配置审计

以软件配置项、基线、软件配置库、配置控制、配置审计、配置状态报告为基本点，定义了软件配置实施过程中的配置管理活动；

This paper defines software configuration management activities in configuration implementation procedure based on software configuration items , baseline , software configuration database , configuration control , configuration audit and configuration status report .

解决方案还提供漏洞评估和配置审计功能，让DBA可以直接评估数据库的安全性。

The solution also provides vulnerability assessment and configuration-auditing capabilities that enable DBAs to directly evaluate the security of their databases .

例如，如果只需要审计数据库连接和系统管理事件类型，那么在配置审计功能时应该仅指定VALIDATE和SYSADMIN事件类型。

For example , if you only needed to audit database connection and system administration event types , you would only specify the VALIDATE and SYSADMIN event types when configuring the facility .

在关注用于配置审计功能的db2audit命令的语法之前，有必要回顾一下这些事件类型。

It is useful to review these event types before looking at the exact syntax of the db2audit command used to configure the facility .

还可以在db2audit命令中使用ERRORTYPE子句来配置审计功能处理错误的方式。

You can also configure the way you want the audit facility to handle errors using the ERRORTYPE clause in the db2audit command .

通过对我国审计法需求与供给的研究，分析审计供给与需求在市场条件下的均衡，探索降低成本、提高效益的途径，提出合理配置审计资源、提高审计效率的思路。

S : Studying supply and demand of China auditing laws , analysis the balance of supply and demand under market economy , researching the ways to decrease cost and benefit of auditing , bringing up thought on how to deploy auditing resources reasonably and improve audit efficiency .

每个服务器项都有一个Run按钮，用来为该服务器运行所配置的审计。

Each server entry has a Run button that will cause the configured audits to be run for that server .

另一方面，Administrator可以配置除审计系统之外的任何东西。

Administrators on the other hand can configure anything but the auditing system .

为了确认已经正确地配置了审计，运行auditpr命令获取审计报告

To test to ensure that auditing is configured correctly , run the SSH commands , and then run the auditpr command to get the audit reports

允许集中控制和针对标准部署的应用配置的审计；

Allow central control and audit of application configurations for standardized deployments ;

为每个服务器配置的审计类型。

Which audit types are configured for each server .

假设您配置了审计功能，使之对重新配置审计功能的失败的和成功的尝试都进行审计。

Suppose you configured the audit facility to audit both failed and successful attempts of re-configuring the audit facility .

一方面是设置缓冲区的大小，另一方面是配置所审计的事件的类型。

The first involves setting the size of the buffer area , while the second involves configuring the type of events to audit .

IT资源运行监控管理系统功能完善，实现的功能有监控配置、审计监督、数据分析、系统管理等十多个功能模块。

IT Resource Operation Monitoring and Management System do have perfect functions , achieving the function of monitoring configuration , auditing supervision and data analysis .

为了保证系统的实用性，审计系统还提供了功能齐备的用户层审计管理工具，包括审计配置和审计查询图形工具和一些审计命令。

As far as availability , auditing system provides functional user managing tools , including auditing configuration and auditing checking GUI tools and some shell commands .

并在Spring的配置中启动审计功能，如下

And then activate auditing in your Spring config as follows

配置信息和审计日志数据存储在与EncryptionExpert绑定的DB2中。

The data for the configuration information and audit logs is stored in the DB2 that is bundled with Encryption Expert .

审计功能现在根据指定的审计配置生成所有审计记录，可以控制访问DB2的用户、访问时间和用户所在的位置等关键信息。

The audit facility now produces all audit records based on the audit configuration specified , controlling critical information about who is accessing DB2 , when , and from where .

只有具有SYSADM权限的用户才能配置和使用审计功能。

Only users with SYSADM authority can configure and use the audit facility .

可以使用db2audit命令来配置和操作审计功能。

The db2audit command is used to configure and operate the audit facility .

要防范这一安全隐患需配置网络安全审计系统，以达到对网络的监控和审计。

To avoid this defect , we need to set up network security auditing system to monitor and audit the network .

配置指定把审计信息存储在什么地方&在每个系统上本地存储，或者远程存储在另一个系统上。

This configuration designates where the audit information will be stored , either locally on each system or remotely on another system .

您可以按照以上步骤寻找任何类型的资源：配置文件、审计文件、图形文件，等等。

You can follow this procedure for any kind of resource : configuration file , audio file , graphics file , you name it .

您已经看到了如何配置和使用审计功能，接下来我们来体验一个完整的场景，这个场景展示了从开始到结束的完整过程。

Now that you have seen how to configure and use the audit facility , let 's walk through a complete scenario that shows the entire process from start to finish .

将审计嵌入企业风险管理过程之中，通过企业战略评估及经营风险分析，确定审计资源的合理配置，提高审计的效率和效果。

The efficiency and effect of audit could be improved through combining it with the process of enterprise risk management , to evaluate enterprises ' business strategy and analyze risk so as to ensure the reasonable allocation of audit resources .

要从源头抓起，加强对固定资产配置预算的审计，实行事前监督；要重视对固定资产的购置、使用、处置、保管等全过程的审计监督，实现过程控制。

The launching of fixed assets management must start with the auditing of allocation budget of fixed assets and pre-supervision and the whole procedure control should be implemented in the purchase , use , disposal and management of fixed assets .

在午餐时间的一个小时内，您首先对审计功能进行配置，使之审计CHECKING事件类型，只记录失败的尝试，并且使用NORMAL错误处理

During one lunch hour , you begin by configuring the audit facility to audit the CHECKING event type , recording only failed attempts and using NORMAL error processing

并以Windows2003操作系统和Oracle数据库为平台，对该系统的管理员管理、机构管理、用户管理、角色组管理、系统配置管理和安全审计测试等6项功能进行了测试。

Base on the Windows 2003 and Oracle system , six aspects of this system have been tested , which include administrator management , agency management , user management , group of roles management , system configuration and security auditing .

配置服务器属性和审计类型

Configure server properties and audit types

完成审计的配置并且生成了审计记录后，可以将审计记录提取到一个文本文件中，之后便可以对该文件进行分析。

Once auditing is configured and audit records generated , they can be extracted into a text file , which can then be analyzed .