11g默认审计选项
【注:参考了maclean的网文】
11g默认审计选项AUDIT_TRAIL参数的缺省值为DB,审计数据记录在数据库中的AUD$审计字典基表上。在11g中CREATE SESSION将被作为受审计的权限来被记录,因此当SYSTEM表空间因磁盘空间而无法扩展时将导致这部分审计记录无法生成,这将最终导致普通用户的新会话将无法正常创建,普通用户将无法登陆数据库。在这种场景中仍可以使用SYSDBA身份的用户创建会话,在将审计数据合适备份后删除一部分记录,或者干脆TRUNCATE AUD$都可以解决上述问题。
当AUDIT_TRAIL设置为OS时,审计记录文件将在AUDIT_FILE_DEST参数所指定的目录中生成。全部这些文件均可以随时被删除或复制。
以下权限将对所有用户审计:
SQL> select privilege,success,failure from dba_priv_audit_opts; PRIVILEGE SUCCESS FAILURE
---------------------------------------- ---------- ----------
CREATE EXTERNAL JOB BY ACCESS BY ACCESS
CREATE ANY JOB BY ACCESS BY ACCESS
GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS
EXEMPT ACCESS POLICY BY ACCESS BY ACCESS
CREATE ANY LIBRARY BY ACCESS BY ACCESS
GRANT ANY PRIVILEGE BY ACCESS BY ACCESS
DROP PROFILE BY ACCESS BY ACCESS
ALTER PROFILE BY ACCESS BY ACCESS
DROP ANY PROCEDURE BY ACCESS BY ACCESS
ALTER ANY PROCEDURE BY ACCESS BY ACCESS
CREATE ANY PROCEDURE BY ACCESS BY ACCESS PRIVILEGE SUCCESS FAILURE
---------------------------------------- ---------- ----------
ALTER DATABASE BY ACCESS BY ACCESS
GRANT ANY ROLE BY ACCESS BY ACCESS
CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS
DROP ANY TABLE BY ACCESS BY ACCESS
ALTER ANY TABLE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
DROP USER BY ACCESS BY ACCESS
ALTER USER BY ACCESS BY ACCESS
CREATE USER BY ACCESS BY ACCESS
CREATE SESSION BY ACCESS BY ACCESS
AUDIT SYSTEM BY ACCESS BY ACCESS PRIVILEGE SUCCESS FAILURE
---------------------------------------- ---------- ----------
ALTER SYSTEM BY ACCESS BY ACCESS 23 rows selected.
以下语句也将对所有用户审计:
SQL> select audit_option,success,failure from dba_stmt_audit_opts; AUDIT_OPTION SUCCESS FAILURE
---------------------------------------- ---------- ----------
ALTER SYSTEM BY ACCESS BY ACCESS
SYSTEM AUDIT BY ACCESS BY ACCESS
CREATE SESSION BY ACCESS BY ACCESS
CREATE USER BY ACCESS BY ACCESS
ALTER USER BY ACCESS BY ACCESS
DROP USER BY ACCESS BY ACCESS
PUBLIC SYNONYM BY ACCESS BY ACCESS
DATABASE LINK BY ACCESS BY ACCESS
ROLE BY ACCESS BY ACCESS
PROFILE BY ACCESS BY ACCESS
DIRECTORY BY ACCESS BY ACCESS AUDIT_OPTION SUCCESS FAILURE
---------------------------------------- ---------- ----------
CREATE ANY TABLE BY ACCESS BY ACCESS
ALTER ANY TABLE BY ACCESS BY ACCESS
DROP ANY TABLE BY ACCESS BY ACCESS
CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS
GRANT ANY ROLE BY ACCESS BY ACCESS
SYSTEM GRANT BY ACCESS BY ACCESS
ALTER DATABASE BY ACCESS BY ACCESS
CREATE ANY PROCEDURE BY ACCESS BY ACCESS
ALTER ANY PROCEDURE BY ACCESS BY ACCESS
DROP ANY PROCEDURE BY ACCESS BY ACCESS
ALTER PROFILE BY ACCESS BY ACCESS AUDIT_OPTION SUCCESS FAILURE
---------------------------------------- ---------- ----------
DROP PROFILE BY ACCESS BY ACCESS
GRANT ANY PRIVILEGE BY ACCESS BY ACCESS
CREATE ANY LIBRARY BY ACCESS BY ACCESS
EXEMPT ACCESS POLICY BY ACCESS BY ACCESS
GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS
CREATE ANY JOB BY ACCESS BY ACCESS
CREATE EXTERNAL JOB BY ACCESS BY ACCESS 29 rows selected.
当前数据库中的现有的审计记录:
SQL> select action_name,count(*) from dba_audit_trail group by action_name; ACTION_NAME COUNT(*)
---------------------------- ----------
LOGOFF BY CLEANUP 64
LOGON 2965
LOGOFF 2822
DROP DIRECTORY 1
GRANT ROLE 2
CREATE ROLE 1
ALTER USER 1
CREATE DIRECTORY 13
CREATE DATABASE LINK 1
DROP ROLE 1 10 rows selected.
11g默认审计选项的更多相关文章
- 忘记oracle的sys用户密码怎么修改以及Oracle 11g 默认用户名和密码
欢迎和大家交流技术相关问题: 邮箱: jiangxinnju@163.com 博客园地址: http://www.cnblogs.com/jiangxinnju GitHub地址: https://g ...
- 忘记oracle的sys用户密码如何修改以及Oracle 11g 默认用户名和密码
忘记除SYS.SYSTEM用户之外的用户的登录密码 CONN SYS/PASS_WORD AS SYSDBA; --用SYS (或SYSTEM)用户登录 ALTER USER user_name ID ...
- Android设置里面默认存储器选项(default write disk)的实现
原生的Android设置里面没有默认存储器的选项,可是MTK偏偏加上了这个功能,可能MTK认为这个比較实用吧,所以,他们在原生的基础上面做了改动.加上了这个功能.可是高通平台没有这个功能.相对MTK来 ...
- Oracle 11g 默认用户名和密码
安装ORACLE时,若没有为下列用户重设密码,则其默认密码如下: 用户名 / 密码 登录身份 说明 ...
- AJAX请求 $.ajaxSetup方法的使用:设置AJAX请求的默认参数选项,当程序中需要发起多个AJAX请求时,则不用再为每一个请求配置请求的参数
定义和用法ajaxSetup() 方法为将来的 AJAX 请求设置默认值.语法$.ajaxSetup({name:value, name:value, ... }) 该参数为带有一个或多个名称/值对的 ...
- [Oracle]审计Audit
1.Audit的概念 Audit是监视和记录用户对数据库进行的操作,以供DBA进行问题分析.利用Audit功能,可以完成以下任务: 监视和收集特定数据库活动的数据.例如管理员能够审计哪些表被更新,在某 ...
- ORACLE中dba,user,v$等开头的常用表和视图
一.Oracle表明细及说明1.dba_开头表 dba_users 数据库用户信息 dba_segments 表段信息 dba_extents ...
- [Oracle]Audit(一)--认识Audit
1.Audit的概念 Audit是监视和记录用户对数据库进行的操作,以供DBA进行问题分析.利用Audit功能,可以完成以下任务: 监视和收集特定数据库活动的数据.例如管理员能够审计哪些表被更新,在某 ...
- Oracle数据字典全解
一.概念: 1.数据字典(data dictionary)是 Oracle 数据库的一个重要组成部分,这是一组用于记录数据库信息的只读(read-only)表. 数据字典里存有用户信息.用户的权限信息 ...
随机推荐
- echarts 系列一
由于近期项目需要做地图方便的可视化图标,经过比较最终选定echarts. echarts在可视化视图方面非常强大,可以满足大多数开发需求. 采用标签式引入js文件,引用的js 文件位置 echarts ...
- java中关于log日志
博:http://zhw2527.iteye.com/blog/1006302 http://zhw2527.iteye.com/blog/1099658 在项目开发中,记录错误日志是一个很有必要功能 ...
- Grunt构建工具插件篇——之less工具2
Grunt任务分为两部分,一部分是任务,即Grunt要执行的代码,找到对应功能的插件就成.所以等会要下载grunt-contrib- less包,这个插件便是把less文件编译成能直接使用的css.另 ...
- Subpub 订阅/发布
var Pubsub = (function (window) { window.handlers = {}; var o = { pub: function () { var args = Arra ...
- 笔记整理——linux
linux文件目录介绍 (2015/4/30 19:20:28) /proc 目录中的主要文件的说明 文件或目录名称 描 述 apm 高级电源管理信息 cmdline 这个文 ...
- Jenkins中deploy插件的deploy war/ear to a container与deploy artifacts to maven reepository区别
deploy war/ear to a container:发布war包到服务器 deploy artifacts to maven reepository:发布到maven服务器
- Myeclipse程序调试快捷键及步骤详解
Myeclipse程序调试快捷键及步骤详解: 调试快捷键 Eclipse中有如下一些和运行调试相关的快捷键. 1. [Ctrl+Shift+B]:在当前行设置断点或取消设置的断点. ...
- 使IE6下PNG背景透明的七种方法任你选
原文地址:http://blog.csdn.net/mosliang/article/details/6760028 相信如何解决png在ie6下透明的问题困扰了很多人.为了追求更好的页面效果,很多人 ...
- HDU-2502-月之数
题目链接 http://acm.hdu.edu.cn/showproblem.php?pid=2502 分析: 比如n=4时,有: 1000 1001 1010 1011 1100 1101 1110 ...
- --@ui-router——$state服务原版详解
$state service in module ui.router.state Description $state service is responsible for representing ...