重庆分公司,新征程启航

为企业提供网站建设、域名注册、服务器等服务

oracle11gR2启用对sys用户操作行为的审计

在oracle 11gR2中,缺省在audit_file_dest目录会记录sys用户的登录审计信息,但并不会审计操作内容。

成都创新互联是一家业务范围包括IDC托管业务,网站空间、主机租用、主机托管,四川、重庆、广东电信服务器租用,成都温江机房,成都网通服务器托管,成都服务器租用,业务范围遍及中国大陆、港澳台以及欧美等多个国家及地区的互联网数据服务公司。

启用对sys用户操作行为的审计

SQL> alter system set audit_sys_operations=TRUE scope=spfile;

System altered.

因为是audit_sys_operations是静态参数,需要重新数据库

SQL> shutdown immediate;

Database closed.

Database dismounted.

ORACLE instance shut down.

SQL> startup;

SQL> show parameter audit;

NAME                                 TYPE        VALUE

------------------------------------ ----------- ------------------------------

audit_file_dest                      string      /u01/app/oracle/admin/orcl/adu

                                                 mp

audit_sys_operations                 boolean     TRUE

audit_syslog_level                   string

audit_trail                          string      DB

接着删除一个测试用户

SQL> drop user lineqi cascade;

User dropped.

[oracle@orcl adump]$ more orcl_ora_32424_20150418163852720955143795.aud

Audit file /u01/app/oracle/admin/orcl/adump/orcl_ora_32424_20150418163852720955143795.aud

Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

ORACLE_HOME = /u01/app/oracle/product/11.2.0/dbhome_1

System name:    Linux

Node name:      orcl

Release:        2.6.32-358.el6.x86_64

Version:        #1 SMP Tue Jan 29 11:47:41 EST 2013

Machine:        x86_64

VM name:        VMWare Version: 6

Instance name: orcl

Redo thread mounted by this instance: 1

Oracle process number: 19

Unix process pid: 32424, p_w_picpath: oracle@orcl (TNS V1-V3)

注意:sys登陆的记录

Sat Apr 18 16:38:52 2015 +08:00

LENGTH : '160'

ACTION :[7] 'CONNECT'

DATABASE USER:[1] '/'

PRIVILEGE :[6] 'SYSDBA'

CLIENT USER:[6] 'oracle'

CLIENT TERMINAL:[5] 'pts/0'

STATUS:[1] '0'

DBID:[10] '1405073182'

Sat Apr 18 16:38:57 2015 +08:00

LENGTH : '173'

ACTION :[19] 'ALTER DATABASE OPEN'

DATABASE USER:[1] '/'

PRIVILEGE :[6] 'SYSDBA'

CLIENT USER:[6] 'oracle'

CLIENT TERMINAL:[5] 'pts/0'

STATUS:[1] '0'

DBID:[10] '1405073182'

Sat Apr 18 16:39:08 2015 +08:00

LENGTH : '216'

ACTION :[60] 'BEGIN dbms_cmp_int.drop_cmp_by_cmpid(:sb1, :sb2, :sb3); END;'

DATABASE USER:[3] 'SYS'

PRIVILEGE :[6] 'SYSDBA'

CLIENT USER:[6] 'oracle'

CLIENT TERMINAL:[5] 'pts/0'

STATUS:[1] '0'

DBID:[10] '1405073182'

注意:sys操作的记录

Sat Apr 18 16:39:15 2015 +08:00

LENGTH : '178'

ACTION :[24] 'drop user lineqi cascade'

DATABASE USER:[1] '/'

PRIVILEGE :[6] 'SYSDBA'

CLIENT USER:[6] 'oracle'

CLIENT TERMINAL:[5] 'pts/0'

STATUS:[1] '0'

DBID:[10] '1405073182'

Sat Apr 18 16:39:25 2015 +08:00

LENGTH : '197'

ACTION :[43] 'select tablespace_name from dbA_tablespaces'

DATABASE USER:[1] '/'

PRIVILEGE :[6] 'SYSDBA'

CLIENT USER:[6] 'oracle'

CLIENT TERMINAL:[5] 'pts/0'

STATUS:[1] '0'

DBID:[10] '1405073182'


文章名称:oracle11gR2启用对sys用户操作行为的审计
当前链接:http://cqcxhl.cn/article/gcdjis.html

其他资讯

在线咨询
服务热线
服务热线:028-86922220
TOP