我有这个问题,我需要审计跟踪(通常存储在数据库中)是不可编辑和可删除的,即使对于 DBA 和系统管理员也是如此。
一种方法是应用加密和校验和,但这仅允许检测更改或防止窥探。它不会阻止 DBA 只删除一行。
对此问题的任何讨论表示赞赏。
问问题
351 次
3 回答
2
If you want the audit trails to be non editable even by the DBAs and system admins, you would need to store them outside of equipment that is in their control.
However that would lead to the same problem - the DBAs and system admins of this system would be able to edit them.
The best bet is to have a system where you store these in two disparate locations that do not share an admin and have periodic comparision checks.
Alternatively you can have triggers on update/delete when they are made by a specific user or from a particular client. These triggers could be programmed to send email or text messages if such a non-application update or delete is made.
It should be known - very well known in the admin/dba community that such triggers exist. You wil not be able to prevent the updates or deletes but will definitely get them to stay away from that table.
There is still a catch however, which is the ability to remove or modify the trigger code.
于 2013-01-15T07:41:20.437 回答
1
存在“一次写入”存档存储系统,例如Plan 9 中的Venti。当然,这并不能阻止任何具有物理访问权限的人将磁铁带到硬盘或类似设备上;)
一个足够精明的系统管理员可以创建一个稍微修改过的数据版本并替换对venti 分数的引用……但同样精明的系统管理员仍然可以恢复原始数据。
无论如何,我认为您可以从研究仅附加存储系统中学到很多东西。与数据库相比,它们对于存储审计跟踪很有意义。
于 2013-01-15T08:08:11.927 回答
1
存在充当嗅探器并且能够记录在数据库上执行的每一个命令的设备。IBM Guardium 就是一个例子。
于 2015-08-28T14:59:56.297 回答