Scribd Logo
Upload

Welcome to Scribd!

  • 12c Auditingfeatures 131119041508 Phpapp02

    Uploaded by

    Thota Mahesh Dba
    20 views9 pages
    k

    Original Title

    12c-auditingfeatures-131119041508-phpapp02

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    k

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    20 views9 pages

    12c Auditingfeatures 131119041508 Phpapp02

    Uploaded by

    Thota Mahesh Dba
    k

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    12c - Auditing for Data Pump and RMAN jobs

    12c : Audit features testing Step1: Stop Enterprise Manager, listener and database services Step2 :Enable the Unified Audit option ---------------------------------------oracle@rac1:/usr/app/oracle/product/12.1.0.1$ cd $ORACLE_HOME/rdbms/lib oracle@rac1:/usr/app/oracle/product/12.1.0.1/rdbms/lib$ make -f ins_rdbms.mk uniaud_on ioracle ORACLE_HOME=$ORACLE_HOME /usr/ccs/bin/ar d /usr/app/oracle/product/12.1.0.1/rdbms/lib/libknlopt.a kzanang.o /usr/ccs/bin/ar cr /usr/app/oracle/product/12.1.0.1/rdbms/lib/libknlopt.a /usr/app/oracle/product/12.1.0.1/rdbms/lib/kzaiang.o chmod 755 /usr/app/oracle/product/12.1.0.1/bin - Linking Oracle rm -f /usr/app/oracle/product/12.1.0.1/rdbms/lib/oracle /usr/ccs/bin/ld -o /usr/app/oracle/product/12.1.0.1/rdbms/lib/oracle L/usr/app/oracle/product/12.1.0.1/r dbms/lib/ L/usr/app/oracle/product/12.1.0.1/lib/ -dy /usr/app/oracle/product/12.1.0.1/lib/prod/lib/v9/crti .o /usr/app/oracle/product/12.1.0.1/lib/prod/lib/v9/crt1.o /usr/app/oracle/product/12.1.0.1/rdbms/lib/opim ai.o /usr/app/oracle/product/12.1.0.1/rdbms/lib/ssoraed.o /usr/app/oracle/product/12.1.0.1/rdbms/lib/ttcsoi .o -z allextract -lperfsrv12 -z defaultextract /usr/app/oracle/product/12.1.0.1/lib/nautab.o /usr/app/orac le/product/12.1.0.1/lib/naeet.o /usr/app/oracle/product/12.1.0.1/lib/naect.o /usr/app/oracle/product/12.1.0 .1/lib/naedhs.o /usr/app/oracle/product/12.1.0.1/rdbms/lib/config.o -lserver12 -lodm12 -lcell12 -lnnet12 -lskgxp12 -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 -lxml12 -lcore12 lunls12 -lsnls12 -lnls12 -lcore12 -lnls12 -lclient12 -lvsn12 -lcommon12 lgeneric12 -lknlopt `if /usr/ccs/bin/a r tv /usr/app/oracle/product/12.1.0.1/rdbms/lib/libknlopt.a | grep xsyeolap.o > /dev/null 2>&1 ; then echo "-loraolap12" ; fi` -lskjcx12 -lslax12 -lpls12 -lplp12 -lserver12 -lclient12 lvsn12 -lcommon12 -lgeneri c12 `if [ -f /usr/app/oracle/product/12.1.0.1/lib/libavserver12.a ] ; then echo "-lavserver12" ; else echo "-lavstub12"; fi` `if [ -f /usr/app/oracle/product/12.1.0.1/lib/libavclient12.a ] ; then echo "lavclient12 " ; fi` -lknlopt -lslax12 -lpls12 -lplp12 -ljavavm12 -lserver12 -lwwg `cat /usr/app/oracle/product/12.1 .0.1/lib/ldflags` -lncrypt12 -lnsgr12 -lnzjs12 ln12 -lnl12 -lnro12 `cat /usr/app/oracle/product/12.1.0. 1/lib/ldflags` -lncrypt12 -lnsgr12 -lnzjs12 -ln12 -lnl12 -lnnzst12 -lzt12 -lztkg12 -lmm -lsnls12 -lnls1 2 lcore12 -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 -lxml12 -lcore12 -lunls12 -lsnls12 -lnls12 lcore1 2 -lnls12 -lztkg12 `cat /usr/app/oracle/product/12.1.0.1/lib/ldflags` lncrypt12 -lnsgr12 -lnzjs12 -ln1 2 -lnl12 -lnro12 `cat /usr/app/oracle/product/12.1.0.1/lib/ldflags` -lncrypt12 -lnsgr12 -lnzjs12 -ln12 lnl12 -lnnzst12 -lzt12 -lztkg12 -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 -lcore12 -lsnls12 lnls12 -l xml12 -lcore12 -lunls12 -lsnls12 -lnls12 -lcore12 -lnls12 `if /usr/ccs/bin/ar tv /usr/app/oracle/product/ 12.1.0.1/rdbms/lib/libknlopt.a | grep
    Tested by : Monowar Mukul (OCM 11g BDA) Page 1

    12c - Auditing for Data Pump and RMAN jobs


    "kxmnsd.o" > /dev/null 2>&1 ; then echo " " ; else echo "-lordsdo12"; fi` L/usr/app/oracle/product/12.1.0.1/ctx/lib/ -lctxc12 -lctx12 -lzx12 -lgx12 -lctx12 -lzx12 -lgx12 lord imt12 -lclsra12 -ldbcfg12 -lhasgen12 -lskgxn2 -lnnzst12 -lzt12 -lxml12 locr12 -locrb12 -locrutl12 -lhas gen12 -lskgxn2 -lnnzst12 -lzt12 -lxml12 lgeneric12 -loraz -llzopro -lorabz2 -lsnls12 -lnls12 -l core12 -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 -lxml12 -lcore12 -lunls12 -lsnls12 -lnls12 -lcore12 -ln ls12 -lsnls12 -lunls12 -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 -lcore12 -lsnls12 -lnls12 lxml12 -lc ore12 -lunls12 -lsnls12 -lnls12 -lcore12 -lnls12 -lasmclnt12 lcommon12 -lcore12 -ldtrace -lons `cat /usr/app/oracle/product/12.1.0.1/lib/sysliblist` -R /opt/SUNWcluster/lib/sparcv9 R/usr/app/oracle/product/ 12.1.0.1/lib -R /opt/ORCLcluster/lib/ L/opt/SUNWcluster/lib/sparcv9 -L/opt/ORCLcluster/lib/ -L/usr/ccs/l ib/sparcv9 L/usr/lib/sparcv9 -Qy -lm /usr/app/oracle/product/12.1.0.1/lib/prod/lib/v9/crtn.o test ! -f /usr/app/oracle/product/12.1.0.1/bin/oracle ||\ mv -f /usr/app/oracle/product/12.1.0.1/bin/oracle /usr/app/oracle/product/12.1.0.1/bin/oracleO mv /usr/app/oracle/product/12.1.0.1/rdbms/lib/oracle /usr/app/oracle/product/12.1.0.1/bin/oracle chmod 6751 /usr/app/oracle/product/12.1.0.1/bin/oracle Step3: Startup database -------------------------------SQL> startup For DATA PUMP auditing we need to create audit policy and for RMAN no need to create audit policy (By default) if unified audit is enabled. +++++++++++++++++++++++++++++ i. Testing for Data Pump EXPORT +++++++++++++++++++++++++++++ SQL> connect sh/sh Connected. Create a policy for Data Pump audit -----------------------------------SQL> create audit policy AUD_DP 2 actions 3 component=datapump export; Audit policy created. Enable the Audit Policy ------------------------SQL> audit policy AUD_DP; Audit succeeded.

    Tested by : Monowar Mukul (OCM 11g BDA)

    Page 2

    12c - Auditing for Data Pump and RMAN jobs


    Verify the policy -----------------col user_name format A10 col policy_name format A10 Select * from audit_unified_enabled_policies where policy_name like '%DP%'; Taking an Export of SH.CUSTOMERS table ---------------------------------------SQL> create directory dp_dir as '/usr/app/oracle/monowar'; Directory created. SQL> grant all on directory dp_dir to system; Grant succeeded. SQL> !expdp system directory= dp_dir dumpfile=CUSTOMERS.dmp tables=SH.CUSTOMERS reuse_dumpfiles=Y
    Export: Release 12.1.0.1.0 - Production on Mon Nov 18 09:11:34 2013 Copyright (c) 1982, 2013, Oracle and/or its affiliates. All rights reserved. Password: Connected to: Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options Starting "SYSTEM"."SYS_EXPORT_TABLE_01": system/******** dumpfile=CUSTOMERS.dmp tables=SH.CUSTOMERS reuse_dumpfiles=Y Estimate in progress using BLOCKS method... Processing object type TABLE_EXPORT/TABLE/TABLE_DATA Total estimation using BLOCKS method: 13 MB Processing object type TABLE_EXPORT/TABLE/TABLE Processing object type TABLE_EXPORT/TABLE/GRANT/OWNER_GRANT/OBJECT_GRANT Processing object type TABLE_EXPORT/TABLE/COMMENT Processing object type TABLE_EXPORT/TABLE/INDEX/INDEX Processing object type TABLE_EXPORT/TABLE/CONSTRAINT/CONSTRAINT Processing object type TABLE_EXPORT/TABLE/INDEX/STATISTICS/INDEX_STATISTICS Processing object type TABLE_EXPORT/TABLE/CONSTRAINT/REF_CONSTRAINT Processing object type TABLE_EXPORT/TABLE/INDEX/BITMAP_INDEX/INDEX Processing object type TABLE_EXPORT/TABLE/INDEX/STATISTICS/BITMAP_INDEX/INDEX_STATISTICS Processing object type TABLE_EXPORT/TABLE/STATISTICS/TABLE_STATISTICS Processing object type TABLE_EXPORT/TABLE/STATISTICS/MARKER . . exported "SH"."CUSTOMERS" 10.27 MB 55500 rows Master table "SYSTEM"."SYS_EXPORT_TABLE_01" successfully loaded/unloaded ****************************************************************************** Dump file set for SYSTEM.SYS_EXPORT_TABLE_01 is: /usr/app/oracle/admin/MONDB01/dpdump/CUSTOMERS.dmp Job "SYSTEM"."SYS_EXPORT_TABLE_01" successfully completed at Mon Nov 18 09:12:46 2013 elapsed 0 00:01:02

    Tested by : Monowar Mukul (OCM 11g BDA)

    Page 3

    12c - Auditing for Data Pump and RMAN jobs


    View The Audit information for the Data Pump export ---------------------------------------------------------------------SQL> select DBUSERNAME,DP_TEXT_PARAMETERS1, DP_BOOLEAN_PARAMETERS1 from UNIFIED_AUDIT_TRAIL where DP_TEXT_PARAMETERS1 is not null; no rows selected Flush the data from memory to disk ------------------------------------------SQL> exec sys.DBMS_AUDIT_MGMT.FLUSH_UNIFIED_AUDIT_TRAIL; PL/SQL procedure successfully completed. SQL> select DBUSERNAME,DP_TEXT_PARAMETERS1, DP_BOOLEAN_PARAMETERS1 from UNIFIED_AUDIT_TRAIL where DP_TEXT_PARAMETERS1 is not null;
    DBUSERNAME -----------------------------DP_TEXT_PARAMETERS1 -------------------------------------------------------------------------------DP_BOOLEAN_PARAMETERS1 -------------------------------------------------------------------------------SYSTEM MASTER TABLE: "SYSTEM"."SYS_EXPORT_TABLE_01" , JOB_TYPE: EXPORT, METADATA_JOB_M ODE: TABLE_EXPORT, JOB VERSION: 12.1.0.0.0, ACCESS METHOD: AUTOMATIC, DATA OPTIO NS: 0, DUMPER DIRECTORY: NULL REMOTE LINK: NULL, TABLE EXISTS: NULL, PARTITION OPTIONS: NONE MASTER_ONLY: FALSE, DATA_ONLY: FALSE, METADATA_ONLY: FALSE, DUMPFILE_PRESENT: TR UE, JOB_RESTARTED: FALSE

    +++++++++++++++++++++++++++++ ii. Testing for Data Pump Import +++++++++++++++++++++++++++++ SQL> connect monowar/password Connected. Create a policy for Data Pump audit -----------------------------------SQL> create audit policy AUD_DP_IMP 2 actions 3 component=datapump import; Audit policy created.

    Tested by : Monowar Mukul (OCM 11g BDA)

    Page 4

    12c - Auditing for Data Pump and RMAN jobs


    Enable the Audit Policy ------------------------SQL> audit policy AUD_DP_IMP; Audit succeeded. Verify the policy -----------------SQL> col user_name format A10 SQL> col policy_name format A10 SQL> Select * from audit_unified_enabled_policies 2 where policy_name like '%IMP%'; USER_NAME POLICY_NAM ENABLED_ SUC FAI ---------- ---------- -------- --- --ALL USERS AUD_DP_IMP BY YES YES Running IMPORT job ---------------------SQL> !impdp system directory= dp_dir dumpfile=CUSTOMERS.dmp logfile=imp.log
    Import: Release 12.1.0.1.0 - Production on Mon Nov 18 14:58:24 2013 Copyright (c) 1982, 2013, Oracle and/or its affiliates. All rights reserved. Password: Connected to: Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options Master table "SYSTEM"."SYS_IMPORT_FULL_01" successfully loaded/unloaded Starting "SYSTEM"."SYS_IMPORT_FULL_01": system/******** directory= dumpfile=CUSTOMERS.dmp logfile=imp.log Processing object type TABLE_EXPORT/TABLE/TABLE ORA-39151: Table "SH"."CUSTOMERS" exists. All dependent metadata and data will be skipped due to table_exists_action of skip Processing object type TABLE_EXPORT/TABLE/TABLE_DATA Processing object type TABLE_EXPORT/TABLE/GRANT/OWNER_GRANT/OBJECT_GRANT Processing object type TABLE_EXPORT/TABLE/COMMENT Processing object type TABLE_EXPORT/TABLE/INDEX/INDEX Processing object type TABLE_EXPORT/TABLE/CONSTRAINT/CONSTRAINT Processing object type TABLE_EXPORT/TABLE/INDEX/STATISTICS/INDEX_STATISTICS Processing object type TABLE_EXPORT/TABLE/CONSTRAINT/REF_CONSTRAINT Processing object type TABLE_EXPORT/TABLE/INDEX/BITMAP_INDEX/INDEX Processing object type TABLE_EXPORT/TABLE/INDEX/STATISTICS/BITMAP_INDEX/INDEX_STATISTICS Processing object type TABLE_EXPORT/TABLE/STATISTICS/TABLE_STATISTICS Processing object type TABLE_EXPORT/TABLE/STATISTICS/MARKER Job "SYSTEM"."SYS_IMPORT_FULL_01" completed with 1 error(s) at Mon Nov 18 14:58:37 2013 elapsed 0 00:00:06

    View The Audit information for the Data Pump import ---------------------------------------------------------------------select DBUSERNAME,DP_TEXT_PARAMETERS1, DP_BOOLEAN_PARAMETERS1
    Tested by : Monowar Mukul (OCM 11g BDA) Page 5

    12c - Auditing for Data Pump and RMAN jobs


    from UNIFIED_AUDIT_TRAIL where DP_TEXT_PARAMETERS1 like '%IMP%'; DBUSERNAME -----------------------------DP_TEXT_PARAMETERS1 -------------------------------------------------------------------------------DP_BOOLEAN_PARAMETERS1 -------------------------------------------------------------------------------SYSTEM MASTER TABLE: "SYSTEM"."SYS_IMPORT_FULL_01" , JOB_TYPE: IMPORT, METADATA_JOB_MO DE: DATABASE_EXPORT, JOB VERSION: 12.1.0.0.0, ACCESS METHOD: AUTOMATIC, DATA OPT IONS: 0, DUMPER DIRECTORY: NULL REMOTE LINK: NULL, TABLE EXISTS: SKIP, PARTITIO N OPTIONS: NONE MASTER_ONLY: FALSE, DATA_ONLY: FALSE, METADATA_ONLY: FALSE, DUMPFILE_PRESENT: TR UE, JOB_RESTARTED: FALSE RMAN Backup Audit -----------------------If the Unified Audit option is enabled then we do not need to create any audit policy for RMAN operation. It is audited by default RMAN> connect target sys@mondb01 target database Password: connected to target database: MONDB01 (DBID=3064727078) RMAN> CONFIGURE channel device type disk format '/BPELAIT2/MONDB01/BKP/%U'; new RMAN configuration parameters: CONFIGURE CHANNEL DEVICE TYPE DISK FORMAT '/BPELAIT2/MONDB01/BKP/%U'; new RMAN configuration parameters are successfully stored RMAN> select tablespace_name from dba_tablespaces; TABLESPACE_NAME -----------------------------SYSTEM SYSAUX UNDOTBS1 TEMP
    Tested by : Monowar Mukul (OCM 11g BDA) Page 6

    12c - Auditing for Data Pump and RMAN jobs


    USERS EXAMPLE MGMT_ECM_DEPOT_TS MGMT_TABLESPACE MGMT_AD4J_TS TSTADO SPACE_PRESS TEST_ARCH 12 rows selected oracle@rac1:/home/oracle$ rman target sys@mondb01 Recovery Manager: Release 12.1.0.1.0 - Production on Mon Nov 18 15:42:28 2013 Copyright (c) 1982, 2013, Oracle and/or its affiliates. All rights reserved. target database Password: connected to target database: MONDB01 (DBID=3064727078) RMAN> backup tablespace example; Starting backup at 18-NOV-13 using target database control file instead of recovery catalog allocated channel: ORA_DISK_1 channel ORA_DISK_1: SID=357 device type=DISK channel ORA_DISK_1: starting full datafile backup set channel ORA_DISK_1: specifying datafile(s) in backup set input datafile file number=00002 name=/BPELAIT2/MONDB01/MONDB01/example01.dbf channel ORA_DISK_1: starting piece 1 at 18-NOV-13 channel ORA_DISK_1: finished piece 1 at 18-NOV-13 piece handle=/BPELAIT2/MONDB01/BKP/02op9dc0_1_1 tag=TAG20131118T154256 comment=NONE channel ORA_DISK_1: backup set complete, elapsed time: 00:00:03 Finished backup at 18-NOV-13 Starting Control File and SPFILE Autobackup at 18-NOV-13 piece handle=/usr/app/oracle/product/12.1.0.1/dbs/c-3064727078-20131118-00 comment=NONE Finished Control File and SPFILE Autobackup at 18-NOV-13 RMAN> select name from v$datafile; NAME -------------------------------------------------------------------------------/BPELAIT2/MONDB01/MONDB01/system01.dbf
    Tested by : Monowar Mukul (OCM 11g BDA) Page 7

    12c - Auditing for Data Pump and RMAN jobs


    /BPELAIT2/MONDB01/MONDB01/example01.dbf /BPELAIT2/MONDB01/MONDB01/sysaux01.dbf /BPELAIT2/MONDB01/MONDB01/undotbs01.dbf /BPELAIT2/MONDB01/MONDB01/mgmt_depot.dbf /BPELAIT2/MONDB01/MONDB01/users01.dbf /BPELAIT2/MONDB01/MONDB01/mgmt.dbf /BPELAIT2/MONDB01/MONDB01/mgmt_ad4j.dbf /BPELAIT2/MONDB01/MONDB01/online/sp1.dbf /BPELAIT2/MONDB01/MONDB01/sp1.dbf /BPELAIT2/MONDB01/MONDB01/test_arch01.dbf 11 rows selected From other session ---------------------$ rm /BPELAIT2/MONDB01/MONDB01/example01.dbf RMAN> alter tablespace EXAMPLE offline immediate; Statement processed RMAN> restore tablespace EXAMPLE; Starting restore at 18-NOV-13 using channel ORA_DISK_1 channel ORA_DISK_1: starting datafile backup set restore channel ORA_DISK_1: specifying datafile(s) to restore from backup set channel ORA_DISK_1: restoring datafile 00002 to /BPELAIT2/MONDB01/MONDB01/example01.dbf channel ORA_DISK_1: reading from backup piece /BPELAIT2/MONDB01/BKP/02op9dc0_1_1 channel ORA_DISK_1: piece handle=/BPELAIT2/MONDB01/BKP/02op9dc0_1_1 tag=TAG20131118T154256 channel ORA_DISK_1: restored backup piece 1 channel ORA_DISK_1: restore complete, elapsed time: 00:00:03 Finished restore at 18-NOV-13 RMAN> recover tablespace EXAMPLE; Starting recover at 18-NOV-13 using channel ORA_DISK_1 starting media recovery media recovery complete, elapsed time: 00:00:00

    Tested by : Monowar Mukul (OCM 11g BDA)

    Page 8

    12c - Auditing for Data Pump and RMAN jobs


    Finished recover at 18-NOV-13 RMAN> alter tablespace EXAMPLE online; Statement processed Now View the Audit Data ------------------------RMAN> select DBUSERNAME, RMAN_OPERATION, RMAN_DEVICE_TYPE, RMAN_OBJECT_TYPE, RMAN_SESSION_STAMP from unified_audit_trail where RMAN_OPERATION is not null;

    no rows selected Flush the data from memory to disk ----------------------------------exec sys.DBMS_AUDIT_MGMT.FLUSH_UNIFIED_AUDIT_TRAIL; SQL> select DBUSERNAME, RMAN_OPERATION, RMAN_DEVICE_TYPE, RMAN_OBJECT_TYPE, RMAN_SESSION_STAMP from unified_audit_trail where RMAN_OPERATION is not null; 2 3 DBUSERNAME RMAN_OPERATION RMAN_ RMAN_OBJECT_TYPE ------------------------------ -------------------- ----- -------------------RMAN_SESSION_STAMP -----------------SYS Recover None DF Full 831889106 SYS 831889106 SYS 831889106 Backup Disk DF Full Restore Disk DF Full

    Tested by : Monowar Mukul (OCM 11g BDA)

    Page 9

    You might also like