maclean liu, profile picture
Uploaded bymaclean liu
674 views

Oracle数据库安全:11g默认审计选项

本文件讨论了 Oracle 数据库 11g 的默认审计选项,强调 audit_trail 参数的设置及其对性能的影响。它提到创建会话审计记录的策略以及数据存储管理的重要性,并提供了一些 SQL 查询示例来分析审计日志。还介绍了如何通过审计记录快速识别密码暴力破解行为和数据库登录失败的问题。

Embed presentation

Downloaded 19 times
Oracle 数据库安全:11g 默认审计选项 by Maclean.liu liu.maclean@gmail.com www.oracledatabase12g.com
About Me l Email:liu.maclean@gmail.com l Blog:www.oracledatabase12g.com l Oracle Certified Database Administrator Master 10g and 11g l Over 6 years experience with Oracle DBA technology l Over 7 years experience with Linux technology l Member Independent Oracle Users Group l Member All China Users Group l Presents for advanced Oracle topics: RAC, DataGuard, Performance Tuning and Oracle Internal.
11g 默认启用强大的审计选项,AUDIT_TRAIL 参数的缺省值为 DB,这意为着审计数据将记 录在数据库中的 AUD$审计字典基表上。 Oracle 官方宣称默认启用的审计日志不会对绝大多 数产品数据库的性能带来过大的负面影响,同时 Oracle 公司还推荐使用基于 OS 文件的审计 日志记录 方式(OS audit trail files)。 注意因为在 11g 中 CREATE SESSION 将被作为受审计的权限来被记录,因此当 SYSTEM 表 空间因磁盘空间而无法扩展时将导致这部分审计记录无法生成,这将最终导致普通用户的新 会话将无法正常创建,普通用户将无法登陆数据库。在这种场景中仍可以使用 SYSDBA 身 份的用户创建会话,在将审计数据合适备份后删除一部分记录,或者干 脆 TRUNCATE AUD$都可以解决上述问题。 当 AUDIT_TRAIL 设置为 OS 时,审计记录文件将在 AUDIT_FILE_DEST 参数所指定的目录 中生成。全部这些文件均可以随时被删除或复制。 注意在默认情况下会以 AUTOEXTEND ON 自动扩展选项创建 SYSTEM 表空间,因此系统 表空间在必要情况下还是会自动增长的,我们所需注意的是磁盘上的剩余空间是否能够满足 其增长需求,以及 数据文件扩展的上限,对于普通的 8k smallfile 表空间而言单个数据文件 的最大尺寸是 32G。 以下权限将对所有用户审计: SQL> select * from v$version; BANNER -------------------------------------------------------------------------------- Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production PL/SQL Release 11.2.0.2.0 - Production CORE 11.2.0.2.0 Production TNS for Linux: Version 11.2.0.2.0 - Production NLSRTL Version 11.2.0.2.0 - Production SQL> select * from global_name; GLOBAL_NAME -------------------------------------------------------------------------------- www.oracledatabase12g.com
SQL> select privilege,success,failure from dba_priv_audit_opts; PRIVILEGE SUCCESS FAILURE ---------------------------------------- ---------- ---------- CREATE EXTERNAL JOB BY ACCESS BY ACCESS CREATE ANY JOB BY ACCESS BY ACCESS GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS EXEMPT ACCESS POLICY BY ACCESS BY ACCESS CREATE ANY LIBRARY BY ACCESS BY ACCESS GRANT ANY PRIVILEGE BY ACCESS BY ACCESS DROP PROFILE BY ACCESS BY ACCESS ALTER PROFILE BY ACCESS BY ACCESS DROP ANY PROCEDURE BY ACCESS BY ACCESS ALTER ANY PROCEDURE BY ACCESS BY ACCESS CREATE ANY PROCEDURE BY ACCESS BY ACCESS PRIVILEGE SUCCESS FAILURE ---------------------------------------- ---------- ---------- ALTER DATABASE BY ACCESS BY ACCESS GRANT ANY ROLE BY ACCESS BY ACCESS CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS DROP ANY TABLE BY ACCESS BY ACCESS ALTER ANY TABLE BY ACCESS BY ACCESS CREATE ANY TABLE BY ACCESS BY ACCESS DROP USER BY ACCESS BY ACCESS ALTER USER BY ACCESS BY ACCESS CREATE USER BY ACCESS BY ACCESS CREATE SESSION BY ACCESS BY ACCESS AUDIT SYSTEM BY ACCESS BY ACCESS PRIVILEGE SUCCESS FAILURE ---------------------------------------- ---------- ---------- ALTER SYSTEM BY ACCESS BY ACCESS 23 rows selected. 以下语句也将对所有用户审计: SQL> select audit_option,success,failure from dba_stmt_audit_opts; AUDIT_OPTION SUCCESS FAILURE ---------------------------------------- ---------- ---------- ALTER SYSTEM BY ACCESS BY ACCESS SYSTEM AUDIT BY ACCESS BY ACCESS CREATE SESSION BY ACCESS BY ACCESS CREATE USER BY ACCESS BY ACCESS ALTER USER BY ACCESS BY ACCESS DROP USER BY ACCESS BY ACCESS PUBLIC SYNONYM BY ACCESS BY ACCESS DATABASE LINK BY ACCESS BY ACCESS ROLE BY ACCESS BY ACCESS PROFILE BY ACCESS BY ACCESS CREATE ANY TABLE BY ACCESS BY ACCESS AUDIT_OPTION SUCCESS FAILURE ---------------------------------------- ---------- ---------- ALTER ANY TABLE BY ACCESS BY ACCESS DROP ANY TABLE BY ACCESS BY ACCESS CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS GRANT ANY ROLE BY ACCESS BY ACCESS SYSTEM GRANT BY ACCESS BY ACCESS
ALTER DATABASE BY ACCESS BY ACCESS CREATE ANY PROCEDURE BY ACCESS BY ACCESS ALTER ANY PROCEDURE BY ACCESS BY ACCESS DROP ANY PROCEDURE BY ACCESS BY ACCESS ALTER PROFILE BY ACCESS BY ACCESS DROP PROFILE BY ACCESS BY ACCESS AUDIT_OPTION SUCCESS FAILURE ---------------------------------------- ---------- ---------- GRANT ANY PRIVILEGE BY ACCESS BY ACCESS CREATE ANY LIBRARY BY ACCESS BY ACCESS EXEMPT ACCESS POLICY BY ACCESS BY ACCESS GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS CREATE ANY JOB BY ACCESS BY ACCESS CREATE EXTERNAL JOB BY ACCESS BY ACCESS 28 rows selected. 当前数据库中的现有的审计记录: SQL> select action_name,count(*) from dba_audit_trail group by action_name; ACTION_NAME COUNT(*) ---------------------------- ---------- LOGOFF BY CLEANUP 40 LOGON 460 LOGOFF 377 ALTER USER 2 SYSTEM GRANT 12 ALTER SYSTEM 10 CREATE PUBLIC SYNONYM 5 ALTER DATABASE 2 CREATE DATABASE LINK 1 DROP PUBLIC SYNONYM 5 10 rows selected. 在 11g 中默认启用了对登录注销操作 LOGON/LOGOFF 的审计,详见<11g 默认审计选项>。 利用这一点我们可以很方便地从审计日志中找出数据库中的密码暴力破解者。如以下演示: C:UsersMaclean Liu>sqlplus system/try_password@G11R2 SQL*Plus: Release 11.2.0.1.0 Production on Mon Jul 4 21:37:44 2011 Copyright (c) 1982, 2010, Oracle. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied select username,userhost,terminal,timestamp,action_name,os_process from dba_audit_trail
where returncode = 1017 order by timestamp desc; USERNAME USERHOST TERMINAL TIMESTAMP ACTION_NAME OS_PROCESS -------------------- ---------------------------------------- -------------------- ------------------ ---------------- ------------ SYSTEM WORKGROUPMACLEANLIU-PC MACLEANLIU-PC 04- JUL-11 LOGON 4240:2700 Script: set linesize 140 pagesize 1400 col os_username for a30 col userhost for a30 col terminal for a30 select os_username,userhost,terminal,username,count(*) from dba_audit_trail where returncode = 1017 group by os_username,userhost,username,terminal having count(*)>10 / 注意对于 LOGON PER SECOND 很高的数据库,如果应用程序配置文件中的数据库用户密 码不正确,同时应用在短期内发起大量会话登录数据库的话可能引发频繁的 dc_users 字典缓 存锁,用户登录无法成功,乃至整个实例 hang 住,该问题具体可见<Row Cache lock Problem>。针对该问题如果是在 11g 中的话,可以利用以上脚本快速找到因密码不正确登录 失败的数据库用户名,从而减少排查时间。 © 2011, www.oracledatabase12g.com. 版权所有.文章允许转载,但必须以链接方式注明源地址, 否则追求法律责任.

More Related Content

PDF
The security in transport ellis
byLeishman Associates
 
PDF
Financial crisis final
bybrepetro
 
PPTX
Marketing print ad 10-step plan
bybamangustia
 
PPT
Legionnaires Disease
byindus329
 
PPTX
Bamboestokken testmaquettes
bylaurenztack
 
PPTX
Tutorial mendaftar domain + hosting dan mengupload file
byFendi Kurniawan
 
PDF
Ais life 2009-3
byEleonor Fedorey
 
PDF
01. a. salinan permendikbud no. 54 tahun 2013 ttg skl
byIrma Muthiara Sari
 
The security in transport ellis
byLeishman Associates
 
Financial crisis final
bybrepetro
 
Marketing print ad 10-step plan
bybamangustia
 
Legionnaires Disease
byindus329
 
Bamboestokken testmaquettes
bylaurenztack
 
Tutorial mendaftar domain + hosting dan mengupload file
byFendi Kurniawan
 
Ais life 2009-3
byEleonor Fedorey
 
01. a. salinan permendikbud no. 54 tahun 2013 ttg skl
byIrma Muthiara Sari
 

Viewers also liked

PDF
Londens presentation 2
byShehryar Naqvi
 
PDF
Calendari Ecològic 2017
byConsell Català de la Producció Agrària Ecològica
 
PPTX
20160826横浜カイゴ組合研修会
byTakeshita Kouhei
 
PPT
Millionaire game
bycristina19811981
 
PDF
When facts fail. talking to people about risks of ionizing radiation clarke
byLeishman Associates
 
PPS
Energy
byDominic O'Toole
 
PPT
Oporrak
byenekoetajuncal
 
PDF
BPM & KM: They Converge Quite Nicely
byDr. Jackie Damrau, BPMN
 
PPT
Evaluating my trailer
byabcdsmile
 
PPTX
Engineering solutions 1
bylaurenztack
 
PPTX
Los valore sova
bybrillyleal
 
PDF
Doses to nz sailors at the grapple tests johnston
byLeishman Associates
 
PPTX
The State of Social PR
byVuelio
 
PPTX
Six slides
byapeachay
 
PDF
Arps2010 prez phan -final
byLeishman Associates
 
PDF
Specialization and Validation of Statecharts in OWL
byGerd Groener
 
PPT
2011 384 hackworth_ppt
bymaclean liu
 
PDF
Dental blitz the three week campaign of the aacap dental team at doomadgee- ...
byLeishman Associates
 
PPTX
Digipak Questionnaire Results
bybeckythomas13
 
PPTX
New Zealand Franchising Confidence Index | January 2012
byFranchize Consultants
 
Londens presentation 2
byShehryar Naqvi
 
Calendari Ecològic 2017
byConsell Català de la Producció Agrària Ecològica
 
20160826横浜カイゴ組合研修会
byTakeshita Kouhei
 
Millionaire game
bycristina19811981
 
When facts fail. talking to people about risks of ionizing radiation clarke
byLeishman Associates
 
Energy
byDominic O'Toole
 
Oporrak
byenekoetajuncal
 
BPM & KM: They Converge Quite Nicely
byDr. Jackie Damrau, BPMN
 
Evaluating my trailer
byabcdsmile
 
Engineering solutions 1
bylaurenztack
 
Los valore sova
bybrillyleal
 
Doses to nz sailors at the grapple tests johnston
byLeishman Associates
 
The State of Social PR
byVuelio
 
Six slides
byapeachay
 
Arps2010 prez phan -final
byLeishman Associates
 
Specialization and Validation of Statecharts in OWL
byGerd Groener
 
2011 384 hackworth_ppt
bymaclean liu
 
Dental blitz the three week campaign of the aacap dental team at doomadgee- ...
byLeishman Associates
 
Digipak Questionnaire Results
bybeckythomas13
 
New Zealand Franchising Confidence Index | January 2012
byFranchize Consultants
 

Similar to Oracle数据库安全:11g默认审计选项

PPT
Essential oracle security internal for dba
bymaclean liu
 
PPTX
6, OCP - oracle security
byted-xu
 
PPTX
10, OCP - flashback
byted-xu
 
PPT
Oracle的闪回特性
byBeenyoung Lee
 
PDF
1.oracle 11g 用户管理新功能
byWASecurity
 
PPTX
Oracle数据库高级安全选件ASO介绍
byjenkin
 
Essential oracle security internal for dba
bymaclean liu
 
6, OCP - oracle security
byted-xu
 
10, OCP - flashback
byted-xu
 
Oracle的闪回特性
byBeenyoung Lee
 
1.oracle 11g 用户管理新功能
byWASecurity
 
Oracle数据库高级安全选件ASO介绍
byjenkin
 

More from maclean liu

PDF
Mysql企业备份发展及实践
bymaclean liu
 
PDF
Oracle専用データ復旧ソフトウェアprm dulユーザーズ・マニュアル
bymaclean liu
 
PDF
【诗檀软件 郭兆伟-技术报告】跨国企业级Oracle数据库备份策略
bymaclean liu
 
PDF
基于Oracle 12c data guard & far sync的低资源消耗两地三数据中心容灾方案
bymaclean liu
 
PDF
TomCat迁移步骤简述以及案例
bymaclean liu
 
PDF
PRM DUL Oracle Database Health Check
bymaclean liu
 
PDF
dbdao.com 汪伟华 my-sql-replication复制高可用配置方案
bymaclean liu
 
DOCX
Vbox virtual box在oracle linux 5 - shoug 梁洪响
bymaclean liu
 
PDF
【诗檀软件】Mysql高可用方案
bymaclean liu
 
PPTX
Shoug at apouc2015 4min pitch_biotwang_v2
bymaclean liu
 
PPTX
Apouc 4min pitch_biotwang_v2
bymaclean liu
 
PDF
使用Oracle osw analyzer工具分析oswbb日志,并绘制系统性能走势图1
bymaclean liu
 
PDF
诗檀软件 Oracle开发优化基础
bymaclean liu
 
PDF
Orclrecove 1 pd-prm-dul testing for oracle database recovery_20141030_biot_wang
bymaclean liu
 
PDF
诗檀软件 – Oracle数据库修复专家 oracle数据块损坏知识2014-10-24
bymaclean liu
 
PDF
追求Jdbc on oracle最佳性能?如何才好?
bymaclean liu
 
PDF
使用Virtual box在oracle linux 5.7上安装oracle database 11g release 2 rac的最佳实践
bymaclean liu
 
PDF
Prm dul is an oracle database recovery tool database
bymaclean liu
 
PDF
Oracle prm dul, jvm and os
bymaclean liu
 
PDF
Oracle dba必备技能 使用os watcher工具监控系统性能负载
bymaclean liu
 
Mysql企业备份发展及实践
bymaclean liu
 
Oracle専用データ復旧ソフトウェアprm dulユーザーズ・マニュアル
bymaclean liu
 
【诗檀软件 郭兆伟-技术报告】跨国企业级Oracle数据库备份策略
bymaclean liu
 
基于Oracle 12c data guard & far sync的低资源消耗两地三数据中心容灾方案
bymaclean liu
 
TomCat迁移步骤简述以及案例
bymaclean liu
 
PRM DUL Oracle Database Health Check
bymaclean liu
 
dbdao.com 汪伟华 my-sql-replication复制高可用配置方案
bymaclean liu
 
Vbox virtual box在oracle linux 5 - shoug 梁洪响
bymaclean liu
 
【诗檀软件】Mysql高可用方案
bymaclean liu
 
Shoug at apouc2015 4min pitch_biotwang_v2
bymaclean liu
 
Apouc 4min pitch_biotwang_v2
bymaclean liu
 
使用Oracle osw analyzer工具分析oswbb日志,并绘制系统性能走势图1
bymaclean liu
 
诗檀软件 Oracle开发优化基础
bymaclean liu
 
Orclrecove 1 pd-prm-dul testing for oracle database recovery_20141030_biot_wang
bymaclean liu
 
诗檀软件 – Oracle数据库修复专家 oracle数据块损坏知识2014-10-24
bymaclean liu
 
追求Jdbc on oracle最佳性能?如何才好?
bymaclean liu
 
使用Virtual box在oracle linux 5.7上安装oracle database 11g release 2 rac的最佳实践
bymaclean liu
 
Prm dul is an oracle database recovery tool database
bymaclean liu
 
Oracle prm dul, jvm and os
bymaclean liu
 
Oracle dba必备技能 使用os watcher工具监控系统性能负载
bymaclean liu
 

Oracle数据库安全:11g默认审计选项

  • 1.
    Oracle 数据库安全:11g 默认审计选项 by Maclean.liu liu.maclean@gmail.com www.oracledatabase12g.com
  • 2.
    About Me l Email:liu.maclean@gmail.com lBlog:www.oracledatabase12g.com l Oracle Certified Database Administrator Master 10g and 11g l Over 6 years experience with Oracle DBA technology l Over 7 years experience with Linux technology l Member Independent Oracle Users Group l Member All China Users Group l Presents for advanced Oracle topics: RAC, DataGuard, Performance Tuning and Oracle Internal.
  • 3.
    11g 默认启用强大的审计选项,AUDIT_TRAIL 参数的缺省值为DB,这意为着审计数据将记 录在数据库中的 AUD$审计字典基表上。 Oracle 官方宣称默认启用的审计日志不会对绝大多 数产品数据库的性能带来过大的负面影响,同时 Oracle 公司还推荐使用基于 OS 文件的审计 日志记录 方式(OS audit trail files)。 注意因为在 11g 中 CREATE SESSION 将被作为受审计的权限来被记录,因此当 SYSTEM 表 空间因磁盘空间而无法扩展时将导致这部分审计记录无法生成,这将最终导致普通用户的新 会话将无法正常创建,普通用户将无法登陆数据库。在这种场景中仍可以使用 SYSDBA 身 份的用户创建会话,在将审计数据合适备份后删除一部分记录,或者干 脆 TRUNCATE AUD$都可以解决上述问题。 当 AUDIT_TRAIL 设置为 OS 时,审计记录文件将在 AUDIT_FILE_DEST 参数所指定的目录 中生成。全部这些文件均可以随时被删除或复制。 注意在默认情况下会以 AUTOEXTEND ON 自动扩展选项创建 SYSTEM 表空间,因此系统 表空间在必要情况下还是会自动增长的,我们所需注意的是磁盘上的剩余空间是否能够满足 其增长需求,以及 数据文件扩展的上限,对于普通的 8k smallfile 表空间而言单个数据文件 的最大尺寸是 32G。 以下权限将对所有用户审计: SQL> select * from v$version; BANNER -------------------------------------------------------------------------------- Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production PL/SQL Release 11.2.0.2.0 - Production CORE 11.2.0.2.0 Production TNS for Linux: Version 11.2.0.2.0 - Production NLSRTL Version 11.2.0.2.0 - Production SQL> select * from global_name; GLOBAL_NAME -------------------------------------------------------------------------------- www.oracledatabase12g.com
  • 4.
    SQL> select privilege,success,failurefrom dba_priv_audit_opts; PRIVILEGE SUCCESS FAILURE ---------------------------------------- ---------- ---------- CREATE EXTERNAL JOB BY ACCESS BY ACCESS CREATE ANY JOB BY ACCESS BY ACCESS GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS EXEMPT ACCESS POLICY BY ACCESS BY ACCESS CREATE ANY LIBRARY BY ACCESS BY ACCESS GRANT ANY PRIVILEGE BY ACCESS BY ACCESS DROP PROFILE BY ACCESS BY ACCESS ALTER PROFILE BY ACCESS BY ACCESS DROP ANY PROCEDURE BY ACCESS BY ACCESS ALTER ANY PROCEDURE BY ACCESS BY ACCESS CREATE ANY PROCEDURE BY ACCESS BY ACCESS PRIVILEGE SUCCESS FAILURE ---------------------------------------- ---------- ---------- ALTER DATABASE BY ACCESS BY ACCESS GRANT ANY ROLE BY ACCESS BY ACCESS CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS DROP ANY TABLE BY ACCESS BY ACCESS ALTER ANY TABLE BY ACCESS BY ACCESS CREATE ANY TABLE BY ACCESS BY ACCESS DROP USER BY ACCESS BY ACCESS ALTER USER BY ACCESS BY ACCESS CREATE USER BY ACCESS BY ACCESS CREATE SESSION BY ACCESS BY ACCESS AUDIT SYSTEM BY ACCESS BY ACCESS PRIVILEGE SUCCESS FAILURE ---------------------------------------- ---------- ---------- ALTER SYSTEM BY ACCESS BY ACCESS 23 rows selected. 以下语句也将对所有用户审计: SQL> select audit_option,success,failure from dba_stmt_audit_opts; AUDIT_OPTION SUCCESS FAILURE ---------------------------------------- ---------- ---------- ALTER SYSTEM BY ACCESS BY ACCESS SYSTEM AUDIT BY ACCESS BY ACCESS CREATE SESSION BY ACCESS BY ACCESS CREATE USER BY ACCESS BY ACCESS ALTER USER BY ACCESS BY ACCESS DROP USER BY ACCESS BY ACCESS PUBLIC SYNONYM BY ACCESS BY ACCESS DATABASE LINK BY ACCESS BY ACCESS ROLE BY ACCESS BY ACCESS PROFILE BY ACCESS BY ACCESS CREATE ANY TABLE BY ACCESS BY ACCESS AUDIT_OPTION SUCCESS FAILURE ---------------------------------------- ---------- ---------- ALTER ANY TABLE BY ACCESS BY ACCESS DROP ANY TABLE BY ACCESS BY ACCESS CREATE PUBLIC DATABASE LINK BY ACCESS BY ACCESS GRANT ANY ROLE BY ACCESS BY ACCESS SYSTEM GRANT BY ACCESS BY ACCESS
  • 5.
    ALTER DATABASE BY ACCESS BY ACCESS CREATE ANY PROCEDURE BY ACCESS BY ACCESS ALTER ANY PROCEDURE BY ACCESS BY ACCESS DROP ANY PROCEDURE BY ACCESS BY ACCESS ALTER PROFILE BY ACCESS BY ACCESS DROP PROFILE BY ACCESS BY ACCESS AUDIT_OPTION SUCCESS FAILURE ---------------------------------------- ---------- ---------- GRANT ANY PRIVILEGE BY ACCESS BY ACCESS CREATE ANY LIBRARY BY ACCESS BY ACCESS EXEMPT ACCESS POLICY BY ACCESS BY ACCESS GRANT ANY OBJECT PRIVILEGE BY ACCESS BY ACCESS CREATE ANY JOB BY ACCESS BY ACCESS CREATE EXTERNAL JOB BY ACCESS BY ACCESS 28 rows selected. 当前数据库中的现有的审计记录: SQL> select action_name,count(*) from dba_audit_trail group by action_name; ACTION_NAME COUNT(*) ---------------------------- ---------- LOGOFF BY CLEANUP 40 LOGON 460 LOGOFF 377 ALTER USER 2 SYSTEM GRANT 12 ALTER SYSTEM 10 CREATE PUBLIC SYNONYM 5 ALTER DATABASE 2 CREATE DATABASE LINK 1 DROP PUBLIC SYNONYM 5 10 rows selected. 在 11g 中默认启用了对登录注销操作 LOGON/LOGOFF 的审计,详见<11g 默认审计选项>。 利用这一点我们可以很方便地从审计日志中找出数据库中的密码暴力破解者。如以下演示: C:UsersMaclean Liu>sqlplus system/try_password@G11R2 SQL*Plus: Release 11.2.0.1.0 Production on Mon Jul 4 21:37:44 2011 Copyright (c) 1982, 2010, Oracle. All rights reserved. ERROR: ORA-01017: invalid username/password; logon denied select username,userhost,terminal,timestamp,action_name,os_process from dba_audit_trail
  • 6.
    where returncode =1017 order by timestamp desc; USERNAME USERHOST TERMINAL TIMESTAMP ACTION_NAME OS_PROCESS -------------------- ---------------------------------------- -------------------- ------------------ ---------------- ------------ SYSTEM WORKGROUPMACLEANLIU-PC MACLEANLIU-PC 04- JUL-11 LOGON 4240:2700 Script: set linesize 140 pagesize 1400 col os_username for a30 col userhost for a30 col terminal for a30 select os_username,userhost,terminal,username,count(*) from dba_audit_trail where returncode = 1017 group by os_username,userhost,username,terminal having count(*)>10 / 注意对于 LOGON PER SECOND 很高的数据库,如果应用程序配置文件中的数据库用户密 码不正确,同时应用在短期内发起大量会话登录数据库的话可能引发频繁的 dc_users 字典缓 存锁,用户登录无法成功,乃至整个实例 hang 住,该问题具体可见<Row Cache lock Problem>。针对该问题如果是在 11g 中的话,可以利用以上脚本快速找到因密码不正确登录 失败的数据库用户名,从而减少排查时间。 © 2011, www.oracledatabase12g.com. 版权所有.文章允许转载,但必须以链接方式注明源地址, 否则追求法律责任.