- 浏览: 43828 次
- 性别:
- 来自: 广州
-
文章分类
最新评论
Oracle微粒审计详解,可以看到操作数据库每一语句,对大型项目很有用
Oracle使用大量不同的审计方法来监控使用何种权限,以及访问哪些对象。审计
不会防止使用这些权限,但可以提供有用的信息,用于揭示权限的滥用和误用。
下表中总结了Oracle数据库中不同类型的审计。
审计类型说明
1.语句审计
按照语句类型审计SQL语句,而不论访问何种特定的模式对象。也可以在数据库
中指定一个或多个用户,针对特定的语句审计这些用户
2.权限审计
审计系统权限,例如CREATE TABLE或ALTER INDEX。和语句审计一样,权限审计
可以指定一个或多个特定的用户作为审计的目标
3.模式对象审计
审计特定模式对象上运行的特定语句(例如,DEPARTMENTS表上的UPDATE语句)。
模式对象审计总是应用于数据库中的所有用户
4.细粒度的审计
根据访问对象的内容来审计表访问和权限。使用程序包DBMS_FGA来建立特定表上
的策略
.......详细概念见附件《Oracle审计详解.rar》
下面是我们项目中一个简单的FGA的使用列子:
第一步:开启Oracle的审计功能
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_cdmx',policy_name =>'dangan_1',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_cdyw',policy_name =>'dangan_2',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_cdzm',policy_name =>'dangan_3',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_chrzb',policy_name =>'dangan_4',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_daczrz',policy_name =>'dangan_5',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_daddmx',policy_name =>'dangan_6',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_dafm',policy_name =>'dangan_7',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_daglxxb',policy_name =>'dangan_8',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_dajdmxjl',policy_name =>'dangan_9',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_dajdmxjl_gzk',policy_name =>'dangan_10',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_dajdyw',policy_name =>'dangan_11',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_dast',policy_name =>'dangan_12',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_dast_gzk',policy_name =>'dangan_13',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_dawzxx',policy_name =>'dangan_14',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_dawzxx_gzk',policy_name =>'dangan_15',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_daxdqd',policy_name =>'dangan_16',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_daxdqd_gzk',policy_name =>'dangan_17',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_daxdyw',policy_name =>'dangan_18',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_daxhmxjl',policy_name =>'dangan_19',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_daxhmxjl_gzk',policy_name =>'dangan_20',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_daxhyw',policy_name =>'dangan_21',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_dayd',policy_name =>'dangan_22',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_ddqd',policy_name =>'dangan_23',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_ddyw',policy_name =>'dangan_24',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_dzsmyw',policy_name =>'dangan_25',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_hdyw',policy_name =>'dangan_26',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_jdiys',policy_name =>'dangan_27',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_jnml',policy_name =>'dangan_28',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_jxry',policy_name =>'dangan_29',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_jxry_gzk',policy_name =>'dangan_30',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_jzyjgdyw',policy_name =>'dangan_31',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_jzyjlsh',policy_name =>'dangan_32',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_jzyjmx',policy_name =>'dangan_33',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_lyys',policy_name =>'dangan_34',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_xhys',policy_name =>'dangan_35',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_ywdagxb',policy_name =>'dangan_36',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_ywsl',policy_name =>'dangan_37',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpu_nrgh',policy_name =>'dangan_38',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpu_smyxwj',policy_name =>'dangan_39',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_dabmlsh',policy_name =>'dangan_40',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_jzgdmx',policy_name =>'dangan_41',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_bcdrxx',policy_name =>'dangan_42',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_jzthjl',policy_name =>'dangan_43',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'tpa_zzcdxx',policy_name =>'dangan_44',statement_types
=>'insert,update,delete');
exec dbms_fga.add_policy(object_schema =>'DANGAN',object_name
=>'aqua_explain_2246325',policy_name =>'dangan_45',statement_types
=>'insert,update,delete');
第二步:查询FGA的微粒审计(当然在这之前你操作了你监听已经开启FGA的表)
select session_id SessionID,timestamp 时间,object_schema
SCHECMA,sql_text 执行语句,sql_bind 绑定值,transactionid 事物ID
from dba_fga_audit_trail where timestamp>to_timestamp('2011-7-19
15:29:18','yyyy-mm-dd hh24:mi:ss')
and object_schema='DANGAN';
查询出来的结果见附件《FGA查询结果.rar》
第三步:关闭FGA微粒审计功能(当然是自愿的)
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_cdmx',policy_name =>'dangan_1')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_cdyw',policy_name =>'dangan_2')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_cdzm',policy_name =>'dangan_3')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_chrzb',policy_name =>'dangan_4')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_daczrz',policy_name =>'dangan_5')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_daddmx',policy_name =>'dangan_6')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_dafm',policy_name =>'dangan_7')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_daglxxb',policy_name =>'dangan_8')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_dajdmxjl',policy_name =>'dangan_9')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_dajdmxjl_gzk',policy_name =>'dangan_10')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_dajdyw',policy_name =>'dangan_11')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_dast',policy_name =>'dangan_12')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_dast_gzk',policy_name =>'dangan_13')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_dawzxx',policy_name =>'dangan_14')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_dawzxx_gzk',policy_name =>'dangan_15')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_daxdqd',policy_name =>'dangan_16')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_daxdqd_gzk',policy_name =>'dangan_17')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_daxdyw',policy_name =>'dangan_18')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_daxhmxjl',policy_name =>'dangan_19')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_daxhmxjl_gzk',policy_name =>'dangan_20')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_daxhyw',policy_name =>'dangan_21')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_dayd',policy_name =>'dangan_22')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_ddqd',policy_name =>'dangan_23')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_ddyw',policy_name =>'dangan_24')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_dzsmyw',policy_name =>'dangan_25')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_hdyw',policy_name =>'dangan_26')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_jdiys',policy_name =>'dangan_27')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_jnml',policy_name =>'dangan_28')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_jxry',policy_name =>'dangan_29')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_jxry_gzk',policy_name =>'dangan_30')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_jzyjgdyw',policy_name =>'dangan_31')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_jzyjlsh',policy_name =>'dangan_32')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_jzyjmx',policy_name =>'dangan_33')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_lyys',policy_name =>'dangan_34')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_xhys',policy_name =>'dangan_35')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_ywdagxb',policy_name =>'dangan_36')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_ywsl',policy_name =>'dangan_37')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpu_nrgh',policy_name =>'dangan_38')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpu_smyxwj',policy_name =>'dangan_39')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_dabmlsh',policy_name =>'dangan_40')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_jzgdmx',policy_name =>'dangan_41')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_bcdrxx',policy_name =>'dangan_42')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_jzthjl',policy_name =>'dangan_43')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'tpa_zzcdxx',policy_name =>'dangan_44')
exec dbms_fga.drop_policy(object_schema =>'DANGAN',object_name
=>'aqua_explain_2246325',policy_name =>'dangan_45')
好了,我也不多说了,用法用例附件中都有,自己需要就下载去吧
发表评论
相关推荐
Oracle审计功能是指Oracle数据库中的一种安全机制,用于记录和跟踪用户对数据库的访问和操作行为。这种机制可以帮助DBA和安全管理员发现和防止不正当的访问和操作。 一、审计分类 Oracle审计功能可以分为两大类:...
Oracle数据库的SQL语句是数据库管理员和开发人员日常工作中不可或缺的一部分。本文将深入解析Oracle SQL语句的基本操作,帮助初学者更好地理解和应用这些技巧,从而提高数据库查询效率。 首先,理解选择最有效率的...
Oracle数据库Sql语句详解大全,提供给大家快速查询复习哦!
### 自动生成Oracle数据库表分析语句 在Oracle数据库管理中,定期进行表分析对于优化查询性能至关重要。通过分析表和索引,Oracle可以更新统计信息,这些信息将被查询优化器用于选择最佳的执行计划。本文将详细介绍...
oracle数据库常用操作语句,实现对用户的管理和权限管理。
Oracle审计功能是数据库管理系统中的一种安全机制,它允许系统管理员监控和记录用户的数据库操作,以确保数据的安全性和合规性。审计功能可以详细追踪并记录特定的数据库活动,这对于故障排查、安全审计和合规性检查...
《Oracle大型数据库系统在AIX/UNIX上的实战详解》以AIX UNIX平台为主线,以其他UNIX系统为参照,描述了数据库系统Oracle 10g、Oracle 11g的构架方法,说明了该数据库在AIX平台常用的管理内容,提供了AIX上实施Oracle...
Oracle 数据库语句大全是 Oracle 数据库管理系统中的一系列语句,用于管理和操作数据库。这些语句可以分为五大类:数据定义语言(DDL)、数据操纵语言(DML)、数据控制语言(DCL)和事务控制语言(TCL)。 一....
### Oracle数据库审计详解 #### 一、概述 Oracle数据库审计是一项重要的安全措施,用于捕捉和记录发生在数据库中的各种活动,从而帮助管理员监控访问行为、确保数据安全并满足合规性要求。根据不同的需求,Oracle...
Oracle审计功能记录数据库操作 Oracle审计功能是记录数据库操作的重要工具,用于监视用户所执行的数据库...Oracle审计功能可以对数据库操作进行监视和记录,为数据库管理员提供了一个重要的工具来监控数据库的安全性。
Oracle审计指的是记录数据库活动的过程,以便跟踪和审查数据库中的操作和数据访问。这有助于维护数据的安全性,确保数据的完整性和访问的合规性。从Oracle数据库12c版本开始,Oracle引入了统一审计(unified ...
Oracle数据库审计功能的安全审计获取技术是确保数据库系统安全性和合规性的重要手段。Oracle数据库提供了强大的审计功能,可以跟踪和记录数据库的活动,以便于监控潜在的安全威胁、合规性问题以及性能瓶颈。本文将...
《Oracle大型数据库系统在AIX/UNIX上的实战详解》以AIX UNIX平台为主线,以其他UNIX系统为参照,描述了数据库系统Oracle 10g、Oracle 11g的构架方法,说明了该数据库在AIX平台常用的管理内容,提供了AIX上实施Oracle...
oracle数据库详细的语句操作大全,对不同的操作语句都有详细的解释和举例说明。
`ConnForOracle` 类主要实现了对 Oracle 数据库的基本操作,包括但不限于连接数据库、执行 SQL 语句以及返回结果集等功能。通过此类可以有效地简化数据库操作代码,并提高开发效率。 #### 二、基本属性与构造函数 ...
Oracle 数据库 SQL 语句是指在 Oracle 数据库中使用的结构化查询语言(Structured Query Language),用于管理和操作数据库中的数据。下面是 Oracle 数据库 SQL 语句的详解大全。 SELECT 语句 SELECT 语句是 ...
一个类是用来连接和操作数据库的,下载之后可以将你自己的Oracle配置参数写入初始化文件“OracleDemo\OracleDemo\WXZJ.ini”中,就可以连接了,其中的函数是向表中插入数据,你可以根据你的表格进行修改。还有一个类...