| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: security without using different usernames
Arup,
My database version is Oracle 9i (9.2.0.1.0). Thanks!
Don
Arup Nanda wrote:
> What is your database version? 9i? If so you are probably using the SPFILE;
> changing the init.ora file wouldn't help.
>
> Shutdown trhe database and startup with the pfile option
>
> startup pfile=init.ora
>
> being in the same directory. You will be able to see the parameter being
> set.
>
> HTH.
>
> Arup Nanda
> ----- Original Message -----
> To: "Multiple recipients of list ORACLE-L" <ORACLE-L_at_fatcity.com>
> Sent: Wednesday, July 16, 2003 12:09 PM
>
> > Pete,
> >
> > I follow your steps to enable audit_trail = db in init.ora located in
> > ORACLE_HOME/dbs
> > and restart my Oracle database on solaris. After my database is up, I do
> the exact
> > query in your paper and results as followings:
> > ====================================================================
> > SQL> select name,value from v$parameter
> > 2 where name like 'audit%';
> >
> > NAME
> > ----------------------------------------------------------------
> > VALUE
> > --------------------------------------------------------------------------
> ------
> > audit_sys_operations
> > FALSE
> >
> > audit_file_dest
> > ?/rdbms/audit
> >
> > audit_trail
> > NONE
> > ====================================================================
> > Please tell me what is possible causes that I fail to enable audit on my
> database.
> > Any comments are appreciated!
> > Many thanks!
> >
> >
> > Don
> >
> >
> > Pete Finnigan wrote:
> >
> > > Hi
> > >
> > > You can get the ip address as follows:
> > >
> > > oracle:jupiter> sqlplus system/manager_at_emil
> > >
> > > SQL*Plus: Release 9.0.1.0.0 - Production on Wed Jun 25 20:45:54 2003
> > >
> > > (c) Copyright 2001 Oracle Corporation. All rights reserved.
> > >
> > > Connected to:
> > > Oracle9i Enterprise Edition Release 9.0.1.0.0 - Production
> > > With the Partitioning option
> > > JServer Release 9.0.1.0.0 - Production
> > >
> > > SQL> select sys_context('userenv','ip_address') ip,username,machine
> > > 2 from v$session
> > > 3 where sys_context('userenv','sessionid')=audsid;
> > >
> > > IP
> > > ------------------------------------------------------------------------
> > > --------
> > > USERNAME
> > > ------------------------------
> > > MACHINE
> > > ----------------------------------------------------------------
> > > 172.16.240.11
> > > SYSTEM
> > > jupiter
> > >
> > > SQL>
> > >
> > > you need to provide the service name when you log on otherwise the ip
> > > address is not available using sys_context.
> > >
> > > Also new with 9i as part of application contexts you can use the "using"
> > > clause of create role that a pl/sql package can be used to verify the
> > > user, for example something like this, typed in from memory so check the
> > > syntax!:
> > >
> > > create role some_role identified using sys.confirm_user;
> > >
> > > create or replace procedure confirm_user
> > > authid current user is
> > > lv_ipaddress varchar2(30);
> > > begin
> > > select sys_context('userenv','ip_address')
> > > into lv_ipaddress
> > > from sys.dual;
> > > if lv_ipaddress='172.16.140.1' then
> > > dbms_session.set_role('some_role');
> > > end if;
> > > end;
> > > /
> > >
> > > hth
> > >
> > > kind regards
> > >
> > > Pete
> > > --
> > > Pete Finnigan
> > > email:pete_at_petefinnigan.com
> > > Web site: http://www.petefinnigan.com - Oracle security audit
> specialists
> > > Book:Oracle security step-by-step Guide - see http://store.sans.org for
> details.
> > >
> > > --
> > > Please see the official ORACLE-L FAQ: http://www.orafaq.net
> > > --
> > > Author: Pete Finnigan
> > > INET: oracle_list_at_peterfinnigan.demon.co.uk
> > >
> > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > > San Diego, California -- Mailing list and web hosting services
> > > ---------------------------------------------------------------------
> > > To REMOVE yourself from this mailing list, send an E-Mail message
> > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > > the message BODY, include a line containing: UNSUB ORACLE-L
> > > (or the name of mailing list you want to be removed from). You may
> > > also send the HELP command for other information (like subscribing).
> >
> > --
> > Please see the official ORACLE-L FAQ: http://www.orafaq.net
> > --
> > Author: Don Yu
> > INET: donyu_at_jhu.edu
> >
> > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > San Diego, California -- Mailing list and web hosting services
> > ---------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB ORACLE-L
> > (or the name of mailing list you want to be removed from). You may
> > also send the HELP command for other information (like subscribing).
> >
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: Arup Nanda
> INET: orarup_at_hotmail.com
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
Received on Wed Jul 16 2003 - 11:52:25 CDT
 |
 |