审计

###
审计
    1. 语句审计：
    2. 权限审计：
    3. 对象审计：
    4. 网络审计：
    
语句审计语法：
        audit sql_statement_shortcut | all | [all statements]
        [by user_list] | [in session current] [by session | access]
        [whenever [not] successful]

    1). 对scott进行create|drop|truncate table审计
    SQL> audit table by scott by access

    2). 取消某个语句审计
    SQL> noaudit session by jack;

    3). 查询当前数据库那些用户进行了语句审计以及审计设置信息
    SQL> select * from dba_stmt_audit_opts;

权限审计语法：对特定的系统权限的使用情况进行审计
        audit system_privileges | [ALL privileges]
        [by user_list] | [in session current] [by session | access ]
        [whenever [not] successful]

    1). 对用户scott,ehr进行语句审计
    SQL> audit create any table,create any view by scott,ehr;

    2). 对用户scott成功修改任意表审计
    SQL> audit alter any table by scott whenever succssful;

    3). 取消审计
    SQL> noaudit create any table by scott;

    4). 查询当前数据库对那些用户系统权限进行了审计以及审计设置信息
    SQL> select user_name,privilege,success from dba_priv_audit_opts order by user_name;

对象审计语法：对特定模式对象的操作进行审计，与用户没有关系
    audit sql_operation | all on [schema.]object
    [by user_list] | [in session current]
    [by session | access] 
    [whenever [not] successful]

 

 

 

 

网络审计：对协议错误与网络层内部错误进行审计，捕获客户端与数据库服务器通信过程中发生的错误。
    语法
        audit network [by session | access]
        [whenever [not] successful] 

    1). SQL>   audit network by access;
    2). SQL> noaudit network;

精细审计：对表或试图上执行的select,insert,update,delete操作创建审计策略，通过dbma_fga包对审计策略进程管理
1.创建审计策略
dbms_fga.add_policy(
object_schema            varchar2,
object_name              varchar2,
policy_name                   varchar2,
audit_condition          varchar2,
audit_column              varchar2,
handler_schema          varchar2,
handler_module          varchar2,
enable                  boolean,
statement_types           varchar2,
audit_trail               binary_integer in default,
audit_column               binary_integer in default
);

样例：对scott.emp表中20号员工的insert,delete,update,select操作进行审计
SQL>begin
    dbms_fga.ADD_policy(
    object_schema=>'scott',
    object_name=>'emp',
    policy_name=>'audit_emp_sal',
    audit_condition=>'empno=20',
    handler_schema=>null,
    handler_module=>null,
    enable=>true,
    statement_types=>'select,insert,update,delete'
);

2.禁用审计策略
dbms_fga.DISABLE_policy(
object_schema           varchar2,
object_name               varchar2,
policy_name               varchar2
);

样例：禁用审计策略audit_emp_sal
SQL>begin
    dbms_fga.DISABLE_policy(
    object_schema=>'scott',
    object_name=>'emp',
    policy_name=>'audit_emp_sal'
);

3.删除审计策略
dbms_fga.DROP_policy(
    object_schema            varchar2,
    object_name               varchar2,
    policy_name              varchar2
);

样例：删除策略audit_emp_sal
SQL>begin
dbms_fga.DROP_policy(
object_schema=>'emp',
object_name=>'emp',
policy_name=>'audit_emp_sal'
);

4.查询审计策略
SQL>select policy_name,object_schema,object_name,policy_text,sel,ins,upd,del from dba_audit_policies;



dba_stmt_audit_opts： statement语句审计
dba_priv_audit_opts： privileges权限审计
dba_obj_audit_opts：  object对象审计