ITPub博客

首页 > Linux操作系统 > Linux操作系统 > oracle10g_audit_solaris_利用audit_sys_operations

oracle10g_audit_solaris_利用audit_sys_operations

原创 Linux操作系统 作者:wisdomone1 时间:2009-09-07 22:06:23 0 删除 编辑
Normal 0 7.8 磅 0 2 false false false MicrosoftInternetExplorer4 1,术语简解

  AUDIT_SYS_OPERATIONS

Property

Description

Parameter type

Boolean

Default value

false

Modifiable

No

Range of values

true | false

Basic

No

 

AUDIT_SYS_OPERATIONS enables or disables the auditing of operations issued by user SYS, and users connecting with SYSDBA or SYSOPER privileges. The audit records are written to the operating system's audit trail. The audit records will be written in XML format if the AUDIT_TRAIL initialization parameter is set to XML.

此参数为静态参数,修改后要重启数据库实例

 

AUDIT_TRAIL

Property

Description

Parameter type

String

Syntax

AUDIT_TRAIL = { none | os | db | db,extended | xml | xml,extended }

Default value

none

Modifiable

No

Basic

No

 

AUDIT_TRAIL enables or disables database auditing.

Values:

  • none

Disables database auditing.

  • os

Enables database auditing and directs all audit records to the operating system's audit trail.

  • db

Enables database auditing and directs all audit records to the database audit trail (the SYS.AUD$ table).

  • db,extended

Enables database auditing and directs all audit records to the database audit trail (the SYS.AUD$ table). In addition, populates the SQLBIND and SQLTEXT CLOB columns of the SYS.AUD$ table.

  • xml

Enables database auditing and writes all audit records to XML format OS files.

  • xml,extended

Enables database auditing and prints all columns of the audit trail, including SqlText and SqlBind values.

 

2,配置操作步骤

SQL> alter system set audit_sys_operations=true scope=spfile;

 

System altered.

SQL>shutdown immediate

 

SQL>startup

 

SQL> show parameter audit

 

NAME                                 TYPE        VALUE

------------------------------------ ----------- ------------------------------

audit_file_dest                      string      /oracle/admin/ora10g/adump  --注:所有申计记录文件存储在这个目录下

audit_sys_operations                 boolean     TRUE

audit_syslog_level                   string

audit_trail                          string      DB_EXTENDED  ---这个参数就是控制是否生成申计文件,且以何种格式生成申计文件,

SQL>

 

 

3,测试特权用户的操作

 

SQL> show user

USER is "SYS"

SQL> create table lv(a int);

 

Table created.

 

SQL>

bash-3.00$ ls -lrt|tail -3f

-rw-r-----   1 ora10g   oinstall    1157  9  8 06:14 ora_21747.aud

-rw-r-----   1 ora10g   oinstall     737  9  8 06:15 ora_21748.aud

-rw-r-----   1 ora10g   oinstall    1505  9  8 06:25 ora_21767.aud

bash-3.00$ tail -f ora_21767.aud

STATUS: 0

 

Tue Sep  8 06:25:19 2009

ACTION : 'create table lv(a int)'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

SQL> show user

USER is "SYS"

SQL> insert table lv values(1);

 

1 row created.

SQL>

 

Tue Sep  8 06:27:43 2009

ACTION : 'insert into lv values(1)'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:27:45 2009

ACTION : 'commit'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

 

 

SQL> shutdown immediate

Database closed.

Database dismounted.

ORACLE instance shut down.

SQL>

 

bash-3.00$ tail -f ora_21767.aud

STATUS: 0

 

Tue Sep  8 06:27:45 2009

ACTION : 'commit'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:30:26 2009

ACTION : 'ALTER DATABASE CLOSE NORMAL'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:30:26 2009

ACTION : 'ALTER DATABASE DISMOUNT'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:30:26 2009

ACTION : 'SHUTDOWN'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

SQL> startup nomount

ORACLE instance started.

 

Total System Global Area  314572800 bytes

Fixed Size                  1279964 bytes

Variable Size              79693860 bytes

Database Buffers          230686720 bytes

Redo Buffers                2912256 bytes

SQL> alter database mount;

 

Database altered.

 

SQL> alter database open;

 

Database altered.

 

SQL>

 

bash-3.00$ ls -lrt|tail -3f

-rw-r-----   1 ora10g   oinstall    2243  9  8 06:30 ora_21767.aud

-rw-r-----   1 ora10g   oinstall    1175  9  8 06:32 ora_22161.aud

-rw-r-----   1 ora10g   oinstall    1008  9  8 06:32 ora_22188.aud

bash-3.00$ tail -f ora_22188.aud

STATUS: 0

 

Tue Sep  8 06:32:05 2009

ACTION : 'SELECT DECODE(null,'','Total System Global Area','') NAME_COL_PLUS_SHOW_SGA,   SUM(VALUE), DECODE (null,'', 'bytes','') units_col_plus_show_sga FROM V$SGA    UNION ALL    SELECT NAME NAME_COL_PLUS_SHOW_SGA , VALUE,    DECODE (null,'', 'bytes','') units_col_plus_show_sga FROM V$SGA'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:32:52 2009

ACTION : 'alter database mount'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

STATUS: 0

 

Tue Sep  8 06:33:23 2009

ACTION : 'alter database open'

DATABASE USER: '/'

PRIVILEGE : SYSDBA

CLIENT USER: ora10g

CLIENT TERMINAL: syscon

 

4,适用范围

适用于控制sysdba角色及sysoper角色及dba色色的用户所作的各种操作

 

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/9240380/viewspace-614133/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论
提供针对oracle初学者及进阶的数据库培训,欢迎大家咨询: 微信: wisdomone 微信公众号: lovedb qq: 305076427 微博: wisdomone9

注册时间:2008-04-04

  • 博文量
    2164
  • 访问量
    11767444