Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Oracle rootkit

RE: Oracle rootkit

From: Rich Holland <holland_at_guidancetech.com>
Date: Thu, 26 Jan 2006 20:48:28 -0500
Message-ID: <001301c622e3$d3c45da0$86042a0a@hackintosh> 





Ron Reidy wrote:



> [...] check out the password checking tool (patch

> 4926128) and see what Alex Kornburst has to say about it at

> http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html.




I went one better years ago (1999?  2000?).  We maintained a central
TNSNAMES.ORA file for all the databases we managed.  I'd parse that and make
SQL*Net connections to every database and try to log in with know accounts
(e.g. system/manager, sap/sapr3, etc.) and if successful emailed both the
Oracle DBA's and our help desk system to create a security ticket.... that
way if someone set up a new database and forgot to change one of the known
defaults, we'd catch it that same day.



Rich Holland


Principal Consultant


Guidance Technologies, Inc. 


Cell: 913-645-1950


--
http://www.freelists.org/webpage/oracle-l


Received on Thu Jan 26 2006 - 19:48:28 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US