Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: sys.aud$ - auditing user activities? - follow up

Re: sys.aud$ - auditing user activities? - follow up

From: Tim Gorman <Tim_at_SageLogix.com>
Date: Tue, 19 Nov 2002 05:28:44 -0800
Message-ID: <F001.0050668D.20021119052844@fatcity.com> 





...um, if you say so.  That really didn't answer my question, though...



I hope that your solution did not include assigning users SYSDBA privileges
in order to merely track/audit them?






> Tim / All.

>

> I figured it out.

>

> Basically assign users SYSDBA privies and track accordingly.

>

> -----Original Message-----

> Sent: Monday, November 18, 2002 7:44 PM

> To: Multiple recipients of list ORACLE-L

>

>

> please be a little more specific?  what exactly is it that oracle won't

do?


>

> ----- Original Message -----

> To: "Multiple recipients of list ORACLE-L" <ORACLE-L_at_fatcity.com>

> Sent: Monday, November 18, 2002 7:58 PM

>

>

> > Tim - Thanks for the well worded response.  Very, very helpful.

> >

> > So my next question:  Are there any 3rd party applications available to

do


> > what Oracle won't?

> >

> > -----Original Message-----

> > Sent: Monday, November 18, 2002 4:29 PM

> > To: Multiple recipients of list ORACLE-L

> >

> >

> > SYSDBA activities are not logged to the SYS.AUD$ table, even in Oracle9i

> > with the AUDIT_SYS_OPERATIONS parameter set to TRUE.  SYSDBA operations

> are

> > always logged to the OS audit trail, including access/modifications to

the


> > SYS.AUD$ table...

> >

> > The reason that these records are only logged to the audit trail

(previous


> > to Oracle9i, only connections as SYSDBA were logged) is because that is

> the

> > only way to protect the audit records review and (especially!)

alteration


> > from people with SYSDBA privilege.  Someone with SYSDBA could alway muck

> > with the contents of the SYS.AUD$ table, but they would not necessarily

> have

> > OS permissions to alter the audit records sent to the OS.

> >

> > ..which is why the command CONNECT INTERNAL went away with Oracle9i, to

> > remove the last necessity for DBAs to be members of the OSDBA and OSOPER

> > groups in the OS.  Now, with 9i and CONNECT ... AS SYSDBA commands, you

> can

> > "lock down" the OS account and account-group that owns the Oracle

software


> > away from those with SYSDBA privileges, thus protecting the software

> > distribution files, log files, trace files, and audit files from casual

> > modification, if desired...

> >

> > ----- Original Message -----

> > To: "Multiple recipients of list ORACLE-L" <ORACLE-L_at_fatcity.com>

> > Sent: Monday, November 18, 2002 12:46 PM

> >

> >

> > > Hello All,

> > >

> > > Do any of you have suggestions for a good way to monitor sysdba user

> > > activities on the sys.aud$ table?  Or, in terms of logging everything,

> > what

> > > would be the keypoints to log scrub on?

> > >

> > > Any suggestions would be wonderful.

> > > --

> > > Please see the official ORACLE-L FAQ: http://www.orafaq.com

> > > --

> > > Author:

> > >   INET: Dana.Mueller_at_guardent.com

> > >

> > > Fat City Network Services    -- 858-538-5051 http://www.fatcity.com

> > > San Diego, California        -- Mailing list and web hosting services

> > > ---------------------------------------------------------------------

> > > To REMOVE yourself from this mailing list, send an E-Mail message

> > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in

> > > the message BODY, include a line containing: UNSUB ORACLE-L

> > > (or the name of mailing list you want to be removed from).  You may

> > > also send the HELP command for other information (like subscribing).

> >

> > --

> > Please see the official ORACLE-L FAQ: http://www.orafaq.com

> > --

> > Author: Tim Gorman

> >   INET: Tim_at_SageLogix.com

> >

> > Fat City Network Services    -- 858-538-5051 http://www.fatcity.com

> > San Diego, California        -- Mailing list and web hosting services

> > ---------------------------------------------------------------------

> > To REMOVE yourself from this mailing list, send an E-Mail message

> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in

> > the message BODY, include a line containing: UNSUB ORACLE-L

> > (or the name of mailing list you want to be removed from).  You may

> > also send the HELP command for other information (like subscribing).

> > --

> > Please see the official ORACLE-L FAQ: http://www.orafaq.com

> > --

> > Author:

> >   INET: Dana.Mueller_at_guardent.com

> >

> > Fat City Network Services    -- 858-538-5051 http://www.fatcity.com

> > San Diego, California        -- Mailing list and web hosting services

> > ---------------------------------------------------------------------

> > To REMOVE yourself from this mailing list, send an E-Mail message

> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in

> > the message BODY, include a line containing: UNSUB ORACLE-L

> > (or the name of mailing list you want to be removed from).  You may

> > also send the HELP command for other information (like subscribing).

>

> --

> Please see the official ORACLE-L FAQ: http://www.orafaq.com

> --

> Author: Tim Gorman

>   INET: Tim_at_SageLogix.com

>

> Fat City Network Services    -- 858-538-5051 http://www.fatcity.com

> San Diego, California        -- Mailing list and web hosting services

> ---------------------------------------------------------------------

> To REMOVE yourself from this mailing list, send an E-Mail message

> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in

> the message BODY, include a line containing: UNSUB ORACLE-L

> (or the name of mailing list you want to be removed from).  You may

> also send the HELP command for other information (like subscribing).

> --

> Please see the official ORACLE-L FAQ: http://www.orafaq.com

> --

> Author:

>   INET: Dana.Mueller_at_guardent.com

>

> Fat City Network Services    -- 858-538-5051 http://www.fatcity.com

> San Diego, California        -- Mailing list and web hosting services

> ---------------------------------------------------------------------

> To REMOVE yourself from this mailing list, send an E-Mail message

> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in

> the message BODY, include a line containing: UNSUB ORACLE-L

> (or the name of mailing list you want to be removed from).  You may

> also send the HELP command for other information (like subscribing).



-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Tim Gorman
  INET: Tim_at_SageLogix.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Tue Nov 19 2002 - 07:28:44 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US