溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
在oracle 11gR2中,缺省在audit_file_dest目錄會記錄sys用戶的登錄審計信息,但并不會審計操作內容。
啟用對sys用戶操作行為的審計
SQL> alter system set audit_sys_operations=TRUE scope=spfile;
System altered.
因為是audit_sys_operations是靜態參數,需要重新數據庫
SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup;
SQL> show parameter audit;
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /u01/app/oracle/admin/orcl/adu
mp
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB
接著刪除一個測試用戶
SQL> drop user lineqi cascade;
User dropped.
[oracle@orcl adump]$ more orcl_ora_32424_20150418163852720955143795.aud
Audit file /u01/app/oracle/admin/orcl/adump/orcl_ora_32424_20150418163852720955143795.aud
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
ORACLE_HOME = /u01/app/oracle/product/11.2.0/dbhome_1
System name: Linux
Node name: orcl
Release: 2.6.32-358.el6.x86_64
Version: #1 SMP Tue Jan 29 11:47:41 EST 2013
Machine: x86_64
VM name: VMWare Version: 6
Instance name: orcl
Redo thread mounted by this instance: 1
Oracle process number: 19
Unix process pid: 32424, p_w_picpath: oracle@orcl (TNS V1-V3)
注意:sys登陸的記錄
Sat Apr 18 16:38:52 2015 +08:00
LENGTH : '160'
ACTION :[7] 'CONNECT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '1405073182'
Sat Apr 18 16:38:57 2015 +08:00
LENGTH : '173'
ACTION :[19] 'ALTER DATABASE OPEN'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '1405073182'
Sat Apr 18 16:39:08 2015 +08:00
LENGTH : '216'
ACTION :[60] 'BEGIN dbms_cmp_int.drop_cmp_by_cmpid(:sb1, :sb2, :sb3); END;'
DATABASE USER:[3] 'SYS'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '1405073182'
注意:sys操作的記錄
Sat Apr 18 16:39:15 2015 +08:00
LENGTH : '178'
ACTION :[24] 'drop user lineqi cascade'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '1405073182'
Sat Apr 18 16:39:25 2015 +08:00
LENGTH : '197'
ACTION :[43] 'select tablespace_name from dbA_tablespaces'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
CLIENT TERMINAL:[5] 'pts/0'
STATUS:[1] '0'
DBID:[10] '1405073182'
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
