11g默认审计选项
【注:参考了maclean的网文】
11g默认审计选项AUDIT_TRAIL参数的缺省值为DB,审计数据记录在数据库中的AUD$审计字典基表上。在11g中CREATE SESSION将被作为受审计的权限来被记录,因此当SYSTEM表空间因磁盘空间而无法扩展时将导致这部分审计记录无法生成,这将最终导致普通用户的新会话将无法正常创建,普通用户将无法登陆数据库。在这种场景中仍可以使用SYSDBA身份的用户创建会话,在将审计数据合适备份后删除一部分记录,或者干脆TRUNCATE AUD$都可以解决上述问题。
当AUDIT_TRAIL设置为OS时,审计记录文件将在AUDIT_FILE_DEST参数所指定的目录中生成。全部这些文件均可以随时被删除或复制。
以下权限将对所有用户审计:
SQL> select privilege,success,failure from dba_priv_audit_opts; PRIVILEGE SUCCESS FAILURE
---------------------------------------- ---------- ----------
CREATE EXTERNAL JOB BY ACCESS BY ACCESS
CREATE ANY JOB BY ACCESS BY ACCESS
GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS
EXEMPT ACCESS POLICY BY ACCESS BY ACCESS
CREATE ANY LIBRARY BY ACCESS BY ACCESS
GRANT ANY PRIVILEGE BY ACCESS BY ACCESS
DROP PROFILE BY ACCESS BY ACCESS
ALTER PROFILE BY ACCESS BY ACCESS
DROP ANY PROCEDURE BY ACCESS BY ACCESS
ALTER ANY PROCEDURE BY ACCESS BY ACCESS
CREATE ANY PROCEDURE BY ACCESS BY ACCESS PRIVILEGE SUCCESS FAILURE
---------------------------------------- ---------- ----------
ALTER DATABASE BY ACCESS BY ACCESS
GRANT ANY ROLE BY ACCESS BY ACCESS
CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS
DROP ANY TABLE BY ACCESS BY ACCESS
ALTER ANY TABLE BY ACCESS BY ACCESS
CREATE ANY TABLE BY ACCESS BY ACCESS
DROP USER BY ACCESS BY ACCESS
ALTER USER BY ACCESS BY ACCESS
CREATE USER BY ACCESS BY ACCESS
CREATE SESSION BY ACCESS BY ACCESS
AUDIT SYSTEM BY ACCESS BY ACCESS PRIVILEGE SUCCESS FAILURE
---------------------------------------- ---------- ----------
ALTER SYSTEM BY ACCESS BY ACCESS 23 rows selected.
以下语句也将对所有用户审计:
SQL> select audit_option,success,failure from dba_stmt_audit_opts; AUDIT_OPTION SUCCESS FAILURE
---------------------------------------- ---------- ----------
ALTER SYSTEM BY ACCESS BY ACCESS
SYSTEM AUDIT BY ACCESS BY ACCESS
CREATE SESSION BY ACCESS BY ACCESS
CREATE USER BY ACCESS BY ACCESS
ALTER USER BY ACCESS BY ACCESS
DROP USER BY ACCESS BY ACCESS
PUBLIC SYNONYM BY ACCESS BY ACCESS
DATABASE LINK BY ACCESS BY ACCESS
ROLE BY ACCESS BY ACCESS
PROFILE BY ACCESS BY ACCESS
DIRECTORY BY ACCESS BY ACCESS AUDIT_OPTION SUCCESS FAILURE
---------------------------------------- ---------- ----------
CREATE ANY TABLE BY ACCESS BY ACCESS
ALTER ANY TABLE BY ACCESS BY ACCESS
DROP ANY TABLE BY ACCESS BY ACCESS
CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS
GRANT ANY ROLE BY ACCESS BY ACCESS
SYSTEM GRANT BY ACCESS BY ACCESS
ALTER DATABASE BY ACCESS BY ACCESS
CREATE ANY PROCEDURE BY ACCESS BY ACCESS
ALTER ANY PROCEDURE BY ACCESS BY ACCESS
DROP ANY PROCEDURE BY ACCESS BY ACCESS
ALTER PROFILE BY ACCESS BY ACCESS AUDIT_OPTION SUCCESS FAILURE
---------------------------------------- ---------- ----------
DROP PROFILE BY ACCESS BY ACCESS
GRANT ANY PRIVILEGE BY ACCESS BY ACCESS
CREATE ANY LIBRARY BY ACCESS BY ACCESS
EXEMPT ACCESS POLICY BY ACCESS BY ACCESS
GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS
CREATE ANY JOB BY ACCESS BY ACCESS
CREATE EXTERNAL JOB BY ACCESS BY ACCESS 29 rows selected.
当前数据库中的现有的审计记录:
SQL> select action_name,count(*) from dba_audit_trail group by action_name; ACTION_NAME COUNT(*)
---------------------------- ----------
LOGOFF BY CLEANUP 64
LOGON 2965
LOGOFF 2822
DROP DIRECTORY 1
GRANT ROLE 2
CREATE ROLE 1
ALTER USER 1
CREATE DIRECTORY 13
CREATE DATABASE LINK 1
DROP ROLE 1 10 rows selected.
11g默认审计选项的更多相关文章
- 忘记oracle的sys用户密码怎么修改以及Oracle 11g 默认用户名和密码
欢迎和大家交流技术相关问题: 邮箱: jiangxinnju@163.com 博客园地址: http://www.cnblogs.com/jiangxinnju GitHub地址: https://g ...
- 忘记oracle的sys用户密码如何修改以及Oracle 11g 默认用户名和密码
忘记除SYS.SYSTEM用户之外的用户的登录密码 CONN SYS/PASS_WORD AS SYSDBA; --用SYS (或SYSTEM)用户登录 ALTER USER user_name ID ...
- Android设置里面默认存储器选项(default write disk)的实现
原生的Android设置里面没有默认存储器的选项,可是MTK偏偏加上了这个功能,可能MTK认为这个比較实用吧,所以,他们在原生的基础上面做了改动.加上了这个功能.可是高通平台没有这个功能.相对MTK来 ...
- Oracle 11g 默认用户名和密码
安装ORACLE时,若没有为下列用户重设密码,则其默认密码如下: 用户名 / 密码 登录身份 说明 ...
- AJAX请求 $.ajaxSetup方法的使用:设置AJAX请求的默认参数选项,当程序中需要发起多个AJAX请求时,则不用再为每一个请求配置请求的参数
定义和用法ajaxSetup() 方法为将来的 AJAX 请求设置默认值.语法$.ajaxSetup({name:value, name:value, ... }) 该参数为带有一个或多个名称/值对的 ...
- [Oracle]审计Audit
1.Audit的概念 Audit是监视和记录用户对数据库进行的操作,以供DBA进行问题分析.利用Audit功能,可以完成以下任务: 监视和收集特定数据库活动的数据.例如管理员能够审计哪些表被更新,在某 ...
- ORACLE中dba,user,v$等开头的常用表和视图
一.Oracle表明细及说明1.dba_开头表 dba_users 数据库用户信息 dba_segments 表段信息 dba_extents ...
- [Oracle]Audit(一)--认识Audit
1.Audit的概念 Audit是监视和记录用户对数据库进行的操作,以供DBA进行问题分析.利用Audit功能,可以完成以下任务: 监视和收集特定数据库活动的数据.例如管理员能够审计哪些表被更新,在某 ...
- Oracle数据字典全解
一.概念: 1.数据字典(data dictionary)是 Oracle 数据库的一个重要组成部分,这是一组用于记录数据库信息的只读(read-only)表. 数据字典里存有用户信息.用户的权限信息 ...
随机推荐
- objective-c学习笔记2
Objective-c学习笔记 1.cocoa的对象初始化一般使用alloc和init两个方法,不适用new,其中alloc用于分配内存,init用于初始化,因为初始化方法返回的对象可能和分配的对象不 ...
- IOS开发-OC学习-常用功能代码片段整理
IOS开发-OC学习-常用功能代码片段整理 IOS开发中会频繁用到一些代码段,用来实现一些固定的功能.比如在文本框中输入完后要让键盘收回,这个需要用一个简单的让文本框失去第一响应者的身份来完成.或者是 ...
- JQueryUI确认框 confirm
$(function(){ $('#AlertMsg').dialog({ autoOpen: false, width: 300, modal: true, position: 'center', ...
- jsp发布后应用根目录
1.发布到tomcat后获取应用的根目录 ServletContext s1=this.getServletContext(); String temp=s1.getRealPath("/& ...
- 全方位分析Objcetive-C Runtime 分类: ios技术 2015-03-11 22:29 77人阅读 评论(0) 收藏
本文详细整理了 Cocoa 的 Runtime 系统的知识,它使得 Objective-C 如虎添翼,具备了灵活的动态特性,使这门古老的语言焕发生机.主要内容如下: 引言 简介 与Runtime交互 ...
- ModelDriven动作(转)
所谓ModelDriven ,意思是直接把实体类当成页面数据的收集对象.比如,有实体类User 如下: package cn.com.leadfar.struts2.actions; public c ...
- 51NOD 1639 绑鞋带 数学
http://www.51nod.com/onlineJudge/questionCode.html#!problemId=1639 假如一开始有一根绳子. 那么增加一根的时候,可以插在它的尾部,也可 ...
- 1.4. 为现有的应用程序添加 Core Data 支持(Core Data 应用程序实践指南)
项目创建时会有 “Use Core Data" ,但是,有时没有勾选这个选项,那么就要手动链接Core Data Framework. 选中 Grocery Dude Target Gene ...
- bzoj 3611[Heoi2014]大工程 虚树+dp
题意: 给一棵树 每次选 k 个关键点,然后在它们两两之间 新建 C(k,2)条 新通道. 求: 1.这些新通道的代价和 2.这些新通道中代价最小的是多少 3.这些新通道中代价最大的是多少 分析:较常 ...
- 解决Centos 7 下 tomcat字体异常 Font '宋体' is not available to the JVM
错误提示: SEVERE: Servlet.service() for servlet [example] in context with path [/myproject] threw except ...