| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: Oracle rootkit
It's time to get serious about security, if you're not already.
Put passwords on listeners, etc.
It would also be a good idea to track changes to the data dictionary.
Our databases have a baseline run once a month that tracks DDL dates, new/missing objects and checksums on stored code, including views.
A report is spit out show differences between the baseline(could be any previous run) and the current one.
That will help detect root kits.
The problem with that is if something is modified, and then changed back to its original state between data collection runs.
The change date can be detected, but not how it was changed.
Then again, a savvy root kit would put all the dates back.
Oracle may need to start supporting auditing on the DD objects.
Jared
On 1/25/06, Dennis Williams <oracledba.williams_at_gmail.com> wrote:
>
> List,
>
> Here is a significant media article that I haven't seen posted here.
> It describes a nightmarish future of Oracle security problems. But
> then maybe I was napping. Hey maybe this article is a hallucination.
>
> http://www.eweek.com/article2/0,1895,1914465,00.asp
>
> Dennis Williams
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>
-- Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist -- http://www.freelists.org/webpage/oracle-lReceived on Wed Jan 25 2006 - 08:55:19 CST
 |
 |