1 细粒度审计
默认对sys不审计,审计即开即关
SYS@ora11g>show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /u02/app/admin/ora11g/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB
alter system set audit_sys_operations=true scope=spfile;
shutdown immediate
startup
SYS@ora11g>
begin
DBMS_FGA.ADD_POLICY (
object_schema => 'scott',
object_name => 'au',
policy_name => 'mypolicy',
audit_condition => 'sal>2500',
audit_column => 'sal',
handler_schema => NULL,
handler_module => NULL,
enable => TRUE,
statement_types => 'UPDATE',
audit_trail => DBMS_FGA.DB_EXTENDED,
audit_column_opts => DBMS_FGA.ALL_COLUMNS);
end;
/
SCOTT@ora11g>update au set sal=80000;
SYS@ora11g>select sql_text from dba_common_audit_trail where sql_text is not null;
SQL_TEXT
--------------------------------------------------------------------------------
update au set sal=80000
desc aud$
select OBJ$NAME,SES$ACTIONS from aud$;
desc dba_common_audit_trail
desc dba_FGA_audit_trail
desc dba_audit_trail
DBMS_FGA.DISABLE_POLICY (
object_schema => 'scott',
object_name => 'emp',
policy_name => 'mypolicy1');
DBMS_FGA.ENABLE_POLICY (
object_schema => 'scott',
object_name => 'emp',
policy_name => 'mypolicy1',
enable => TRUE);
DBMS_FGA.DROP_POLICY (
object_schema => 'scott',
object_name => 'emp',
policy_name => 'mypolicy1');
2 粗粒度审计
AUDIT ROLE;
AUDIT ROLEWHENEVER SUCCESSFUL;
AUDIT ROLEWHENEVER NOT SUCCESSFUL;
AUDIT SELECT TABLE, UPDATE TABLE;
AUDIT SELECT TABLE, UPDATE TABLE BY hr, oe;
AUDIT DELETE ANY TABLE;
AUDIT CREATE ANY DIRECTORY;
AUDIT DIRECTORY;
AUDIT READ ON DIRECTORY bfile_dir;
AUDIT SELECTON hr.employees;
AUDIT SELECT ON hr.employeesWHENEVER SUCCESSFUL;
AUDIT ALLON hr.employees_seq;
noAUDIT create any table;
desc aud$
select OBJ$NAME,SES$ACTIONS from aud$;