Security auditing tools
From: <Joel.Patterson_at_crowley.com>
Date: Fri, 15 Jun 2012 11:03:08 -0400
Message-ID: <C95D75DD2E01DD4D81124D104D317ACA1C72898D1D_at_JAXMSG01.crowley.com>
We are in the process of laying out a baseline of what and how the databases and software should be set - as it pertains to security. Of course this encompasses everything from file permissions to account locks, default passwords - and on and on as you might imagine. I have already seen a 22 page document listing.
Date: Fri, 15 Jun 2012 11:03:08 -0400
Message-ID: <C95D75DD2E01DD4D81124D104D317ACA1C72898D1D_at_JAXMSG01.crowley.com>
We are in the process of laying out a baseline of what and how the databases and software should be set - as it pertains to security. Of course this encompasses everything from file permissions to account locks, default passwords - and on and on as you might imagine. I have already seen a 22 page document listing.
Right away, I notice there are a couple items out of date, in this case pertaining to passwords on the listeners. Or, pertaining to listeners again, creating separate listeners for everything on your server, from the agent to administration purposes. Or 'locking' the oracle account --- etc....
What I would like from the list, if one is inclined to be so kind, is if there are any good 'tools' that anyone uses, that automates the process of checking/auditing security. Also, any up to date documents on issues like, but not unlike, what I just brought up with the listeners.
Best Regards,
Joel Patterson
Database Administrator
904 727-2546
-- http://www.freelists.org/webpage/oracle-lReceived on Fri Jun 15 2012 - 10:03:08 CDT