当前位置:网站首页>Oracle 脚本实现简单的审计功能
Oracle 脚本实现简单的审计功能
2022-08-03 18:19:00 【墨天轮】
前景
为了数据安全,生产环境开数据库审计的话会有很大的消耗,一般不建议开启。于是根据dba_hist_active_sess_history写了个shell 脚本,每天产生一个简单的审计报告。
审计脚本:audit_db.sh
#!/bin/sh export ORACLE_SID=twoexport ORACLE_UNQNAME=twoexport ORACLE_BASE=/u01/app/oracleexport ORACLE_HOME=/u01/app/oracle/11.2.0.3/productexport PATH=$ORACLE_HOME/bin:$PATHexport LD_LIBRARY_PATH=$ORACLE_HOME/lib:$LD_LIBRARY_PATHexport NLS_LANG=AMERICAN_AMERICA.AL32UTF8export con_user='sqlplus -s / as dba'export au_dir='/u01/report/audit_db'audit_date=`date +%Y-%m-%d -d "1 day ago"`if [ ! -d ${au_dir}/${audit_date} ];then mkdir -p ${au_dir}/${audit_date}firesult=`$con_user <<EOFset colsep','; set echo off; set feedback off; set heading off; set pagesize 0; set linesize 1000; set numwidth 12; set termout off; set timing off; set trimout on; set trimspool on; set trims on; col username format a15col machine format a30col program format a50col sql_opname format a20spool ${au_dir}/${audit_date}/${audit_date}.txt select to_char(h.sample_time, 'yyyy-mm-dd hh24:mi:ss') exec_time, u.username, h.machine, h.program, h.sql_opname from sys.dba_hist_active_sess_history h left join sys.all_users u on u.user_id = h.user_id where h.module is not null and h.sql_opname is not null and to_char(h.sample_time, 'yyyy-mm-dd') = '$audit_date';spool offEOF`result_report=`$con_user <<EOFset colsep','; set echo off; set feedback off; set heading off; set pagesize 0; set linesize 800; set numwidth 12; set termout off; set timing off; set trimout on; set trimspool on; set trims on; col username format a15col machine format a30col program format a50col sql_opname format a20spool ${au_dir}/${audit_date}/${audit_date}.report select u.username, h.machine, h.program, h.sql_opname, count(*) from sys.dba_hist_active_sess_history h left join sys.all_users u on u.user_id = h.user_id where h.module is not null and h.sql_opname is not null and to_char(h.sample_time, 'yyyy-mm-dd') = '$audit_date' group by username, machine, program, h.sql_opname order by 5 desc;spool offEOF`
输出日志:
[[email protected] 2022-08-02]$ cat 2022-08-02.report业务用户 主机名 连接方式 操作类型 操作次数two ,app.tomcat.com ,JDBC Thin Client ,SELECT, 8610two ,app1.tomcat.com ,JDBC Thin Client ,INSERT, 8610
边栏推荐
- yaml data format
- 荧光标记多肽FITC/AMC/FAM/Rhodamine/TAMRA/Cy3/Cy5/Cy7-Peptide
- 程序员如何分分钟搞垮一个项目?
- 【美丽天天秒】链动2+1模式开发
- How to install and start VNC remote desktop service on cloud GPU?
- Big guy, who is free to help me to see what the problem is, I just read MySQL source print, and I just came into contact with flink.
- 安装porterLB
- 高等数学---第十章无穷级数---常数项级数
- mysql之的执行计划
- Online monitoring of UPS power supply and operating environment in the computer room, the solution is here
猜你喜欢
随机推荐
数字IC笔迹-MCMM、WNS和TNS
使用.NET简单实现一个Redis的高性能克隆版(一)
cdc抽取mysql整个实例的binlog,有没有方案通过配置的方式将这些库表拆开分发到kafka
Higher mathematics - chapter ten infinite series - constant term series
VsCode预览Geojson数据
SQL代码需要供其他人复用,为什么传统的复制代码不可靠?
六、用户身份认证
PHP base notes - NO. 1
Weekly recommended short video: In order to fill the gap of learning resources, the author specially wrote a book?
dd命令:用于读取、转换并输出数据
揭秘deepin 23,从这里开始!
【美丽天天秒】链动2+1模式开发
大佬们,flinkcdc 2.2 版本采集sqlserver只能采集到全量的数据,不能采集到增量的数
LyScript 内存交换与差异对比
MySQL database account management and optimization
cell delay和net delay
Atomic Wallet已支持TRC20-USDT
Execution plan of mysql
想要防止数据泄漏,如何选择国产浏览器?
Blender script 删除所有幽灵对象