针对SYSDBA的审计,Oracle提供了三种技术:
1、数据库审计用户的使用的特权,执行的命令和访问的表,以及登录状态
2、使用数据库触发器对发起基于值的审计;
3、细粒度审计可以追踪到对表中哪些行进行了访问;
当初始化参数文件AUDIT_SYS_OPERATIONS被设置为true时,SYSDBA和SYSOPER执行的语句将被记录到操作系统的审计文件中;
标准审计
在进行数据库审计前 AUDIT_TRAIL初始化参数文件需要被设置:
- NONE:不执行审计
- OS:审计文件被写入到操作系统中——the Application Log on windws, or the AUDIT_FILE_DEST directory on Uinx
- DB:审计文件被写入到数据库的数据字典表中:SYS.AUD$
- DB_EXTENDED
- XML
- XML_EXXTENDED
例:
audit create any trigger; --审计所有创建触发器的操作
auditselect any table by session;
audit insert on scott.emp whenever successful;--还有一个选项是WHENEVER NOT SUCCESSFUL;
audit allon scott.emp;
audit session whenever not successful;--对用户登录进行审计;
--查看系统产生的审计信息
select * fromdba_audit_trail;
其他产生的审计信息的视图还包括:
DBA_AUDIT_OBJECT,DBA_AUDIT_STATEMENT, DBA_AUDIT_SESSION
使用触发器来对值进行审计
A database trigger is a block of PL/SQL code that wil runautomaitcally whenever in INSERT, UPDATE, OR DELETE is executed against a table.
例:
CREATE ORREPLACE TRIGGER system.creditrating_audit
AFTERUPDAT OF creditrating
ON scott.customers
REFERENCINGNEW AS NEW OLD AS OLD
FOR EACHROW
BEGIN
IF :old.creditrationg!= :new.creditrating THEN
INSERT INTO system.creditrating_audit
VALUES(sys_context('userenv','os_user'),
sys_context('userenv','ip_address'),
:new.customer_id || 'credit rating changed from' || :old.creditrating ||' to ' || :new.creditrating);
END IF;
END;
/
细粒度审计Fine-Grained Auditing(FGA)
FGA isconfigured with the package DBMS_FGA
sql>execute dbms_fga.add_policy(-
object_schema=>'HR',-
object_name=>'EMPLOYEES',-
policy_name=>'POL1',-
audit_condition=>'department_id=80',-
audit_column=>'SALARY');
DBA_AUDIT_TRIALis used for standard database auditing;
DBA_FGA_AUDIT_TRAIL:is used for fine-grained auditing;
DBA_COMMON_AUDIT_TRAIL:is used for both;
To seethe results of auditing with triggers, you must create your own views thataddress your own tables;