Home » RDBMS Server » Security » User Locked (oracle11g, 11.1.0.7.0, aix6.1)
User Locked [message #486995] Tue, 21 December 2010 23:56 Go to next message
soft_doctor
Messages: 33
Registered: May 2010
Member
Dear Team,

Greetings of the day.
We have the database user called c88888 and is locked yesterday. I came to this with the following query.

select * from dba_users where username like 'C88888';

Due to invalid password the user was locked. Can we track who hit the database with the wrong password?
Please help me soon. Thank you.


Regards,
Chandu
Re: User Locked [message #486997 is a reply to message #486995] Wed, 22 December 2010 00:01 Go to previous messageGo to next message
BlackSwan
Messages: 26766
Registered: January 2009
Location: SoCal
Senior Member
>Due to invalid password the user was locked. Can we track who hit the database with the wrong password?
it was 'C88888' who hit database with wrong password.

Do you have AUDIT enabled for login failure?
Re: User Locked [message #487003 is a reply to message #486997] Wed, 22 December 2010 00:31 Go to previous messageGo to next message
soft_doctor
Messages: 33
Registered: May 2010
Member
We have the following configuration

SQL> sho parameter audit

NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /home/oracle/app/oracle/admin/amspqa70/adump
amspqa70/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB

Re: User Locked [message #487004 is a reply to message #487003] Wed, 22 December 2010 00:35 Go to previous messageGo to next message
soft_doctor
Messages: 33
Registered: May 2010
Member
Aligned Properly..

SQL> sho parameter audit

NAME TYPE VALUE
------------- --------- -----------
audit_file_dest string /home/oracle/app/oracle/admin/amspqa70/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB
Re: User Locked [message #487021 is a reply to message #487004] Wed, 22 December 2010 01:14 Go to previous messageGo to next message
Michel Cadot
Messages: 68625
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator
To align properly: Please read OraFAQ Forum Guide, especially "How to format your post?" section.

To audit, use:
audit create session whenever not successful;

Regards
Michel

[Updated on: Wed, 22 December 2010 01:14]

Report message to a moderator

Re: User Locked [message #487047 is a reply to message #487021] Wed, 22 December 2010 03:36 Go to previous message
John Watson
Messages: 8922
Registered: January 2010
Location: Global Village
Senior Member
In 11g, CREATE SESSION should be audited by default:

select PRIVILEGE, SUCCESS,FAILURE from dba_priv_audit_opts;

(I suppose it might not be if you upgraded from 10g, and didn't implement the new security recommendations.)

So simply select from your audit trail, something like
select os_username,terminal,username from dba_audit_trail where priv_used='CREATE SESSION';
Previous Topic: Audit Vault Collectors
Next Topic: Audit Vault How to
Goto Forum:
  


Current Time: Thu Mar 28 12:18:31 CDT 2024