Re: Protecting contents of AUDIT_FILE_DEST from 'oracle' OS user on *NIX...
From: David Mann <dmann99_at_gmail.com>
Date: Mon, 21 Nov 2011 11:51:09 -0500
Message-ID: <CAGazuyXNgrXKzw4uH0B2ur=rTqZk6cCqLrqZcjG4oJdOBGGBzw_at_mail.gmail.com>
On Sat, Nov 19, 2011 at 11:48 AM, David Robillard <david.robillard_at_gmail.com> wrote:
> Hello David,
>
> Why don't you send the audit logs over to syslog? Once configured to
> work with syslog, you can keep a local copy or have then sent over to
> your central syslog server. Easy, clean and secure.
>
> <ShamelessPlug>
> Maybe that could help?
> http://itdavid.blogspot.com/2011/02/manage-oracle-11gr2-asm-and-rdbms-audit.html
> </ShamelessPlug>
Date: Mon, 21 Nov 2011 11:51:09 -0500
Message-ID: <CAGazuyXNgrXKzw4uH0B2ur=rTqZk6cCqLrqZcjG4oJdOBGGBzw_at_mail.gmail.com>
On Sat, Nov 19, 2011 at 11:48 AM, David Robillard <david.robillard_at_gmail.com> wrote:
> Hello David,
>
> Why don't you send the audit logs over to syslog? Once configured to
> work with syslog, you can keep a local copy or have then sent over to
> your central syslog server. Easy, clean and secure.
>
> <ShamelessPlug>
> Maybe that could help?
> http://itdavid.blogspot.com/2011/02/manage-oracle-11gr2-asm-and-rdbms-audit.html
> </ShamelessPlug>
I think this is the way to go. I have probably skimmed that section of the docs a half dozen times but obviously it never 'stuck;. Also thanks to Paul D. who replied to me directly about the same method. Now on to talk to the sysadmins and get a thumbs up from them :)
Don we are on our way to locking oracle user and using sudo 100% of the time but not quite there yet.
Tim I like your method for getting granularity better than 1 time/minute with cron... but I think still there is some exposure there ... if a malicious DBA is determined he could brute force rm* in that directory and possibly remove some files.
-Dave
-- Dave Mann www.brainio.us www.ba6.us - Database Stuff - http://www.ba6.us/rss.xml -- http://www.freelists.org/webpage/oracle-lReceived on Mon Nov 21 2011 - 10:51:09 CST