Subject: Re: Auditing DBA privs

Mailing List

Home

Forum Home

Oracle List - by freelists.org

Oracle on SUSE Linux - Runing Oracle on SUSE Linux

Oracle database error code ...

www.freelists.org

Subjects

•	ORA 12540: TNS:internal limit restriction exceeded
•	ORA 12838 please : Is possible to append two times to the same table befo
•	ORA 12838 please : Is possible to append two times to the same table before
•	ora 04031
•	ora 12500 on windows
•	ORA 32004: obsolete and/or deprecated parameter(s) specified
•	ORA 01925: maximum of 30 enabled roles exceeded
•	ORA 01925: maximum of 30 enabled roles exceeded
•	ora 12500 on windows
•	ORA 01650, one idea
•	ORA 01650
•	ORA 4030
•	ORA 12838 please : Is possible to append two times to thesametable before do
•	ORA 12838 please : Is possible to append two times to thesame table before d
•	ORA 01536
•	ORA 03113 end of file on communication channel
•	ORA 32004: obsolete and/or deprecated parameter(s) specified
•	ORA 00600:
•	ORA 00020: maximum number of processes (%s) exceeded
•	ORA 01925: maximum of 30 enabled roles exceeded
•	ORA 3113 while creating a cluster database 9201 RAC on Linux with OCFS
•	ora 12500 on windows
•	ora 12500 on windows
•	ora 12500 on windows
•	ORA 01650, one idea
•	ora 12500 on windows
•	ora 12500 on windows
•	ora 12500 on windows
•	ORA 2000 Error Using DBMS STATS GATHER SCHEMA STATS
•	ORA 01650, one idea
•	ORA 01650, one idea
•	ORA 01650, one idea
•	ORA 01650
•	ORA 01650
•	Subject: ora 01031
•	ORA 4030
•	ORA 4030
•	ORA 06502: PL/SQL: numeric or value error: Bulk Bind: Truncated Bind
•	Subject: Re: ORA 01722 invalid number

Subject: Re: Auditing DBA privs

Subject: Re: Auditing DBA privs

2007-10-03 - By mkb

Back
Steve,

I would start by looking at the database-stig-v7r2.pdf which is available for
download from iase.disa.mil/stigs/stig/database-stig-v7r2.pdf .

Specifically, section 4 titled Database Auditing and B.14 Auditing in Oracle
should get you started.

This document outlines the Security Technical Implementation Guide (STIG)
process that many systems in federal agencies and the DOD have to go through
before a system can get accredited and be put on a live network. The
recommendations in the database STIG should be sufficient to keep the IG off of
you backs.

In our setup, we have audit_sys_operations = true and set audit_trail=db. I
don't have access to the system otherwise I would have attached a file listing
of the audit options that we have turned on (see section B.14 in the STIG guide
).

hth

--
mohammed

-- -- Original Message ----
From: "Smith, Steven K - MSHA" <Smith.Steven@(protected)>
To: oracle-l <oracle-l@(protected)>
Sent: Wednesday, October 3, 2007 11:15:18 AM
Subject: Auditing DBA privs

The Inspector General office is breathing down our necks here and is requesting
that we audit all activities performed by anyone with DBAish role privs. We
are currently on version 9i and are currently using the ?soon to be
discontinued? DBA role.

At first glance, it appears that this would be simple. I?ve started looking
into this and have found that ?audit DBA on session? isn?t going to do the
trick because of the limitations/bugs in the execution of that statement. I
guess that auditing DBA really isn?t auditing everything that someone with the
DBA role does. This is turning into the 300 lb gorilla.

Anyway ? I?m looking into setting up auditing for everything defined in the dba
_sys_privs view that is granted to DBA. That should get a large majority of the
specific DBAish commands, but it will also get ?create sequence?, ?create view?
, etc. Those are not DBA specific roles and those are not commands that can
only be executed by someone with DBA privileges. HHmm?

Does anyone have experience in 9i auditing the commands of userids with DBA
role assigned to them? Has anyone gone through this exercise before and is
willing to share their experiences and pitfalls?

I know that I?m potentially looking at a lot of data in the AUD$ table ?
managing it and reporting it is going to be a fun project in itself, but first
things first.

Thanks

Steve Smith
Desk: 303-231-5499
Fax: 303-231-5696

__ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ _____
__ ____ ___
Check out the hottest 2008 models today at Yahoo! Autos.
http://autos.yahoo.com/new_cars.html
<html><head><style type="text/css"></style></head>
<body><div style="font-family:times new roman, new york, times, serif;font-size
:12pt"><DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york,
times, serif">Steve,</DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times,
serif"> </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times,
serif">I would start by looking at the database-stig-v7r2.pdf which is
available for download from iase.disa
.mil/stigs/stig/database-stig-v7r2.pdf .  </DIV>
 
Specifically, section 4 titled Database Auditing and B.14
Auditing in Oracle should get you started.
 
This document outlines the Security Technical Implementation
Guide (STIG) process that many systems in federal agencies and the DOD have to
go through before a system can get accredited and be put on a live network.
  The recommendations in the database STIG should be sufficient to keep the
IG off of you backs.
 
In our setup, we have audit_sys_operations = true and set
audit_trail=db.  I don't have access to the system otherwise I would have
attached a file listing of the audit options that we have turned on (see
section B.14 in the STIG guide).
 
hth
 
--
mohammed
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times,
serif"> </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times,
serif">-- -- Original Message ---- From: "Smith, Steven K - MSHA" <Smith
.Steven@(protected)> To: oracle-l <oracle-l@(protected)> Sent:
Wednesday, October 3, 2007 11:15:18 AM Subject: Auditing DBA privs 
<STYLE>

</STYLE>

<DIV class=Section1>
The Inspector General office is breathing down our necks here and is
requesting that we audit all activities performed by anyone with DBAish role
privs.  We are currently on version 9i and are currently using the ?soon
to be discontinued? DBA role.
 
At first glance, it appears that this would be simple.  I?ve
started looking into this and have found that ?audit DBA on session? isn?t
going to do the trick because of the limitations/bugs in the execution of that
statement.  I guess that auditing DBA really isn?t auditing everything
that someone with the DBA role does.  This is turning into the 300 lb
gorilla.
 
Anyway ? I?m looking into setting up auditing for everything defined in
the dba_sys_privs view that is granted to DBA.  That should get a large
majority of the specific DBAish commands, but it will also get ?create sequence
?, ?create view?, etc.  Those are not DBA specific roles and those are not
commands that can only be executed by someone with DBA privileges.  HHmm?
 
Does anyone have experience in 9i auditing the commands of userids with
DBA role assigned to them?  Has anyone gone through this exercise before
and is willing to share their experiences and pitfalls?
 
I know that I?m potentially looking at a lot of data in the AUD$ table ?
managing it and reporting it is going to be a fun project in itself, but first
things first.
 
Thanks
 
Steve Smith
Desk: 303-231-5499
Fax: 303-231-5696

 </DIV></DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: times new roman, new york, times,
serif"> </DIV></div> 
<hr size=1>Need a vacation? <a href="http://us.rd.yahoo.com/evt=48256/
*http://travel.yahoo.com/;_ylc
=X3oDMTFhN2hucjlpBF9TAzk3NDA3NTg5BHBvcwM1BHNlYwNncm91cHMEc2xrA2VtYWlsLW5jbQ--"
>Get great deals
to amazing places </a>on Yahoo! Travel. </body></html>