当前位置:网站首页>Oracle 脚本实现简单的审计功能

Oracle 脚本实现简单的审计功能

2022-08-03 18:19:00 墨天轮

前景

为了数据安全,生产环境开数据库审计的话会有很大的消耗,一般不建议开启。于是根据dba_hist_active_sess_history写了个shell 脚本,每天产生一个简单的审计报告。

审计脚本:audit_db.sh

  
  
  

   
   
   #!/bin/sh export ORACLE_SID=twoexport ORACLE_UNQNAME=twoexport ORACLE_BASE=/u01/app/oracleexport ORACLE_HOME=/u01/app/oracle/11.2.0.3/productexport PATH=$ORACLE_HOME/bin:$PATHexport LD_LIBRARY_PATH=$ORACLE_HOME/lib:$LD_LIBRARY_PATHexport NLS_LANG=AMERICAN_AMERICA.AL32UTF8export con_user='sqlplus -s / as dba'export au_dir='/u01/report/audit_db'audit_date=`date +%Y-%m-%d -d "1 day ago"`if [ ! -d ${au_dir}/${audit_date} ];then mkdir -p ${au_dir}/${audit_date}firesult=`$con_user <<EOFset colsep','; set echo off; set feedback off; set heading off; set pagesize 0; set linesize 1000; set numwidth 12; set termout off; set timing off; set trimout on; set trimspool on; set trims on; col username format a15col machine format a30col program format a50col sql_opname format a20spool ${au_dir}/${audit_date}/${audit_date}.txt select to_char(h.sample_time, 'yyyy-mm-dd hh24:mi:ss') exec_time, u.username, h.machine, h.program, h.sql_opname from sys.dba_hist_active_sess_history h left join sys.all_users u on u.user_id = h.user_id where h.module is not null and h.sql_opname is not null and to_char(h.sample_time, 'yyyy-mm-dd') = '$audit_date';spool offEOF`result_report=`$con_user <<EOFset colsep','; set echo off; set feedback off; set heading off; set pagesize 0; set linesize 800; set numwidth 12; set termout off; set timing off; set trimout on; set trimspool on; set trims on; col username format a15col machine format a30col program format a50col sql_opname format a20spool ${au_dir}/${audit_date}/${audit_date}.report select u.username, h.machine, h.program, h.sql_opname, count(*) from sys.dba_hist_active_sess_history h left join sys.all_users u on u.user_id = h.user_id where h.module is not null and h.sql_opname is not null and to_char(h.sample_time, 'yyyy-mm-dd') = '$audit_date' group by username, machine, program, h.sql_opname order by 5 desc;spool offEOF`

输出日志:

  
  
  

   
   
   [[email protected] 2022-08-02]$ cat 2022-08-02.report业务用户 主机名 连接方式 操作类型 操作次数two ,app.tomcat.com ,JDBC Thin Client ,SELECT, 8610two ,app1.tomcat.com ,JDBC Thin Client ,INSERT, 8610
原网站

版权声明
本文为[墨天轮]所创,转载请带上原文链接,感谢
https://www.modb.pro/db/450052

边栏推荐

猜你喜欢

随机推荐