Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Tough question for oracle DBAs/Solaris Admins. Log shipping.

Re: Tough question for oracle DBAs/Solaris Admins. Log shipping.

From: Stefaan A Eeckels <hoendech_at_ecc.lu>
Date: Sat, 2 Sep 2006 01:25:22 +0200
Message-ID: <20060902012522.f9d652a5.hoendech@ecc.lu> 





On Fri, 01 Sep 2006 15:07:44 -0700


Frank Cusack <fcusack_at_fcusack.com> wrote:



> On Fri, 1 Sep 2006 23:33:06 +0200 Stefaan A Eeckels <hoendech_at_ecc.lu>

> wrote:

> > On 1 Sep 2006 12:28:12 -0700

> > "Karen Hill" <karen_hill22_at_yahoo.com> wrote:

> >

> >> Immutable files are files where not even root

> >> can change/delete/move a file set as immutable.

> >

> > But root can unset the immutable flag. Thus it only serves as

> > protection against accidental deletions or modifications. This is

> > slightly useful. Roles are better for that purpose. 

> >

> >> For the Oracle DBAs, how can you guarentee an audit trail without

> >> immutable files? 

> >

> > You cannot guarantee it with immutable files. 

> >

> > Immutability is _not_ a security feature. It does _not_ solve the

> > problem that root can change any file.

> 

> In *BSD, it can.  You can disable unsetting the immutable flag.




You have to get into single user mode, which makes doing evil things a
bit more difficult. But only a bit, because scheduled downtime happens.



> > If you cannot trust your root user, you've got major problems. Trust

> > is a difficult concept for PHBs, but there is no magic solution.

> 

> For some environments, root indeed has to be untrusted.  e.g.

> kerberized NFS can be setup in such a way that root on the local box

> does not get you access to data you shouldn't have access to.  (lots

> of ifs and buts here, of course).




OK, root on a workstation != the sysadmins. What I meant is that if
the sysadmins of the "corporate servers" cannot be trusted, you have
major problems. 



<...>


> Audit controls are about protecting yourself from UNTRUSTED

> employees, not eliminating trust from the system.




Indeed - but the OP suggested that immutable files enabled a DBA to
protect her database from interference by the sysadmin. 



> No auditor will balk at not having immutable files as long as only

> trusted employees are in the position to undetectably alter data.




In the 1980ies, I had to deal with an auditor who wanted to ensure that
two people were needed -together- to gain root access (each having
half the password). He also wanted a transcript of the root sessions to
be printed to a printer in a locked cabinet in his office. Major PITA,
this fellow, but he caught the GM at financial irregularities, so maybe
he had a point.


-- 
Stefaan A Eeckels
-- 
You rarely have time for everything you want in this life, so you
have to make choices.  And hopefully your choices can come from a
deep sense of who you are.                         -- Fred Rogers


Received on Fri Sep 01 2006 - 18:25:22 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US