xzero 2019-12-08
今天主要介绍一下关于Oracle安全的核心4大触发器,主要是做审计用,仅供参考。
CREATE OR REPLACE TRIGGER Login_Audit_Trigger AFTER LOGON ON DATABASE /* ||名称:会话登陆事件审计触发器 ||说明: */ DECLARE Session_Id_Var NUMBER; /* 会话ID */ Os_User_Var VARCHAR2(200); /* 终端OS用户 */ IP_Address_Var VARCHAR2(200); /* 终端IP */ Terminal_Var VARCHAR2(200); /* 终端 */ Host_Var VARCHAR2(200); /* 终端主机名 */ BEGIN /* 获取登陆用户信息 */ SELECT SYS_CONTEXT('USERENV', 'SESSIONID'), SYS_CONTEXT('USERENV', 'OS_USER'), SYS_CONTEXT('USERENV', 'IP_ADDRESS'), SYS_CONTEXT('USERENV', 'TERMINAL'), SYS_CONTEXT('USERENV', 'HOST') INTO Session_Id_Var, Os_User_Var, IP_Address_Var, Terminal_Var, Host_Var FROM DUAL; /* 记录登陆审计信息 */ INSERT INTO Audit_Login_DB (Session_Id, /* 会话ID */ OS_User, /* 终端OS用户 */ IP_Address, /* 终端IP地址 */ Terminal, /* 终端 */ Host, /* 终端主机名 */ User_Name, /* ORACLE 用户名*/ LogOn_Date, /* 登陆时间 */ LogOff_Date, /* 登离时间 */ Elapsed_Minutes /* 在线时间 */) VALUES (Session_Id_Var, Os_User_Var, IP_Address_Var, Terminal_Var, Host_Var, USER, SYSDATE, NULL, NULL); COMMIT; EXCEPTION WHEN OTHERS THEN NULL; END Login_Audit_Trigger;
CREATE OR REPLACE TRIGGER LogOff_Audit_Trigger BEFORE LOGOFF ON DATABASE /* ||名称:会话登离事件审计触发器 ||说明: */ DECLARE Session_Id_Var NUMBER; /* 会话ID */ BEGIN /* 获取登陆用户信息 */ SELECT SYS_CONTEXT('USERENV', 'SESSIONID') INTO Session_Id_Var FROM DUAL; /* 更新会话审计记录信息 */ UPDATE Audit_Login_DB SET LogOff_Date = SYSDATE, Elapsed_Minutes = ROUND((SYSDATE - LogOn_Date) * 1440) WHERE Session_Id = Session_Id_Var; --WHERE SYS_CONTEXT('USERENV','SESSIONID') = Session_Id; COMMIT; EXCEPTION WHEN OTHERS THEN NULL; END LogOff_Audit_Trigger;
CREATE OR REPLACE TRIGGER DDL_Audit_Trigger AFTER DDL ON DATABASE /* ||名称:DDL事件审计触发器 ||说明: */ DECLARE Session_Id_Var NUMBER; /* 会话ID */ Os_User_Var VARCHAR2(200); /* 终端OS用户 */ IP_Address_Var VARCHAR2(200); /* 终端IP */ Terminal_Var VARCHAR2(200); /* 终端 */ Host_Var VARCHAR2(200); /* 终端主机名 */ Cut NUMBER; /* SQL列表长度 */ Sql_Text ORA_NAME_LIST_T; /* SQL_TEXT 列表 */ L_Trace NUMBER; /* 循环执行条件 */ DDL_Sql_Var VARCHAR2(2000); /* DDL语句 */ BEGIN /* 获取操作用户信息 */ SELECT SYS_CONTEXT('USERENV', 'SESSIONID'), SYS_CONTEXT('USERENV', 'OS_USER'), SYS_CONTEXT('USERENV', 'IP_ADDRESS'), SYS_CONTEXT('USERENV', 'TERMINAL'), SYS_CONTEXT('USERENV', 'HOST') INTO Session_Id_Var, Os_User_Var, IP_Address_Var, Terminal_Var, Host_Var FROM DUAL; /* 获取DDL SQL语句 */ BEGIN SELECT COUNT(*) INTO L_Trace FROM DUAL WHERE ORA_DICT_OBJ_NAME NOT LIKE 'MLOG%' AND ORA_DICT_OBJ_NAME NOT LIKE '%LOG' AND UTL_INADDR.GET_HOST_ADDRESS IS NOT NULL AND SYS_CONTEXT('USERENV', 'IP_ADDRESS') IS NOT NULL AND SYS_CONTEXT('USERENV', 'IP_ADDRESS') <> UTL_INADDR.GET_HOST_ADDRESS; IF L_Trace > 0 THEN Cut := ORA_SQL_TXT(Sql_Text); FOR i IN 1 .. Cut LOOP DDL_Sql_Var := SUBSTR(DDL_Sql_Var || Sql_Text(i), 1, 2000); END LOOP; END IF; EXCEPTION WHEN OTHERS THEN NULL; END; /* 记录登陆审计信息 */ INSERT INTO Audit_DDL_OBJ (Opr_Time, /* 操作时间 */ Session_Id, /* 会话ID */ OS_User, /* 终端OS用户 */ IP_Address, /* 终端IP地址 */ Terminal, /* 终端 */ Host, /* 终端主机名 */ User_Name, /* ORACLE 用户名*/ DDL_Type, /* DDL操作类型 */ DDL_Sql, /* DDL语句 */ Object_Type, /* 操作对象类型 */ Owner, /* 对象拥有者 */ Object_Name /* 对象名称 */) VALUES (SYSDATE, Session_Id_Var, Os_User_Var, IP_Address_Var, Terminal_Var, Host_Var, ORA_LOGIN_USER, ORA_SYSEVENT, DDL_Sql_Var, ORA_DICT_OBJ_TYPE, ORA_DICT_OBJ_OWNER, ORA_DICT_OBJ_NAME); COMMIT; EXCEPTION WHEN OTHERS THEN NULL; END DDL_Audit_Trigger;
CREATE OR REPLACE TRIGGER delete_log_trigger AFTER DELETE ON rfuser.io_log_detail /* ||名称:核心表删除事件审计触发器 ||说明: */ FOR EACH ROW BEGIN INSERT INTO record_log SELECT :old.ERR_DESC, USER, SYSDATE, sys_context('userenv', 'ip_address'), q.sql_text, :OLD.START_TIME FROM v$sql q, v$session s WHERE s.audsid = (SELECT userenv('SESSIONID') FROM dual) AND s.sql_id = q.sql_id; END delete_log_trigger;
觉得有用的朋友多帮忙转发哦!后面会分享更多devops和DBA方面的内容,感兴趣的朋友可以关注下~