络营销seo公司;服务项目有等
声明:本网站发布的内容(图片、视频和文字)以用户投稿、用户转载内容为主,如果涉及侵权请尽快告知,我们将会在第一时间删除。文章观点不代表本网站立场,如需处理请联系客服。电话:028-86922220;邮箱:631063699@qq.com。内容未经允许不得转载,或转载时需注明来源: 创新互联
- 高效更新数据库,掌握高级筛选技巧(高级筛选更新数据库)
- 使用OracleASM管理存储空间的技巧
- 装修报价单明细表完整清单
- 解决navicat连接数据库问题 (navicat无法连接数据库)
- 云服务器设置远程密码错误怎么解决
- 年月号收到贵司邮件称我的域名
- findstr命令怎么在windows系统中使用
- 魔方dctimer要怎么用
- 创新互联Python教程:python创建函数时不带括括号吗
- Linux下安装Vi编辑器的指南(linux安装vi)
- 网站挂马检测有什么方法,如何进行网站挂马检测
- ru域名过期后多久可以注册?(域名过期多少天可以注册)
- python文件如何加密文件
- 创新互联VUE3教程:Vue3.0响应式计算和侦听
- 创新互联小程序教程:微信小程序云开发API获取集合数据