审计: 跟踪数据库中的可以操作
alter system set audit_sys_operation=true scope=spfile;- show parameter audit_file_dest
-
-
- SQL> show parameter audit_file_dest
-
- NAME TYPE VALUE
- ------------------------------------ ----------- ------------------------------
- audit_file_dest string /u01/app/oracle/admin/cdb1/adu
- mp
- SQL>
audit_trail=DB --> 使用数据字典aud$记录审计的线索
audit_trail=OS --> 使用audit_file_dest指向的目录保存审计文件
- audit delete table by scott;
-
- audit delete table by scott whenever successful;
-
- audit delete table by scott whenever not successful;
-
- audit delete table by scott by access;
-
- audit delete table by scott by access whenever successful;
-
- audit delete table by scott by access whenever not sucessful;
-
- SQL>
- SQL> select audit_option,success,failure from dba_stmt_audit_opts where user_name='SCOTT';
-
- no rows selected
-
- SQL>
- SQL> delete aud$;
-
- 1 row deleted.
-
- SQL> commit;
-
- Commit complete.
-
- SQL> select * from aud$;
-
- no rows selected
select name from audit_actions where action=1;noaudit delete table by scott;exec print_table('select * from aud$ where userid="SCOTT"');
audit create any table by scott;select PRIVILEGE,SUCCESS,FAILURE from dba_priv_audit_opts where user_name='SCOTT';
对象审计:在具体某一个对象上面打开的审计选项
- audit delete on scott.emp;
- audit insert on scott.emp by access whenever not successful;
- SQL>
- SQL> select audit_option,success,failure from dba_stmt_audit_opts;
-
- no rows selected
-
- SQL>