sybase 审计操作

Posted by     "lxg" on Wednesday, August 21, 2024

打开审计攻击

查看当前审计状态

sp_configure 'auditing'

打开审计

第一步、先初始化审计设备

disk init name = "auditdev",  physname = "/opt/sybase/data/c2d0s4", size = "100M"
disk init name = "auditlogdev", physname = "/opt/sybase/data/c2d0s5", size = "200M"
create database sybsecurity on auditdev  log on auditlogdev

第二步、执行审计安装脚本

docker exec -t sybase157 /bin/bash /sybase/isql -i"/opt/sybase/ASE-15_0/scripts/installsecurity"

第三步、打开审计

sp_configure 'auditing',1

第四步、重启

第五步、设置审计规则

sp_audit "update", "all", "table_name", "on"
sp_audit "insert", "all", "table_name", "on"
sp_audit "delete", "all", "table_name", "on"

sp_audit "truncate", "all", "master", "on"
sp_audit "drop", "all", "master", "on"
sp_audit "login", "all", "all", "fail"
sp_audit "security", "all", "all", "off"
sp_audit "login_admin", "all", "all", "on"

「真诚赞赏,手留余香」

Little Star Blog

真诚赞赏,手留余香

使用微信扫描二维码完成支付