星期五, 2月 17, 2012

Oracle 10g auditing 開啟 與 profile 密碼策略修改


1.DB auditing
alter system set audit_trail=os scope=spfile
AUDIT SELECT, INSERT, DELETE , UPDATE ON user.emp BY audit_test BY ACCESS;
--turn off all auditing options
NOAUDIT ALL ON DEFAULT;

2.User profile
http://tomszrp.itpub.net/post/11835/474011

以下為我測試的profile , 說明如下

CREATE PROFILE my_profile LIMIT
FAILED_LOGIN_ATTEMPTS 3 -- Account locked after 3 failed logins.
PASSWORD_LOCK_TIME 5 -- Number of days account is locked for. UNLIMITED required explicit unlock by DBA.
PASSWORD_LIFE_TIME 30 -- Password expires after 90 days.
PASSWORD_GRACE_TIME 3 -- Grace period for password expiration. 允許緩衝時間
PASSWORD_REUSE_TIME 120 -- Number of days until a specific password can be reused. UNLIMITED means never. 過幾天後可用同密碼
PASSWORD_REUSE_MAX 10 -- The number of changes required before a password can be reused. UNLIMITED means never. 留幾代
PASSWORD_VERIFY_FUNCTION my_verify_function
/

另外要手動建立一個verify function for Oracle 10g

CREATE OR REPLACE FUNCTION my_varification_function (
username VARCHAR2,
password VARCHAR2,
old_password VARCHAR2)
RETURN BOOLEAN AS
BEGIN
IF LENGTH(password) < 8 THEN
RETURN FALSE;
ELSE
RETURN TRUE;
END IF;
END my_varification_function;
/

oracle 11g中,增加新函數verify_function_11g 。這一函數可以對密碼長度是否同時出現了字母數位記號進行檢查,檢查是否與用戶名同名,也檢查密碼是否是幾個最常用的辭彙,如welcomedatabase1account1等。最後,密碼修改時檢查新舊密碼是否過於相似。
@$ORACLE_HOME/RDBMS/ADMIN/utlpwdmg.sql
ALTER PROFILE my_profile PASSWORD_VERIFY_FUNCTION verify_function_11G;

--2018/3/23 
於Oracle 12c R2, VERIFY_FUNCTION、VERIFY_FUNCTION_11g password functions 已經被廢棄,請改用
ORA12C_VERIFY_FUNCTION、ORA12C_STRONG_VERIFY_FUNCTION.

沒有留言:

LinkWithin-相關文件

Related Posts Plugin for WordPress, Blogger...