Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: sys.aud$ - auditing user activities? - follow up

RE: sys.aud$ - auditing user activities? - follow up

From: <Dana.Mueller_at_guardent.com>
Date: Mon, 18 Nov 2002 21:38:23 -0800
Message-ID: <F001.00506387.20021118213823@fatcity.com>


Tim / All.

I figured it out.

Basically assign users SYSDBA privies and track accordingly.

-----Original Message-----
Sent: Monday, November 18, 2002 7:44 PM
To: Multiple recipients of list ORACLE-L

please be a little more specific? what exactly is it that oracle won't do?

> Tim - Thanks for the well worded response. Very, very helpful.
>
> So my next question: Are there any 3rd party applications available to do
> what Oracle won't?
>
> -----Original Message-----
> Sent: Monday, November 18, 2002 4:29 PM
> To: Multiple recipients of list ORACLE-L
>
>
> SYSDBA activities are not logged to the SYS.AUD$ table, even in Oracle9i
> with the AUDIT_SYS_OPERATIONS parameter set to TRUE. SYSDBA operations
are
> always logged to the OS audit trail, including access/modifications to the
> SYS.AUD$ table...
>
> The reason that these records are only logged to the audit trail (previous
> to Oracle9i, only connections as SYSDBA were logged) is because that is
the
> only way to protect the audit records review and (especially!) alteration
> from people with SYSDBA privilege. Someone with SYSDBA could alway muck
> with the contents of the SYS.AUD$ table, but they would not necessarily
have
> OS permissions to alter the audit records sent to the OS.
>
> ..which is why the command CONNECT INTERNAL went away with Oracle9i, to
> remove the last necessity for DBAs to be members of the OSDBA and OSOPER
> groups in the OS. Now, with 9i and CONNECT ... AS SYSDBA commands, you
can
> "lock down" the OS account and account-group that owns the Oracle software
> away from those with SYSDBA privileges, thus protecting the software
> distribution files, log files, trace files, and audit files from casual
> modification, if desired...
>
> ----- Original Message -----
> To: "Multiple recipients of list ORACLE-L" <ORACLE-L_at_fatcity.com>
> Sent: Monday, November 18, 2002 12:46 PM
>
>
> > Hello All,
> >
> > Do any of you have suggestions for a good way to monitor sysdba user
> > activities on the sys.aud$ table? Or, in terms of logging everything,
> what
> > would be the keypoints to log scrub on?
> >
> > Any suggestions would be wonderful.
> > --
> > Please see the official ORACLE-L FAQ: http://www.orafaq.com
> > --
> > Author:
> > INET: Dana.Mueller_at_guardent.com
> >
> > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > San Diego, California -- Mailing list and web hosting services
> > ---------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB ORACLE-L
> > (or the name of mailing list you want to be removed from). You may
> > also send the HELP command for other information (like subscribing).
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: Tim Gorman
> INET: Tim_at_SageLogix.com
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author:
> INET: Dana.Mueller_at_guardent.com
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Tim Gorman
  INET: Tim_at_SageLogix.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: 
  INET: Dana.Mueller_at_guardent.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Mon Nov 18 2002 - 23:38:23 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US