LESSON 22
What the Unified Audit is
Assuming that you have a
requirement to audit Data Pump export/import and RMAN at your work, then
you need to enable unified audit and configure.
How to enable the
unified auditing
To enable the unified
auditing, you need to shut down all the database components and use the
make command to rebuild the oracle library binary to perform the unified
auditing.
Let us shut down all
components, such as Oracle database and listener for mycdb.
# cd ~
# . ./.profile
# sqlplus /nolog
SQL> connect /
as sysdba
Check that you are on
the right database
SQL> show
parameter name
SQL> SHUTDOWN
IMMEDIATE;
SQL> exit;
Stop the listener.
# lsnrctl stop
Check to see any
processes left.
# ps "ef|grep
oracle
Notice that you should
not have any process running.
Go to the Oracle library
and enable the unified audit option.
# cd $ORACLE_HOME/rdbms/lib
# make "f
ins_rdbms.mk uniaud_on ioracle ORACLE_HOME=$ORACLE_HOME
You will see"
/usr/bin/ar d |
" |
-Linking Oracle |
rm "f /app/oracle/" |
" |
chmod 6751 /app/oracle/" |
Once you successfully
link the objects with the unified audit option, you can start your
oracle components.
Start the listener.
# lsnrctl
start
Now, you can restart the
processes.
# sqlplus /nolog
SQL> connect /
as sysdba
SQL> startup
mount;
SQL> ALTER
DATABASE ARCHIVELOG;
SQL> ALTER
DATABASE OPEN;
Create a policy to audit
your Data Pump export/import operations.
SQL> CREATE
AUDIT POLICY my_dp4export ACTIONS COMPONENT=datapump export;
SQL> CREATE
AUDIT POLICY my_dp4import ACTIONS COMPONENT=datapump import;
Turn on auditing the
created policy.
SQL> AUDIT
POLICY my_dp4export;
SQL> AUDIT
POLICY my_dp4import;
List your existing
policies on the Data Pump export and import operations.
SQL> SELECT
user_name, policy_name FROM audit_unified_enabled_policies
2 WHERE
policy_name LIKE "MY_DP%";
USER_NAME |
POLICY_NAME |
ALL USERS |
MY_DP4EXPORT |
ALL USERS |
MY_DP4IMPORT |
Now if you perform any
data pump export or import operations, you can view them by the
following query using the UNIFIED_AUDIT_TRAIL view.
SQL> SELECT
dbusername, dp_text_parameters1, dp_boolean_parameters1
2 FROM
unified_audit_trail WHERE dp_text_parameters1 IS NOT NULL;
How to audit RMAN
backups
For the RMAN backups,
you do not need to create any unified audit policy. It will be audited
by default. But to view the audited operation, you need to use the
RMAN_OPERATION column in the UNIFIED_AUDIT_TRAIL view.
SQL> SELECT
dbusername, rman_operation
2 FROM
unified_audit_trail WHERE rman_operation IS NOT NULL;
Good Luck!
|