進Oracle數據庫:
su - oracle賬戶
sqlplus / as sysdba
1、查看數據庫用戶:select username,account_status from dba_users;(結果:顯示所有能登錄數據庫的用戶信息)
2、查看profile名稱分配:select username,account_status,profile from dba_users;(結果:PASSWORD_REUSE_MAX=6,PASSWORD_REUSE_TIME=1800,PASSWORD_LIFE_TIME=90)。口令復雜度校驗函數:VERIFY_FUNCTTON PASSWORD_VERIFY_FUNCTTON=VERIFY_FUNCTTON。
3、查看profile內容配置:select profile, resource_name,limit from dba_profiles where resource_type='PASSWORD';(結果:FAILED_LOGIN_ATTEMPTS=3,PASSWORD_GRACE_TIME=10,加鎖天數PASSWORD_LOCK_TIME=1/1440)
4、查看是否重命名默認賬戶:select granted_role from dba_role_privs where grantee='PUBLIC';(結果:null)
5、show parameter 07 DICTTONARY ACCESSIBILITY;(結果:system/manager,scott/tiger等默認賬戶的密碼已修改)
6、審計范圍:show parameter audit_sys_operations; show parameter audit_trail;(結果:)
7、關鍵操作審計:select * from dba_stmt_audit_opts;(結果:)
8、審計日志訪問權限:select grantee from dba_tab_privs where table_name='AUD$' and grantee not in ('DELETE_CATALOG_ROLE') and grantee not in (select grantee from dba_role_privs where granted_role='DBA');(結果:)有問題
9、登錄超時鎖定:select resource_name,limit from dba_profiles where profile='DEFAULT' and resource_type='KERNEL';(結果:)
10、資源限制:select profile from dba_users;(結果:自定義profile文件)