<< SYS SESSION >>
  ■ Audit (감사)
- audit은 선택한 user database 작업을 모니터하는 것이다.
    - 의심이 가는 데이터베이스 작업을 조사
    - 특정 데이터베이스 작업에 대한 정보를 수집할 경우

SHOW PARAMETER audit_trail
NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
audit_trail                          string      DB

SELECT* FROM v$parameter WHERE name = 'audit_trail';
VALUE : DB
ISSES_MODIFIABLE : FALSE
ISSYS_MODIFIABLE : FALSE

# 감사 비활성화
ALTER SYSTEM SET audit_trail = none SCOPE = SPFILE;

# 감사 활성화
ALTER SYSTEM SET audit_trail = DB SCOPE = SPFILE;

# sys.aud$ 안에 있는 내용을 관리해야 한다.
SELECT * FROM sys.aud$;



★ 감사 옵션 설정

# 문장 감사
SQL문을 선택적으로 감사

audit은 create table, drop table, truncate table 수행하는 감사

SQL> audit table;

SELECT * FROM dba_stmt_audit_opts WHERE audit_option = 'TABLE';
USER_NAME       PROXY_NAME      AUDIT_OPTION                   SUCCESS    FAILURE
--------------- --------------- ------------------------------ ---------- ----------
                                TABLE                          BY ACCESS  BY ACCESS


SUCCESS : BY ACCESS (기본값)
SUCCESS : BY SESION

FAILURE : BY ACCESS 
...

SELECT * FROM sys.aud$;
<< SAWON02 SESSION >>
  SELECT * FROM tab;

DROP TABLE emp PURGE;

CREATE TABLE sawon02.emp AS SELECT * FROM hr.employees;
<< SYS SESSION >>
  SELECT sessionid, entryid, statement, userid, userhost, action#, obj$creator, obj$name
FROM sys.aud$;
SESSIONID ENTRYID STATEMENT USERID  USERHOST ACTION# OBJ$CREATOR OBJ$NAME ...
--------- ------- --------- ------- -------- ------- ----------- --------
  6370463       8        61 SAWON02 oracle        12 SAWON02     EMP     
  6370463       9        79 SAWON02 oracle         1 SAWON02     EMP      ...

SELECT username, owner,obj_name, action_name,
        decode(returncode, '0', 'success', returncode) sess,
        to_char(timestamp,'yyyy-mm-dd hh24:mi:ss') day
FROM dba_audit_object;
USERNAME   OWNER   OBJ_NAME        ACTION_NAME     SESS       DAY                 ...
---------- ------- --------------- --------------- ---------- -------------------
SAWON02    SAWON02 EMP             CREATE TABLE    success    2023-12-26 18:01:27
SAWON02    SAWON02 EMP             DROP TABLE      942        2023-12-26 18:01:25 ...
<< SAWON02 SESSION >>
  CREATE TABLE sawon02.emp AS SELECT * FROM hr.employees;

Alter Table sawon02.emp MODIFY last_name varchar2(30);

DROP TABLE sawon02.emp_copy PURGE;

TRUNCATE TABLE sawon02.emp;
<< SYS SESSION >>
  SELECT sessionid, entryid, statement, userid, userhost, action#, obj$creator, obj$name
FROM sys.aud$;
 SESSIONID    ENTRYID  STATEMENT USERID     USERHOST      ACTION# OBJ$CREATOR     OBJ$NAME
---------- ---------- ---------- ---------- ---------- ---------- --------------- ----------
   6370463          8         61 SAWON02    oracle             12 SAWON02         EMP
   6370463          9         79 SAWON02    oracle              1 SAWON02         EMP
   6370463         10        104 SAWON02    oracle              1 SAWON02         EMP
   6370463         11        129 SAWON02    oracle             12 SAWON02         EMP_COPY
   6370463         12        130 SAWON02    oracle             85 SAWON02         EMP

SELECT username, owner,obj_name, action_name,
        decode(returncode, '0', 'success', returncode) sess,
        to_char(timestamp,'yyyy-mm-dd hh24:mi:ss') day
FROM dba_audit_object;
USERNAME   OWNER   OBJ_NAME        ACTION_NAME     SESS       DAY
---------- ------- --------------- --------------- ---------- -------------------
SAWON02    SAWON02 EMP             TRUNCATE TABLE  success    2023-12-26 18:12:59
SAWON02    SAWON02 EMP             DROP TABLE      942        2023-12-26 18:01:25
SAWON02    SAWON02 EMP_COPY        DROP TABLE      942        2023-12-26 18:12:59
SAWON02    SAWON02 EMP             CREATE TABLE    success    2023-12-26 18:01:27
SAWON02    SAWON02 EMP             CREATE TABLE    955        2023-12-26 18:12:59


# 감사 옵션 취소
NOAUDIT table;

TRUNCATE TABLE sys.aud$;

select * from dba_stmt_audit_opts where audit_option = 'TABLE';
no rows selected



<< HR SESSION >>
  DROP TABLE hr.dept CASCADE CONSTRAINTS PURGE;
DROP TABLE hr.emp CASCADE CONSTRAINTS PURGE;

CREATE TABLE hr.dept
AS SELECT department_id dept_id, department_name dept_name
FROM hr.departments;

CREATE TABLE hr.emp
AS SELECT employee_id id, last_name name, salary sal, department_id dept_id
FROM hr.employees;

ALTER TABLE hr.dept ADD CONSTRAINT deptid_pk PRIMARY KEY (dept_id);
ALTER TABLE hr.emp ADD CONSTRAINT depid_pk PRIMARY KEY (id);
ALTER TABLE hr.emp ADD CONSTRAINT emp_deptid_fk FOREIGN KEY (dept_id)
REFERENCES hr.dept (dept_id);


SELECT constraint_name, constraint_type, table_name, 
        r_owner, r_constraint_name, index_owner, index_name
FROM user_constraints WHERE table_name in ('EMP','DEPT');

CONSTRAINT_NAME CONSTRAINT_TYPE TABLE_NAME R_OWNER R_CONSTRAINT_NAME INDEX_OWNER INDEX_NAME
--------------- --------------- ---------- ------- ----------------- ----------- ----------
DEPTID_PK       P               DEPT                                 HR          DEPTID_PK
DEPID_PK        P               EMP                                  HR          DEPID_PK
EMP_DEPTID_FK   R               EMP        HR      DEPTID_PK

GRANT SELECT, INSERT, UPDATE, DELETE ON hr.emp TO sawon01, sawon02;
GRANT SELECT, INSERT, UPDATE, DELETE ON hr.dept TO sawon01, sawon02;
<< SYS SESSION >>
  # 스키마(schema) object audit
특정한 유저가 소유한 테이블에 대해서 감사 설정

AUDIT SELECT, INSERT, UPDATE, DELETE ON hr.emp;
AUDIT SELECT, INSERT, UPDATE, DELETE ON hr.dept;

SELECT owner, object_name, object_type, sel, ins, upd, del FROM dba_obj_audit_opts;
OWNER   OBJECT_NAME     OBJECT_TYPE     SEL       INS       UPD       DEL
------- --------------- --------------- --------- --------- --------- ---------
HR      DEPT            TABLE           S/S       S/S       S/S       S/S
HR      EMP             TABLE           S/S       S/S       S/S       S/S
<< SAWON01 SESSION >>
  SELECT sal FROM hr.emp WHERE id = 100;
       SAL
----------
     24000
<< SYS SESSION >>
  SELECT sessionid, entryid, statement, userid, userhost, action#, obj$creator, obj$name
FROM sys.aud$;
 SESSIONID    ENTRYID  STATEMENT USERID     USERHOST      ACTION# OBJ$CREATOR     OBJ$NAME
---------- ---------- ---------- ---------- ---------- ---------- --------------- ----------
   6480464          2         10 SAWON01    oracle            103 HR              EMP
...

SELECT username, owner,obj_name, action_name,
        decode(returncode, '0', 'success', returncode) sess,
        to_char(timestamp,'yyyy-mm-dd hh24:mi:ss') day
FROM dba_audit_object;
USERNAME   OWNER   OBJ_NAME        ACTION_NAME     SESS       DAY
---------- ------- --------------- --------------- ---------- -------------------
SAWON01    HR      EMP             SESSION REC     success    2023-12-26 18:47:49
<< SAWON01 SESSION >>
  INSERT INTO hr.emp (id,name,sal,dept_id) VALUES (300,'james',1000,10);

UPDATE hr.emp SET sal = 1000 WHERE id = 101;

DELETE FROM hr.emp WHERE id = 200;

ROLLBACK;
<< SYS SESSION >>
  SELECT sessionid, entryid, statement, userid, userhost, action#, obj$creator, obj$name
FROM sys.aud$;
 SESSIONID    ENTRYID  STATEMENT USERID     USERHOST      ACTION# OBJ$CREATOR     OBJ$NAME
---------- ---------- ---------- ---------- ---------- ---------- --------------- ----------
   6480464          2         10 SAWON01    oracle            103 HR              EMP
   6480464          3         11 SAWON01    oracle            103 HR              EMP
   6480464          4         12 SAWON01    oracle            103 HR              EMP
   6480464          5         13 SAWON01    oracle            103 HR              EMP
...

SELECT username, owner,obj_name, action_name,
        decode(returncode, '0', 'success', returncode) sess,
        to_char(timestamp,'yyyy-mm-dd hh24:mi:ss') day
FROM dba_audit_object;
USERNAME   OWNER   OBJ_NAME        ACTION_NAME     SESS       DAY
---------- ------- --------------- --------------- ---------- -------------------
SAWON01    HR      EMP             SESSION REC     success    2023-12-26 18:47:49
SAWON01    HR      EMP             SESSION REC     success    2023-12-26 18:52:52
SAWON01    HR      EMP             SESSION REC     success    2023-12-26 18:52:52
SAWON01    HR      EMP             SESSION REC     success    2023-12-26 18:52:52
<< SAWON01 SESSION >>
  SELECT sal FROM hr.emp WHERE id = 300;
no rows selected

INSERT INTO hr.emp(id,name,sal,dept_id) VALUES (400,'scott',1000,500);
ORA-02291: integrity constraint (HR.EMP_DEPTID_FK) violated - parent key not found

DELETE FROM hr.dept WHERE dept_id = 20;
ORA-02292: integrity constraint (HR.EMP_DEPTID_FK) violated - child record found
<< SYS SESSION >>
  SELECT sessionid, entryid, statement, userid, userhost, action#, obj$creator, obj$name
FROM sys.aud$;
 SESSIONID    ENTRYID  STATEMENT USERID     USERHOST      ACTION# OBJ$CREATOR     OBJ$NAME
---------- ---------- ---------- ---------- ---------- ---------- --------------- ----------
   6480464          6         15 SAWON01    oracle            103 HR              EMP
   6480464          7         16 SAWON01    oracle            103 HR              EMP
   6480464          8         17 SAWON01    oracle            103 HR              DEPT
...

SELECT username, owner,obj_name, action_name,
        decode(returncode, '0', 'success', returncode) sess,
        to_char(timestamp,'yyyy-mm-dd hh24:mi:ss') day
FROM dba_audit_object;
USERNAME   OWNER   OBJ_NAME        ACTION_NAME     SESS       DAY
---------- ------- --------------- --------------- ---------- -------------------
SAWON01    HR      EMP             SESSION REC     success    2023-12-26 18:55:00
SAWON01    HR      EMP             SESSION REC     2291       2023-12-26 18:55:50
SAWON01    HR      DEPT            SESSION REC     2292       2023-12-26 18:55:52
...


# 스키마 객체 감사 취소
NOAUDIT SELECT, INSERT, UPDATE, DELETE ON hr.emp;
NOAUDIT SELECT, INSERT, UPDATE, DELETE ON hr.dept;

SELECT owner, object_name, object_type, sel, ins, upd, del FROM dba_obj_audit_opts;
no rows selected

TRUNCATE TABLE sys.aud$;

SELECT username,owner,obj_name,action_name,
        decode(returncode, '0', 'success', returncode) sess,
        to_char(timestamp,'yyyy-mm-dd hh24:mi:ss') day
FROM dba_audit_object;
no rows selected
<< HR SESSION >>
  SELECT * FROM user_tab_privs WHERE grantee IN ('SAWON01', 'SAWON02');
GRANTEE    OWNER   TABLE_NAME      GRANTOR    PRIVILEGE            GRANTABLE  HIE
---------- ------- --------------- ---------- -------------------- ---------- ---
SAWON02    HR      DEPT            HR         SELECT               NO         NO
SAWON01    HR      DEPT            HR         DELETE               NO         NO
SAWON02    HR      EMP             HR         UPDATE               NO         NO
SAWON01    HR      EMP             HR         UPDATE               NO         NO
SAWON02    HR      EMP             HR         SELECT               NO         NO
...

REVOKE ALL ON hr.emp FROM sawon01, sawon02;
REVOKE ALL ON hr.dept FROM sawon01, sawon02;

SELECT * FROM user_tab_privs WHERE grantee IN ('SAWON01', 'SAWON02');
GRANTEE    OWNER   TABLE_NAME      GRANTOR    PRIVILEGE            GRANTABLE  HIE
---------- ------- --------------- ---------- -------------------- ---------- ---
SAWON02    HR      EMPLOYEES       HR         SELECT               NO         NO

 

<< SYS SESSION >>
  GRANT SELECT ANY TABLE TO sawon01, sawon02;

SELECT * FROM dba_sys_privs WHERE grantee IN ('SAWON01','SAWON02');
GRANTEE    PRIVILEGE            ADMIN_OPTION
---------- -------------------- -------------
SAWON02    SELECT ANY TABLE     NO
SAWON01    SELECT ANY TABLE     NO


■ 권한 (privilege) audit
시스템 권한을 선택적으로 감사

AUDIT SELECT ANY TABLE BY sawon01, sawon02 BY SESSION;

SELECT *FROM dba_stmt_audit_opts;
USER_NAME  PROXY_NAME  AUDIT_OPTION         SUCCESS     FAILURE
---------- ----------- -------------------- ----------  ----------
SAWON02    (null)      SELECT ANY TABLE     BY SESSION  BY SESSION
SAWON01    (null)      SELECT ANY TABLE     BY SESSION  BY SESSION

<< SAWON01 SESSION >>
  SELECT * FROM hr.emp;
SELECT * FROM hr.employees;
SELECT * FROM hr.dept;
SELECT * FROM hr.departments;
SELECT * FROM hr.locations;

<< SYS SESSION >>
  SELECT username,owner,obj_name,action_name,
        decode(returncode, '0', 'success', returncode) sess,
        to_char(timestamp,'yyyy-mm-dd hh24:mi:ss') day
FROM dba_audit_object;

 

<< SYS SESSION >>
  SHOW PARAMETER audit_trail
NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
audit_trail                          string      DB

SELECT * FROM v$parameter WHERE NAME = 'audit_trail';
ISSES_MODIFIABLE : FALSE
ISSYS_MODIFIABLE : FALSE


■ audit_trail = db_extended
유저가 실행한 SQL 텍스트 및 변수 값 감사

ALTER SYSTEM SET audit_trail=db_extended SCOPE = SPFILE;

SHUTDOWN IMMEDIATE

STARTUP

SHOW PARAMETER audit_trail
NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
audit_trail                          string      DB_EXTENDED


# 문장 감사
AUDIT TABLE;

SELECT * FROM dba_stmt_audit_opts WHERE audit_option = 'TABLE';
USER_NAME  PROXY_NAME  AUDIT_OPTION         SUCCESS     FAILURE
---------- ----------- -------------------- ----------  ----------
SAWON02    (null)      TABLE                BY ACCESS   BY ACCESS

TRUNCATE TABLE sys.aud$;

SELECT * FROM sys.aud$;

<< SAWON01 SESSION >>
  SELECT * FROM hr.emp;
SELECT * FROM hr.employees;
SELECT * FROM hr.dept;
SELECT * FROM hr.departments;
SELECT * FROM hr.locations;

<< SYS SESSION >>
  SELECT * FROM sys.aud$;

SELECT username, owner, obj_name, action_name,
        decode(returncode, '0', 'success', returncode) sess,
        sql_text, sql_bind
FROM dba_audit_object;
USERNAME   OWNER   OBJ_NAME        ACTION_NAME  SESS     SQL_TEXT                     SQL_BIND
---------- ------- --------------- ------------ -------- ---------------------------- --------
SAWON01    HR      EMP             SESSION REC  success  SELECT * FROM hr.emp
SAWON01    HR      EMPLOYEES       SESSION REC  success  SELECT * FROM hr.employees
SAWON01    HR      DEPT            SESSION REC  success  SELECT * FROM hr.dept
SAWON01    HR      DEPARTMENTS     SESSION REC  success  SELECT * FROM hr.departments
SAWON01    HR      LOCATIONS       SESSION REC  success  SELECT * FROM hr.locations


# 문장 감사 옵션 취소
NOAUDIT TABLE;

SELECT * FROM dba_stmt_audit_opts WHERE audit_option = 'TABLE';
no rows selected

TRUNCATE TABLE SYS.aud$;

SELECT * FROM sys.aud$;
no rows selected

 

<< SYS SESSION >>
  GRANT SELECT ON hr.employees TO sawon01, sawon02;


# 객체 감사
AUDIT SELECT ON hr.employees;

SELECT owner, object_name, object_type, sel, ins, upd, del
FROM dba_obj_audit_opts;
OWNER   OBJECT_NAME                    OBJECT_TYPE             SEL   INS   UPD   DEL
------- ------------------------------ ----------------------- ----- ----- ----- -----
HR      EMPLOYEES                      TABLE                   S/S   -/-   -/-   -/-

<< SAWON01 SESSION >>
  VAR v_id NUMBER

EXECUTE :v_id := 100

PRINT :v_id
      V_Id
----------
       100

SELECT salary FROM hr.employees WHERE employee_id = :v_id;
    SALARY
----------
     24000

<< SAWON02 SESSION >>
  VAR v_dept_id NUMBER

EXECUTE :v_dept_id := 20

PRINT :v_dept_id
 V_DEPT_ID
----------
        20

SELECT salary FROM hr.employees WHERE department_id = :v_dept_id;
    SALARY
----------
     13000
      6000

<< SYS SESSION >>
  SELECT username, owner, obj_name, action_name,
        decode(returncode, '0', 'success', returncode) sess,
        to_char(timestamp,'yyyy-mm-dd hh24:mi:ss') day,
        sql_text, sql_bind
FROM dba_audit_object;
USERNAME  OWNER  OBJ_NAME   ACTION_NAME  SESS     SQL_TEXT                            SQL_BIND
--------- ------ ---------- ------------ -------- ----------------------------------- ---------
SAWON01   HR     EMPLOYEES  SESSION REC  success  select salary from hr.employees ..  #1(3):100
SAWON02   HR     EMPLOYEES  SESSION REC  success  select salary from hr.employees ..  #1(2):20


# 객체 감사 취소
NOAUDIT SELECT ON hr.employees;

SELECT owner, object_name, object_type, sel, ins, upd, del
FROM dba_obj_audit_opts;
no rows selected

TRUNCATE TABLE SYS.aud$;

 

<< SYS SESSION >>
  # 권한 감사
AUDIT SELECT ANY TABLE BY sawon01, sawon02 BY SESSION;

SELECT *FROM dba_stmt_audit_opts WHERE audit_option = 'SELECT ANY TABLE';
USER_NAME  PROXY_NAME  AUDIT_OPTION                   SUCCESS     FAILURE
---------- ----------- ------------------------------ ----------- -----------
SAWON02                SELECT ANY TABLE               BY SESSION  BY SESSION
SAWON01                SELECT ANY TABLE               BY SESSION  BY SESSION
...

<< SAWON01 SESSION >>
  SELECT *FROM hr.locations;

<< SAWON02 SESSION >>
  SELECT *FROM hr.departments;

<< SYS SESSION >>
  SELECT * FROM dba_role_privs WHERE granted_role = 'SAWON_ROLE';
GRANTEE    GRANTED_ROLE                   ADMIN_OPTION  DEFAULT_ROLE
---------- ------------------------------ ------------- -------------
SYS        SAWON_ROLE                     YES           YES
SAWON01    SAWON_ROLE                     NO            YES
SAWON02    SAWON_ROLE                     NO            YES

SELECT * FROM role_tab_privs WHERE ROLE = 'SAWON_ROLE';
ROLE            OWNER   TABLE_NAME                     COLUMN_NAME  PRIVILEGE  GRANTABLE
--------------- ------- ------------------------------ ------------ ---------- ----------
SAWON_ROLE      HR      EMPLOYEES                                   SELECT     NO
SAWON_ROLE      HR      DEPARTMENTS                                 SELECT     NO
...

SELECT username, owner, obj_name, action_name,
        decode(returncode, '0', 'success', returncode) sess,
        to_char(timestamp,'yyyy-mm-dd hh24:mi:ss') day,
        sql_text, sql_bind
FROM dba_audit_object;
USERNAME  OWNER  OBJ_NAME   ACTION_NAME  SESS     SQL_TEXT                            SQL_BIND
--------- ------ ---------- ------------ -------- ----------------------------------- ---------
SAWON01   HR     LOCATIONS  SESSION REC  success  SELECT * FROM hr.locations

>> SELECT ANY TABLE 모든 테이블 감사 대상이지만
SAWON02 유저의 SAWON_ROLE 내 HR.DEPARTMENTS 객체의 SELECT 권한을 가지고 있어 감사대상에서 제외.


# 시스템 권한 감사 취소
NOAUDIT SELECT ANY TABLE BY sawon01, sawon02;

SELECT * FROM dba_stmt_audit_opts WHERE audit_option = 'SELECT ANY TABLE';


TRUNCATE TABLE sys.aud$;

SELECT username, owner, obj_name, action_name,
        decode(returncode, '0', 'success', returncode) sess,
        to_char(timestamp,'yyyy-mm-dd hh24:mi:ss') day,
        sql_text, sql_bind
FROM dba_audit_object;



NOAUDIT SELECT ON hr.employees;

REVOKE ALL ON hr.employees FROM sawon_role;

REVOKE ALL ON hr.departments FROM sawon_role;

REVOKE SELECT ON hr.employees FROM sawon01;

 

'Oracle 11g > Oracle DB' 카테고리의 다른 글

56-2 ORACLE 종속성  (0) 2023.12.28
55 ORACLE Audit, Trigger  (1) 2023.12.27
53 ORACLE Profile, Resource  (1) 2023.12.22
52 ORACLE Role, Execute, Profile  (1) 2023.12.21
51 ORACLE Tablespace, Privilege, Role  (1) 2023.12.20