`
mengxiangfeiyan
  • 浏览: 15956 次
社区版块
存档分类
最新评论

Oracle Auditing Policy

 
阅读更多

Auditing Policy

Security administrators should define a policy for the auditing procedures of each database. You may decide to have database auditing disabled unless questionable activities are suspected. When auditing is required, decide what level of detail to audit the database; usually, general system auditing is followed by more specific types of auditing after the origins of suspicious activity are determined. Auditing is discussed in the following section.

<!-- class="sect2" --><!-- class="sect1" -->

Overview of Database Auditing

Auditing is the monitoring and recording of selected user database actions. It can be based on individual actions, such as the type of SQL statement run, or on combinations of factors that can include name, application, time, and so on. Security policies can cause auditing when specified elements in an Oracle database are accessed or altered, including content.

Auditing is generally used to:

  • Enable future accountability for current actions taken in a particular schema, table, or row, or affecting specific content

  • Investigate suspicious activity. For example, if an unauthorized user is deleting data from tables, then the security administrator could audit all connections to the database and all successful and unsuccessful deletions of rows from all tables in the database.

  • Monitor and gather data about specific database activities. For example, the database administrator can gather statistics about which tables are being updated, how many logical I/Os are performed, or how many concurrent users connect at peak times.

You can use Enterprise Manager to view and configure audit-related initialization parameters and administer audited objects for statement auditing and schema object auditing. For example, Enterprise Manager shows the properties for current audited statements, privileges, and objects. You can view the properties of each object, and you can search audited objects by their properties. You can also turn on and turn off auditing on objects, statements, and privileges.

Types and Records of Auditing

Oracle allows audit options to be focused or broad. You can audit:

  • Successful statement executions, unsuccessful statement executions, or both

  • Statement executions once in each user session or once every time the statement is run

  • Activities of all users or of a specific user

Oracle auditing enables the use of several different mechanisms, with the following features:

Table 20-1 Types of Auditing

Type of Auditing Meaning/Description

Statement auditing

Audits SQL statements by type of statement, not by the specific schema objects on which they operate. Typically broad, statement auditing audits the use of several types of related actions for each option. For example, AUDIT TABLE tracks several DDL statements regardless of the table on which they are issued. You can also set statement auditing to audit selected users or every user in the database.

Privilege auditing

Audits the use of powerful system privileges enabling corresponding actions, such as AUDIT CREATE TABLE. Privilege auditing is more focused than statement auditing because it audits only the use of the target privilege. You can set privilege auditing to audit a selected user or every user in the database.

Schema object auditing

Audits specific statements on a particular schema object, such as AUDIT SELECT ON employees. Schema object auditing is very focused, auditing only a specific statement on a specific schema object. Schema object auditing always applies to all users of the database.

Fine-grained auditing

Audits data access and actions based on content. Using DBMS_FGA, the security administrator creates an audit policy on the target table. If any rows returned from a DML statement block match the audit condition, then an audit event entry is inserted into the audit trail.

<!-- class="tblformal" -->

Audit Records and the Audit Trails

Audit records include information such as the operation that was audited, the user performing the operation, and the date and time of the operation. Audit records can be stored in either a data dictionary table, called the database audit trail, or in operating system files, called an operating system audit trail.

Database Audit Trail

The database audit trail is a single table named SYS.AUD$ in the SYS schema of each Oracle database's data dictionary. Several predefined views are provided to help you use the information in this table.

Audit trail records can contain different types of information, depending on the events audited and the auditing options set. The following information is always included in each audit trail record, if the information is meaningful to the particular audit action:

  • User name

  • Instance number

  • Process identifier

  • Session identifier

  • Terminal identifier

  • Name of the schema object accessed

  • Operation performed or attempted

  • Completion code of the operation

  • Date and time stamp

  • System privileges used

<!-- class="sect4" -->
Auditing in a Distributed Database

Auditing is site autonomous. An instance audits only the statements issued by directly connected users. A local Oracle node cannot audit actions that take place in a remote database. Because remote connections are established through the user account of a database link, statements issued through the database link's connection are audited by the remote Oracle node.

<!-- class="sect4" -->
Operating System Audit Trail

Oracle allows audit trail records to be directed to an operating system audit trail if the operating system makes such an audit trail available to Oracle. If not, then audit records are written to a file outside the database, with a format similar to other Oracle trace files.

Oracle allows certain actions that are always audited to continue, even when the operating system audit trail (or the operating system file containing audit records) is unable to record the audit record. The usual cause of this is that the operating system audit trail or the file system is full and unable to accept new records.

System administrators configuring operating system auditing should ensure that the audit trail or the file system does not fill completely. Most operating systems provide administrators with sufficient information and warning to ensure this does not occur. Note, however, that configuring auditing to use the database audit trail removes this vulnerability, because the Oracle database server prevents audited events from occurring if the audit trail is unable to accept the database audit record for the statement.

<!-- class="sect4" -->
Operating System Audit Records

The operating system audit trail is encoded, but it is decoded in data dictionary files and error messages.

  • Action code describes the operation performed or attempted. The AUDIT_ACTIONS data dictionary table describes these codes.

  • Privileges used describes any system privileges used to perform the operation. The SYSTEM_PRIVILEGE_MAP table describes all of these codes.

  • Completion code describes the result of the attempted operation. Successful operations return a value of zero, and unsuccessful operations return the Oracle error code describing why the operation was unsuccessful.

See Also:

<!-- class="sect4" -->
Records Always in the Operating System Audit Trail

Some database-related actions are always recorded into the operating system audit trail regardless of whether database auditing is enabled:

  • At instance startup, an audit record is generated that details the operating system user starting the instance, the user's terminal identifier, the date and time stamp, and whether database auditing was enabled or disabled. This information is recorded into the operating system audit trail, because the database audit trail is not available until after startup has successfully completed. Recording the state of database auditing at startup also acts as an auditing flag, inhibiting an administrator from performing unaudited actions by restarting a database with database auditing disabled.

  • At instance shutdown, an audit record is generated that details the operating system user shutting down the instance, the user's terminal identifier, the date and time stamp.

  • During connections with administrator privileges, an audit record is generated that details the operating system user connecting to Oracle with administrator privileges. This record provides accountability regarding users connected with administrator privileges.

On operating systems that do not make an audit trail accessible to Oracle, these audit trail records are placed in an Oracle audit trail file in the same directory as background process trace files.

<!-- class="sect4" -->
When Are Audit Records Created?

Any authorized database user can set his own audit options at any time, but the recording of audit information is enabled or disabled by the security administrator.

When auditing is enabled in the database, an audit record is generated during the execute phase of statement execution.

SQL statements inside PL/SQL program units are individually audited, as necessary, when the program unit is run.

The generation and insertion of an audit trail record is independent of a user's transaction being committed. That is, even if a user's transaction is rolled back, the audit trail record remains committed.

Statement and privilege audit options in effect at the time a database user connects to the database remain in effect for the duration of the session. Setting or changing statement or privilege audit options in a session does not cause effects in that session. The modified statement or privilege audit options take effect only when the current session is ended and a new session is created. In contrast, changes to schema object audit options become effective for current sessions immediately.

Operations by the SYS user and by users connected through SYSDBA or SYSOPER can be fully audited with the AUDIT_SYS_OPERATIONS initialization parameter. Successful SQL statements from SYS are audited indiscriminately. The audit records for sessions established by the user SYS or connections with administrative privileges are sent to an operating system location. Sending them to a location separate from the usual database audit trail in the SYS schema provides for greater auditing security.

分享到:
评论

相关推荐

    Oracle Security

    About the Security Policy and Security Plan Types of Accounts Standards for Accounts Standards for Usernames Standards for Passwords Standards for Roles Standards for Views Standards for the ...

    oracle开启audit(审计)

    除了基本的Audit功能外,Oracle还提供了更高级的Fine-Grained Auditing(FGA),它允许基于条件的审计,使得审计信息更加精确和可控。下面是如何使用DBMS_FGA包来管理FGA策略: 1. **添加FGA策略** 使用`DBMS_FGA...

    Oracle数据库审计功能的安全审计获取技术.doc

    Oracle数据库的审计功能主要通过两种方式实现:系统审计(System Auditing)和Fine-Grained Auditing(FGA)。系统审计是对数据库操作的广泛跟踪,包括登录、登出、权限分配等。而FGA则允许对特定对象或操作进行更...

    Oracle10gDBA两日速成经典教程.rar

    5. **Security Enhancements**:包括Fine-Grained Auditing、Policy-Based Management等,增强了安全策略的实施和审计功能。 6. **XML Support**:Oracle 10g增强了对XML的支持,可以更方便地处理和存储XML数据。 ...

    Oracle Solaris 10 Trusted Extensions Configuration Guide-176

    5. **审计和日志记录(Auditing and Logging)**:Trusted Extensions提供了详细的审计功能,可追踪对系统的访问和修改,有助于检测潜在的安全威胁,并提供合规性报告。 6. **系统管理(System Administration)**...

    Oracle Solaris 11 Trusted Extensions Label Administration-124

    8. **审计(Auditing)**:Trusted Extensions 提供全面的审计功能,记录所有尝试的标签访问和权限更改,以便于监控和回溯任何不寻常的活动。 9. **安全配置(Configuration)**:管理员需要精心规划和配置 Trusted...

    Oracle 细粒度审计(FGA)初步认识

    Oracle 细粒度审计(Fine-Grained Auditing, FGA)是一种强大的安全特性,它允许数据库管理员(DBA)精确地控制并记录数据库中特定操作的详细信息。这一功能自Oracle 9i版本开始引入,最初仅限于记录SELECT语句,但...

    Oracle9i的init.ora参数中文说明

    Oracle9i初始化参数中文说明 Blank_trimming: 说明: 如果值为TRUE, 即使源长度比目标长度 (SQL92 兼容) 更长, 也允许分配数据。 值范围: TRUE | FALSE 默认值: FALSE serializable: 说明: 确定查询是否获取表级...

    NetBackup10_AdminGuideI_Server.pdf

    4. **应用程序一致性**:对于Oracle、SQL Server、Exchange等关键业务应用,NetBackup提供应用感知备份,确保在备份过程中保持数据一致性,避免因备份过程导致的应用程序故障。 5. **Policy-Based Management(基于...

    Veritas NetBackup Administrator’s Guide, Volume II for UNIX and

    1. **Policy Management(策略管理)**:NetBackup允许管理员定义备份策略,这些策略包括何时执行备份、备份哪些数据、如何保留备份副本等规则。策略可以基于特定的时间表、数据类型或服务器组进行定制。 2. **...

Global site tag (gtag.js) - Google Analytics