aud$定位错误用户密码登陆数据库的具体信息

Alfred Zhao

发布于 2019-05-24 20:26:26

1.2K0

发布于 2019-05-24 20:26:26

文章被收录于专栏：从ORACLE起航，领略精彩的IT技术。

环境：Oracle 11.2.0.3

客户端使用错误的用户密码登陆数据库
查询最近1天由于密码错误登陆失败的信息
查询当前审计中有哪些returncode值

1. 客户端使用错误的用户密码登陆数据库

PS C:\Users\Administrator> sqlplus jingyu/ludan@jingyu

SQL*Plus: Release 11.2.0.1.0 Production on 星期一 9月 7 11:28:08 2015

Copyright (c) 1982, 2010, Oracle.  All rights reserved.

ERROR:
ORA-01017: invalid username/password; logon denied

2. 查询最近1天由于密码错误登陆失败的信息

select sessionid, userid, userhost, comment$text, spare1, ntimestamp#
  from aud$
 where returncode = 1017
   and ntimestamp# > sysdate - 1;

查询结果如下：

     22479 JINGYU                         WORKGROUP\WIN-3KBILBGK27B
Authenticated by: DATABASE; Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=192.168.99.12)(PORT=49843))
Administrator                                                                                                                                              07-SEP-15 03.28.05.293986 AM

可以根据查询结果定位到是哪台机器使用错误的用户密码尝试登陆数据库。

3. 查询当前审计中有哪些returncode值

SQL> select distinct returncode from aud$;
 
RETURNCODE
----------
      2002
      1017
      1920
      1005
         0
     28009
     28000
 
7 rows selected

查询这些值对应的相关错误信息：

[oracle@JY-DB01 u01]$ oerr ora 28009
28009, 00000, "connection as SYS should be as SYSDBA or SYSOPER"
// *Cause:    connect SYS/<password> is no longer a valid syntax
// *Action:   Try connect SYS/<password> as SYSDBA or
//            connect SYS/<password> as SYSOPER
//
[oracle@JY-DB01 u01]$ oerr ora 28000
28000, 00000, "the account is locked"
// *Cause:   The user has entered wrong password consequently for maximum
//           number of times specified by the user's profile parameter
//           FAILED_LOGIN_ATTEMPTS, or the DBA has locked the account
// *Action:  Wait for PASSWORD_LOCK_TIME or contact DBA
[oracle@JY-DB01 u01]$ oerr ora 1017
01017, 00000, "invalid username/password; logon denied"
// *Cause:
// *Action:
[oracle@JY-DB01 u01]$ oerr ora 1920
01920, 00000, "user name '%s' conflicts with another user or role name"
// *Cause:  There is already a user or role with that name.
// *Action: Specify a different user name.
[oracle@JY-DB01 u01]$ oerr ora 1005
01005, 00000, "null password given; logon denied"
// *Cause:
// *Action:
[oracle@JY-DB01 u01]$ oerr ora 2002
02002, 00000, "error while writing to audit trail"
// *Cause:
// *Action:

本文参与腾讯云自媒体同步曝光计划，分享自作者个人站点/博客。

原始发表：2015-09-07 ，如有侵权请联系 cloudcommunity@tencent.com 删除

数据库