|
文档课题:删除审计表aud$,用户无法连接数据库的测试. 数据库:oracle 11.2.0.464位 系统:centos 7.964位 环境:单实例 1、理论知识数据库开启审计的情况下,aud$会记录非sys用户的登陆登出记录.若aud$表被不小心删除,虽然数据库能正常打开,sys用户也能登录到数据库,并能查询所有数据,但除sys用户外的其它用户均无法正常登陆登出数据库. 2、场景模拟[oracle@liujun~]$ sqlplus leo/leo@orcl SQL*Plus:Release 11.2.0.4.0 Production on Thu Oct 13 16:04:51 2022 Copyright(c) 1982, 2013, Oracle. All rightsreserved. Connectedto: OracleDatabase 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production With thePartitioning, OLAP, Data Mining and Real Application Testing options leo@ORCL2022-10-13 16:04:51> 说明:用户leo正常连接. sys@ORCL13-OCT-22> select owner,segment_name,segment_type,tablespace_name fromdba_segments where segment_name='AUD$' OWNER SEGMENT_NAME SEGMENT_TYPE TABLESPACE_NAME ------------------------- ------------------ ------------------------------ SYS AUD$ TABLE AUD_TBS sys@ORCL13-OCT-22> show parameter audi NAME TYPE VALUE ----------------------------------------------- ------------------------------ audit_file_dest string /u01/app/oracle/app/oracle/adm in/orcl/adump audit_sys_operations boolean TRUE audit_syslog_level string audit_trail string DB 说明:数据库审计级别为DB. sys@ORCL13-OCT-22> drop table aud$; Tabledropped. leo@ORCL2022-10-13 16:07:03> exit ERROR: ORA-00600:internal error code, arguments: [ktcrab: caller passed invalid xcb], [4],[0x0E7971A28], [0x000000000], [2], [1802], [], [], [], [], [], [] ORA-00604:error occurred at recursive SQL level 1 ORA-00942:table or view does not exist Disconnectedfrom Oracle Database 11g Enterprise Edition Release 11.2.0.4.0 - 64bitProduction With thePartitioning, OLAP, Data Mining and Real Application Testing options (withcomplications) [oracle@liujun~]$ sqlplus leo/leo@orcl SQL*Plus:Release 11.2.0.4.0 Production on Thu Oct 13 16:07:30 2022 Copyright(c) 1982, 2013, Oracle. All rightsreserved. ERROR: ORA-00604:error occurred at recursive SQL level 1 ORA-00942:table or view does not exist ORA-02002:error while writing to audit trail ORA-00604:error occurred at recursive SQL level 1 ORA-00942:table or view does not exist 说明:异常场景被成功模拟出来,用户leo在aud$表被删除的情况下,登出登陆均出现异常. 3、解决方案按如下语句,sys用户重建审计表aud$. sys@ORCL13-OCT-22> create table AUD$ ( sessionid NUMBER not null, entryid NUMBER not null, statement NUMBER not null, timestamp# DATE, userid VARCHAR2(30), userhost VARCHAR2(128), terminal VARCHAR2(255), action# NUMBER not null, returncode NUMBER not null, obj$creator VARCHAR2(30), obj$name VARCHAR2(128), auth$privileges VARCHAR2(16), auth$grantee VARCHAR2(30), new$owner VARCHAR2(30), new$name VARCHAR2(128), ses$actions VARCHAR2(19), ses$tid NUMBER, logoff$lread NUMBER, logoff$pread NUMBER, logoff$lwrite NUMBER, logoff$dead NUMBER, logoff$time DATE, comment$text VARCHAR2(4000), clientid VARCHAR2(64), spare1 VARCHAR2(255), spare2 NUMBER, obj$label RAW(255), ses$label RAW(255), priv$used NUMBER, sessioncpu NUMBER, ntimestamp# TIMESTAMP(6), proxy$sid NUMBER, user$guid VARCHAR2(32), instance# NUMBER, process# VARCHAR2(16), xid RAW(8), auditid VARCHAR2(64), scn NUMBER, dbid NUMBER, sqlbind CLOB, sqltext CLOB, obj$edition VARCHAR2(30) ) tablespace AUD_TBS pctfree 10 pctused 40 initrans 1 maxtrans 255 storage ( initial 64K next 1M minextents 1 maxextents unlimited ); sys@ORCL13-OCT-22> grant delete on aud$ to DELETE_CATALOG_ROLE; Grantsucceeded. 4、验证[oracle@liujun~]$ sqlplus leo/leo@orcl SQL*Plus:Release 11.2.0.4.0 Production on Thu Oct 13 16:09:45 2022 Copyright(c) 1982, 2013, Oracle. All rightsreserved. Connectedto: OracleDatabase 11g Enterprise Edition Release 11.2.0.4.0 - 64bit Production With thePartitioning, OLAP, Data Mining and Real Application Testing options leo@ORCL2022-10-13 16:09:45> 结论:在开启审计的场景中,aud$审计表被删除后非sys用户登陆会出现异常,重建后恢复正常.
| 
|手机版|小黑屋|重庆思庄Oracle、Redhat认证学习论坛
( 渝ICP备12004239号-4 )
发表于 2022-11-28 19:22:58
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
支持
反对