代码改变世界

aud$定位错误用户密码登陆数据库的具体信息

2015-09-07 12:00  AlfredZhao  阅读(2049)  评论(1编辑  收藏  举报

环境:Oracle 11.2.0.3

  1. 客户端使用错误的用户密码登陆数据库
  2. 查询最近1天由于密码错误登陆失败的信息
  3. 查询当前审计中有哪些returncode值

1. 客户端使用错误的用户密码登陆数据库

PS C:\Users\Administrator> sqlplus jingyu/ludan@jingyu

SQL*Plus: Release 11.2.0.1.0 Production on 星期一 9月 7 11:28:08 2015

Copyright (c) 1982, 2010, Oracle.  All rights reserved.

ERROR:
ORA-01017: invalid username/password; logon denied

2. 查询最近1天由于密码错误登陆失败的信息

select sessionid, userid, userhost, comment$text, spare1, ntimestamp#
  from aud$
 where returncode = 1017
   and ntimestamp# > sysdate - 1;

查询结果如下:

     22479 JINGYU                         WORKGROUP\WIN-3KBILBGK27B
Authenticated by: DATABASE; Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.99.12)(PORT=49843))
Administrator                                                                                                                                              07-SEP-15 03.28.05.293986 AM

可以根据查询结果定位到是哪台机器使用错误的用户密码尝试登陆数据库。

3. 查询当前审计中有哪些returncode值

SQL> select distinct returncode from aud$;
 
RETURNCODE
----------
      2002
      1017
      1920
      1005
         0
     28009
     28000
 
7 rows selected

查询这些值对应的相关错误信息:

[oracle@JY-DB01 u01]$ oerr ora 28009
28009, 00000, "connection as SYS should be as SYSDBA or SYSOPER"
// *Cause:    connect SYS/<password> is no longer a valid syntax
// *Action:   Try connect SYS/<password> as SYSDBA or
//            connect SYS/<password> as SYSOPER
//
[oracle@JY-DB01 u01]$ oerr ora 28000
28000, 00000, "the account is locked"
// *Cause:   The user has entered wrong password consequently for maximum
//           number of times specified by the user's profile parameter
//           FAILED_LOGIN_ATTEMPTS, or the DBA has locked the account
// *Action:  Wait for PASSWORD_LOCK_TIME or contact DBA
[oracle@JY-DB01 u01]$ oerr ora 1017
01017, 00000, "invalid username/password; logon denied"
// *Cause:
// *Action:
[oracle@JY-DB01 u01]$ oerr ora 1920
01920, 00000, "user name '%s' conflicts with another user or role name"
// *Cause:  There is already a user or role with that name.
// *Action: Specify a different user name.
[oracle@JY-DB01 u01]$ oerr ora 1005
01005, 00000, "null password given; logon denied"
// *Cause:
// *Action:
[oracle@JY-DB01 u01]$ oerr ora 2002
02002, 00000, "error while writing to audit trail"
// *Cause:
// *Action: