https://docs.oracle.com/cd/F19136_01/dbseg/introduction-to-auditing.html
https://docs.oracle.com/cd/F19136_01/sqlrf/AUDIT-Traditional-Auditing.html
SYSユーザの監査を有効化
show parameter audit
ALTER SYSTEM SET AUDIT_SYS_OPERATIONS=TRUE SCOPE=SPFILE;
shutdown immediate;
startup
show parameter audit
標準監査を有効化
show parameter audit
alter system set audit_trail=XML,EXTENDED scope=spfile;
shutdown immediate
startup
!ls -ltr /u01/app/oracle/admin/orcl/adump
conn test/test
-- SQL文の監査
AUDIT SELECT TABLE BY ACCESS;
AUDIT SELECT TABLE, INSERT TABLE, DELETE TABLE
BY ACCESS
WHENEVER NOT SUCCESSFUL;
AUDIT ALL STATEMENTS BY sh,hr BY ACCESS WHENEVER SUCCESSFUL;
AUDIT ALL BY sh BY ACCESS;
AUDIT ALL STATEMENTS IN SESSION CURRENT BY ACCESS WHENEVER NOT SUCCESSFUL;
AUDIT ALL STATEMENTS IN SESSION CURRENT;
AUDIT SESSION BY ACCESS;
AUDIT NOT EXISTS;
-- 権限の監査
AUDIT DELETE ANY TABLE BY ACCESS;
-- スキーマオブジェクトの監査
AUDIT SELECT ON HR.EMPLOYEES BY ACCESS;
AUDIT DELETE ON sh.sales BY ACCESS;
AUDIT SELECT, INSERT, DELETE
ON sh.sales
BY ACCESS
WHENEVER SUCCESSFUL;
-- ディレクトリオブジェクトの監査
AUDIT EXECUTE ON DIRECTORY ORA_DIR BY ACCESS;
-- プロシージャの監査
AUDIT EXECUTE PROCEDURE BY ACCESS;
AUDIT EXECUTE PROCEDURE BY hr BY ACCESS;
-- ネットワークの監査
AUDIT NETWORK BY ACCESS;
select * from DBA_OBJ_AUDIT_OPTS;
select * from DBA_PRIV_AUDIT_OPTS;
select * from DBA_STMT_AUDIT_OPTS;