| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> audit response
I almost hate to ask this question, but... we recently had an internal
audit, and as usual, the auditors cited that:
Our management has agreed to address this with more thorough and freqent monitoring of suspicious DBA activity, etc. Now it's my task to come up with a plan for how to do this. (I'm a DBA).
DBA currently use personal privileged oracle accounts for most tasks, but still have access to system or sys for the things that need it. We use sudo from our personal accounts for unix access as oracle. While this does help with the question of individual accountibility, there are still ways around it for someone who is determined to do bad.
We currently have a good set of audit options enabled, and regular reports showing privileged account usage and attempts to modify audit options. We don't look at application audit trails, since there are dozens of different apps each with their own way of auditing. I think we already have good practices in place, but we realize that a DBA can still do malicious things undetected if they wish to. So can our unix admins, and even some application administrators.
Does anyone have realistic ideas for how to address this audit point? (Telling off the auditors is not an option). Other than producing more audit reports which no one will realistically have time to review, and would still not prevent a 'bad DBA' from doing whatever they want, I'm really short on ideas. I may try documenting all of the things that I considered to address their concerns, and why it's not possible or practical to implement a solution, but I'm not sure that that will go over well. Any other ideas would be very welcome...
-- Joe http://www.joekaz.net/Received on Fri Jul 25 2003 - 02:44:25 CDT
 |
 |