In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-17 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >
Share
Shulou(Shulou.com)06/01 Report--
In oracle 11gR2, login audit information for sys users is recorded by default in the audit_file_dest directory, but the actions are not audited.
Enable auditing of sys user actions
SQL > alter system set audit_sys_operations=TRUE scope=spfile
System altered.
Because audit_sys_operations is a static parameter, the database needs to be rebuilt.
SQL > shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL > startup
SQL > show parameter audit
NAME TYPE VALUE
-
Audit_file_dest string / u01/app/oracle/admin/orcl/adu
Mp
Audit_sys_operations boolean TRUE
Audit_syslog_level string
Audit_trail string DB
Then delete a test user
SQL > drop user lineqi cascade
User dropped.
[oracle@orcl adump] $more orcl_ora_32424_20150418163852720955143795.aud
Audit file / u01/app/oracle/admin/orcl/adump/orcl_ora_32424_20150418163852720955143795.aud
Oracle Database 11g Enterprise Edition Release 11.2.0.4.0-64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
ORACLE_HOME = / u01/app/oracle/product/11.2.0/dbhome_1
System name: Linux
Node name: orcl
Release: 2.6.32-358.el6.x86_64
Version: # 1 SMP Tue Jan 29 11:47:41 EST 2013
Machine: x86_64
VM name: VMWare Version: 6
Instance name: orcl
Redo thread mounted by this instance: 1
Oracle process number: 19
Unix process pid: 32424, p_w_picpath: oracle@orcl (TNS V1-V3)
Note: sys login record
Sat Apr 18 16:38:52 2015 + 08:00
LENGTH: '160'
ACTION: [7] 'CONNECT'
DATABASE USER: [1]'/'
PRIVILEGE: [6] 'SYSDBA'
CLIENT USER: [6] 'oracle'
CLIENT TERMINAL: [5] 'pts/0'
STATUS: [1]'0'
DBID: [10] '1405073182'
Sat Apr 18 16:38:57 2015 + 08:00
LENGTH: '173'
ACTION: [19] 'ALTER DATABASE OPEN'
DATABASE USER: [1]'/'
PRIVILEGE: [6] 'SYSDBA'
CLIENT USER: [6] 'oracle'
CLIENT TERMINAL: [5] 'pts/0'
STATUS: [1]'0'
DBID: [10] '1405073182'
Sat Apr 18 16:39:08 2015 + 08:00
LENGTH: '216'
ACTION: [60] 'BEGIN dbms_cmp_int.drop_cmp_by_cmpid (: sb1,: sb2,: sb3); END;'
DATABASE USER: [3] 'SYS'
PRIVILEGE: [6] 'SYSDBA'
CLIENT USER: [6] 'oracle'
CLIENT TERMINAL: [5] 'pts/0'
STATUS: [1]'0'
DBID: [10] '1405073182'
Note: records of sys operations
Sat Apr 18 16:39:15 2015 + 08:00
LENGTH: '178'
ACTION: [24] 'drop user lineqi cascade'
DATABASE USER: [1]'/'
PRIVILEGE: [6] 'SYSDBA'
CLIENT USER: [6] 'oracle'
CLIENT TERMINAL: [5] 'pts/0'
STATUS: [1]'0'
DBID: [10] '1405073182'
Sat Apr 18 16:39:25 2015 + 08:00
LENGTH: '1977'
ACTION: [43] 'select tablespace_name from dbA_tablespaces'
DATABASE USER: [1]'/'
PRIVILEGE: [6] 'SYSDBA'
CLIENT USER: [6] 'oracle'
CLIENT TERMINAL: [5] 'pts/0'
STATUS: [1]'0'
DBID: [10] '1405073182'
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
