Introduction to Oracle Audit solution in a short time

Are you very worried about getting the method to learn Oracle Audit? If this is the case, the following articles will provide you with corresponding solutions. The following articles mainly introduce the Oracle Audit method. The following describes the relevant content.

1. What is audit?

Simply put, it is to record database operations. Whether or not you enable the database audit function, the following operating systems will force records.

L use administrator privileges to connect to the Instance

L start the database

L shut down the database

2. audit-related parameters

 
 

  
  
Audit_sys_operations 
 
 

The default value is false. When it is set to true, note that it is all !) Operations performed by sys users, including sysdba and sysoper users, will be recorded. Oracle audit trail will not be written in the aud $ table. This is easy to understand. If the database has not started aud $, connection information such as conn/as sysdba can only be recorded elsewhere. If it is a windows platform, aupd-trail will be recorded in windows event management. If it is a linux/unix platform, it will be recorded in the file specified by the audit_file_dest parameter.

Audit_trail

There are three values

None: default value, not audited

DB: records the audit trail in the audit related table of the database, such as aud $

OS: records the Oracle audit trail in the operating system file. The file name is specified by the audit_file_dest parameter.

Note: These two parameters are static and need to be restarted to take effect.

3. Audit Level

After the audit function is enabled (audit_trail = DB/OS), you can audit the database at three levels: Statement (Statement), Privilege permission), and object)

Statement

Audit by statement. For example, audit table audits all the create table, drop table, and truncate table statements in the database. alter session by cmy audits all database connections of cmy users.

Privilege

Audit by permission. If the user uses this permission, it is audited. For example, after the grant select any table to a; audit select any table; statement is executed, when user a accesses user B's table, for example, select * from B. t;) will use the select any table permission, so it will be audited. Note that the user is the owner of his/her own table, so the user's access to his/her table will not be audited

Object

Audits by object. Only the on keyword is used to audit the operations on the specified object, such as aduit alter, delete, drop, and insert on cmy. t by scott; here, the t table of cmy users is audited, but the by clause is used at the same time. Therefore, only operations initiated by scott users are audited. note that Oracle does not provide the audit function for all objects in the schema. Only one object can be audited. For the objects created later, Oracle provides the on default clause for automatic audit, for example, after you execute audit drop on default by access;, all the drop operations on the subsequently created objects will be audited.

However, this default option will be valid for all the database objects created later. It seems that it is impossible to specify that it is only valid for the objects created by a user. In this case, the trigger can "Audit" the schema DDL ", this function is slightly insufficient.

4. Other Audit options

By access/by session: by access generates an audit trail for every audited operation. By session, only one audit trail is generated for operations of the same type in a session. The default value is by session.

Whenever [not] successful: When the whenever successful operation is successful (the returncode field in dba_audit_trail is 0), the whenever not successful and vice versa. If this clause is omitted, it will be audited whether the operation is successful or not.

5. audit-related views

 
 

  
  
dba_audit_trail 
 
 

Saves all audit trails. In fact, it is only a view based on aud $. Other views dba_audit_session, dba_audit_object, and dba_audit_statement are only a subset of dba_audit_trail.

 
 

  
  
dba_stmt_audit_opts 
 
 

It can be used to view the statement audit-level audit options, that is, the database sets the statement-level audit. Dba_obj_audit_opts, dba_priv_audit_opts view functions are similar

 
 

  
  
all_def_audit_opts 
 
 

Used to view which default Object audit is set in the on default clause of the database.

6. Cancel Audit

Change Oracle audit of the corresponding audit statement to noaudit, for example, audit session whenever successful; cancel audit noaudit session whenever successful;