Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: root logging as internal

Re: root logging as internal

From: <anon_1_at_my-deja.com>
Date: 2000/04/04
Message-ID: <8cdi5j$mdj$1@nnrp1.deja.com>#1/1 








In article <954871662.23496.0.pluto.d4ee154e_at_news.demon.nl>,
  "Sybrand Bakker" <postbus_at_sybrandb.demon.nl> wrote:


> Answers embedded

>

> <aanon_1_at_hotmail.com> wrote in message news:8cd127

 $26l$1_at_nnrp1.deja.com...


> > Hello all,

> >

> > Hopefully there is a work around to this "issue".  However, so far I

> > have not been able to resolve it.

> >

> > Last week one of our UNIX admins took the liberty to log into Oracle

> > via the internal account and created himself a Oracle ID.  In

 essence


> > he did this

> >

> > $ su - oracle

> >

> > $ svrmgrl

> >

> > svrmgr > connect internal

> >

> > And he was off to the races.  Seeing that this is a gaping hole in

 our


> > security I tried a variety of items including using the orapwd

> > utility.  I ended up calling Oracle, and they said that since root

 is a


> > special account and can su to anything, they can log into Oracle as

> > they see fit.

> >

> > I'm having a tough time believing this.  So...

> >

> > 1) Is this true?

>

> Yes!

>

> > 2) If there is a work around could you pls post it.

> >

>

> Fire your admin

> At some point you simply should trust a person and/or log all his

 actions on


> a hardcopy terminal.

> If you don't trust him, don't give them job. One of the facts in live

 in


> Unix is anyone knowing the root password can do anything.

>




Wishful thinking - the UNIX admin contractor is in a seperate UNIX
department.  They utlimately report to a seperate department head.
Basically you're looking at an act of Congress for a firing to happen -
they are short handed.  That's OK though - because they are at the
front of the blame list if anything breaks (and I'm sure something will
break). :-)



Maybe you have a proc that'll do the trick say -



exec loser.lose_your_job ('Bob Bonehead','Adios Amigo');




> > I am aware of the audit files (.aud), but they are only useful after

> > the fact.

> >

> > TIA,


> >

> > anon_1

> >

> >

> > Sent via Deja.com http://www.deja.com/

> > Before you buy.

>

> Hth,

>

> Sybrand Bakker, Oracle DBA

>

>





Sent via Deja.com http://www.deja.com/


Before you buy.
Received on Tue Apr 04 2000 - 00:00:00 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US