| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> audit suggestion
We just completed an external audit and one of the findings from the
auditors is that DBAs should not have cron rights in Unix. The finding
basically stated that a DBA could schedule something to run malicious code
from cron and therefore is a security threat. Frankly, I don't see how
that's much different from just running the script interactively. Unless
the DBA is kicked off the Unix server period.....
I'm curious if other sites have restricted DBA's access to such a point
that they no longer are allowed to develop and promote shell scripts for
databases. This is supposed to be a 'segregation' of duties, but it seems
to me that if you are going to run a script that is in the 'DBA' group
then what's really happened is that access is now opened up to the UNIX
administrators (considering they are a separate job).
K Kaylor
Database Administration
RSA
This transmission (including attachments) contains information that may be privileged, confidential and protected from disclosure. Unless you are the intended recipient of the message (or authorized to receive it for the intended recipient) you may not copy, forward, or otherwise use it, or disclose it or its contents to anyone. If you received this transmission in error please notify us immediately, permanently delete the transmission(including attachments) from your system, and destroy all hard copies. Thank you.
Email: security_usa_at_rsausa.com
-- http://www.freelists.org/webpage/oracle-lReceived on Mon Jan 24 2005 - 11:15:27 CST
 |
 |