Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Securing 'internal' from ROOT

Re: Securing 'internal' from ROOT

From: LANGE Francois <flange_at_pt.lu>
Date: 1 Oct 1998 10:41:58 GMT
Message-ID: <01bded27$d25d9de0$48d69ac2@fran-ois> 





Hi,
        


> It occurs to me that the company has a problem of a non technical nature


- legal


That is not the answer to the question.



Remove the write permmission on the the $ORACLE_HOME/audit directory.
When you connect as internal you create a file in this diretory.



This will ask for a password for connect internal and end with an ora-9925
Unable to create audit trail file.



If the sys admin is a good one, he can do a truss and find how to solve the
trouble.



Becarefull nobody can't do connect internal any more. So no backup !



Each time you need to connect internal




svrmgrl


!chmod 775 $ORACLE_HOME/rdbms/audit/.


connect internal


!chmod 555 $ORACLE_HOME/rdbms/audit/.


!touch -mca 0101010198 $ORACLE_HOME/rdbms/audit/.



the 4 previous lines write them by a cut and past.
-- 


Regards LANGE Francois.


flange_at_pt.lu


29A Route du vin.


L5450 Stadtbredimus.


Grand Duchy Of Luxembourg.


TEL (int) 352 697412.(*)


CEL(int) 352 021193652(*)


Phone numbers are variable length in Luxembourg.
Grand Duchy Of Luxembourg is a small country 80 miles on 60 miles between
France,Germany and Belgium.



jan <jan_at_tat.dk> wrote in article <36133F89.E3576B3B_at_tat.dk>...


> Mimmo Briganti wrote:


> 


> > Is there a way to get svrmgrl to prompt for a password on hp-ux systems


like


> > it does on NT when a 'connect internal' is issued?


> >


> > The company I work for is trying to secure the database from the


following


> > scenario:


> >


> > UNIX SA issues an su - oracle


> > svrmgrl ... connect internal


> > select * from hr.salaries ...


> >


> > The UNIX SA is unionized and they don't want him to see management


salaries.


> > Thanks in advance ...


> >


> > Mimmo Briganti


> 


> It occurs to me that the company has a problem of a non technical nature


- legal


> 


> perhaps. If you can't trust an employee not to leak confidential


information,


> maybe


> you ought to get rid of him? Or maybe he ought to get rid of a company


that


> finds


> it imperative to distrust it's employees?


> 


> There may be a way - I think I remember something about it - but I don't


that's


> where the solution is.


> 


> /jan


> 


> 


> 


Received on Thu Oct 01 1998 - 05:41:58 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US