| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Any ideas for running CRON jobs under Security Requirements
Actually, I see the problem as stemming from two different requirements
The first prevents me from using simple script files {unless I am able
to use hide.c, but I am not sure I want to use hide.c for Hot Backup etc
scripts which I would want to setup with a SYSDBA acount. Other
monitoring scripts also require DBA/CATALOG privileges}.
The second prevents me from using SYSDBA, and, furthermore,
CRON jobs as SYSDBA would cause many entries in the OS audit trail
files {eg $ORACLE_HOME/rdbms/audit}, each of which I'd have to
explain.
I am hoping that I meet auditors who understand when and where and why
I use SYSDBA.
Hemant
At 10:22 PM Saturday, Mohammad Rafiq wrote:
>Hemant,
>Where did you find this requirement?
>We are having more then 20 SOX compliant databases and running our
>jobs as either SYSDBA on Windows and *nix as well but not seen any
>objection from our internal or external auditors so far...
>
>Regards
>Rafiq
>
>On 5/13/05, Hemant K Chitale <hkchital_at_singnet.com.sg> wrote:
> >
> > How do you run CRON jobs {Online Backups, DB Monitoring} on Database
> Servers
> > when IT Security / SOX requirements state that
> > a) No userid-password pairs are to be kept in plain-text in any files
> > b) connect / as sysdba is not to be used
> >
> > I can handle a) with CRON jobs running under the "oracle" account with
> > "connect / as sysdba"
> > at the beginning of SQL scripts. I can handle b) if I hard code a
> > userid/password with the
> > appropriate privileges. How do I handle both requirements ?
> >
> > Hemant K Chitale
Hemant K Chitale
http://web.singnet.com.sg/~hkchital
-- http://www.freelists.org/webpage/oracle-lReceived on Sat May 14 2005 - 12:14:35 CDT
 |
 |