Fine-grained audit using DBMS_FGA and fine-grained audit using dbms_fga

Fine-grained audit using DBMS_FGA and fine-grained audit using dbms_fga

Experiment: fine-grained audit using DBMS_FGA

1. Create a test table
TEST_USR1 @ PROD1> create table audit_test (x number );

Table created.

2. Create an Audit Policy
TEST_USR1 @ PROD1> conn/as sysdba
Connected.
SYS @ PROD1> begin
DBMS_FGA.ADD_POLICY (
Object_schema => 'test _ USR1 ',
-- Schema of the object to be audited
Object_name => 'audit _ test ',
-- Name of the object to be audited
Policy_name => 'mydomainy1 ',
-- Name of the created Audit Policy
Audit_condition => 'x <100 ',
-- Audit conditions (multiple columns can be audited simultaneously)
Audit_column => 'x ',
-- The column to be audited (or multiple columns)
Handler_schema => NULL,
Handler_module => NULL,
-- If some operations trigger this audit policy, you can specify the database
-- Subsequent processing.
Enable => TRUE,
Statement_types => 'insert, Update ',
-- Operation type to be audited (insert, update, delete, select)
Audit_trail => DBMS_FGA.DB + DBMS_FGA.EXTENDED,
-- Specifies the storage location of audit records
Audit_column_opts => DBMS_FGA.ANY_COLUMNS );
-- Whether to perform this audit for all columns.
End;
/

PL/SQL procedure successfully completed.

SYS @ PROD1> col OBJECT_SCHEMA a10
SYS @ PROD1> col OBJECT_SCHEMA for a10
SYS @ PROD1> col OBJECT_NAME for a10
SYS @ PROD1> co POLICY_NAME for a10
SYS @ PROD1> col POLICY_NAME for a10
SYS @ PROD1> select OBJECT_SCHEMA, OBJECT_NAME, POLICY_NAME, ENABLED from dba_audit_policies;

OBJECT_SCH OBJECT_NAM POLICY_NAM ENA
---------------------------------
TEST_USR1 AUDIT_TEST my1_y1 YES

3. perform the audit trigger operation.
SYS @ PROD1> conn test_usr1/test;
Connected.
TEST_USR1 @ PROD1> insert into audit_test values (2 );

1 row created.

TEST_USR1 @ PROD1> insert into audit_test values (101 );

1 row created.

TEST_USR1 @ PROD1> commit;

Commit complete.

4. view the generated audit records
TEST_USR1 @ PROD1> select count (*) from sys. fga_log $;

COUNT (*)
----------
1

TEST_USR1 @ PROD1> desc sys. fga_log $;
Name Null? Type
-----------------------------------------------------------------------------
SESSIONID NOT NULL NUMBER
TIMESTAMP # DATE
DBUID VARCHAR2 (30)
OSUID VARCHAR2 (255)
OSHST VARCHAR2 (128)
CLIENTID VARCHAR2 (64)
EXTID VARCHAR2 (4000)
OBJ $ SCHEMA VARCHAR2 (30)
OBJ $ NAME VARCHAR2 (128)
POLICYNAME VARCHAR2 (30)
SCN NUMBER
SQLTEXT VARCHAR2 (4000)
LSQLTEXT CLOB
SQLBIND VARCHAR2 (4000)
COMMENT $ TEXT VARCHAR2 (4000)
PLHOL LONG
STMT_TYPE NUMBER
NTIMESTAMP # TIMESTAMP (6)
PROXY $ SID NUMBER
USER $ GUID VARCHAR2 (32)
INSTANCE # NUMBER
PROCESS # VARCHAR2 (16)
Xid raw (8)
AUDITID VARCHAR2 (64)
STATEMENT NUMBER
ENTRYID NUMBER
DBID NUMBER
LSQLBIND CLOB
OBJ $ EDITION VARCHAR2 (30)

TEST_USR1 @ PROD1> select POLICYNAME, OBJ $ SCHEMA, OBJ $ NAME, LSQLTEXT from sys. fga_log $;

Policyname obj $ schema obj $ NAME LSQLTEXT
----------------------------------------------------------
My1_y1 TEST_USR1 AUDIT_TEST insert into audit_test values (2)

TEST_USR1 @ PROD1> select OBJECT_SCHEMA, OBJECT_NAME, POLICY_NAME, SQL _TEXT from V $ XML_AUDIT_TRAIL;

No rows selected
-- If you specify audit_trail
-- XML is used to query the generated audit results.

 

Can the software version bastion host be used for O & M audits?

Bastion host products have hardware and software. Hardware bastion hosts are all filling software into servers to promote the software and hardware all-in-one machine, so as to raise the price and obtain high profits. Software and Hardware bastion hosts generally have the following core functions: the Single Sign-On function supports automatic periodic change of passwords for a series of authorized accounts such as X11, linux, unix, databases, network devices, and security devices, simplifying password management, users can automatically log on to the target device without having to remember many system passwords, which is convenient and secure. Account management setup and backup support unified account management policies to centrally manage all accounts, such as servers, network devices, and security devices, and monitor the entire lifecycle of accounts, in addition, you can set special roles for devices, such as audit inspectors, O & M operators, and device administrators, to meet audit requirements. Identity authentication devices provide unified authentication interfaces, authenticates users. It supports multiple authentication modes, including dynamic passwords, static passwords, hardware keys, and biometric features. The devices have flexible custom interfaces, it can be combined with other third-party Authentication servers. The Secure Authentication Mode effectively improves the security and reliability of authentication. Resource authorization devices provide fine-grained operation authorization based on user, target device, time, protocol type IP address, behavior, and other elements, the access control device that maximizes user resource security supports the formulation of different policies for different users. fine-grained access control can maximize the security of user resources, prevent unauthorized or unauthorized access. The actiontrail device can audit the full process of operations such as strings, images, file transfers, and databases; monitors operations performed by O & M personnel on operating systems, security devices, network devices, and databases in real time by means of device recording, and controls violations in the process. The terminal command information can be precisely searched for precise video location. The bunker bastion host is in the form of software, allowing customers to choose their own server hardware and download whatever they want. The two licenses for the bunker bastion host are permanently free of charge! In addition, because the bunker bastion host is software and network direct sales, the purchase cost is less than 10% of the hardware. View Original post>

What does O & M audit mainly mean?

The bunker bastion host provides a wide range of statistical analysis from the perspectives of identifying people, hosts, and accounts, helping users detect security risks in a timely manner and optimize the use of network resources. It provides fine-grained authorization for the access process of O & M personnel, Operation Records and control throughout the process, comprehensive operation audit, and support for post-event operation process playback, it implements "pre-prevention, in-process control, and post-event audit" in the O & M process, the bunker bastion host, flexible deployment and simple operations, and is widely used by domestic users.