Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Securing sys.aud$

Re: Securing sys.aud$

From: Paul Drake <bdbafh_at_gmail.com>
Date: Thu, 26 Apr 2007 09:38:15 -0400
Message-ID: <910046b40704260638i5752838w8a8eff8cb7c537e1@mail.gmail.com> 





On 4/26/07, Peter Dixon <peterdixon001_at_hotmail.com> wrote:


> I have an issue where i am unable to stop dbas updating/deleting information

> from sys.aud$ table has anybody got any ideas/methods of protecting the

> audit trial, as sending the information to a log file on the o/s is not an

> option at our site.




Peter,



Since you don't mention a version, I'll assume that 10g R2 is in use.



http://download-east.oracle.com/docs/cd/B19306_01/network.102/b14266/whatsnew.htm#i970212



#



Syslog audit records



Audit records can now be written to the operating system using a
syslog audit trail. A potential security vulnerability to an operating
system audit trail is that a privileged user such as a DBA can modify
or delete audit records. In order to minimize this risk, you can use
syslog, which is a standard protocol on UNIX-based systems for logging
information from different components of a network.



See Also:


"Syslog Audit Trail" for more information about this new view



http://download-east.oracle.com/docs/cd/B19306_01/network.102/b14266/auditing.htm#CEGJJHJH



Paul

--
http://www.freelists.org/webpage/oracle-l


Received on Thu Apr 26 2007 - 08:38:15 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US