From oracle-l-bounce@freelists.org Mon Jan 24 11:27:39 2005 Return-Path: Received: from air891.startdedicated.com (root@localhost) by orafaq.com (8.12.10/8.12.10) with ESMTP id j0OHRdI2030060 for ; Mon, 24 Jan 2005 11:27:39 -0600 X-ClientAddr: 206.53.239.180 Received: from turing.freelists.org (freelists-180.iquest.net [206.53.239.180]) by air891.startdedicated.com (8.12.10/8.12.10) with ESMTP id j0OHRaem030038 for ; Mon, 24 Jan 2005 11:27:36 -0600 Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id C64E562C80; Mon, 24 Jan 2005 11:23:28 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 28590-02; Mon, 24 Jan 2005 11:23:28 -0500 (EST) Received: from turing (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 4AE5662C59; Mon, 24 Jan 2005 11:23:28 -0500 (EST) X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Content-Class: urn:content-classes:message MIME-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit Subject: RE: audit suggestion Date: Mon, 24 Jan 2005 11:21:36 -0500 Message-ID: <4001DEAF7DF9BD498B58B45051FBEA65021B745F@25exch1.vicorpower.vicr.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: audit suggestion thread-index: AcUCL9IvkBiSqq01RZyqRwxSpZucmwAAHRdA From: "Goulet, Dick" To: , X-OriginalArrivalTime: 24 Jan 2005 16:21:36.0718 (UTC) FILETIME=[C6D0B6E0:01C50230] X-archive-position: 15148 X-ecartis-version: Ecartis v1.0.0 Sender: oracle-l-bounce@freelists.org Errors-To: oracle-l-bounce@freelists.org X-original-sender: DGoulet@vicr.com Precedence: normal Reply-To: DGoulet@vicr.com X-list: oracle-l X-Virus-Scanned: by amavisd-new-20030616-p9 (Debian) at example.com X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on air891.startdedicated.com X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=ham version=2.60 X-Spam-Level: Katherine, Seems to me that you got the paranoid and unintelligent auditors. I think that instead of restricting your people you need to evaluate how much you trust the people you've hired to manage, maintain, and protect your databases. Could a DBA run malicious code, sure they could. The question is not can they, but would they. If you don't trust them, then fire them. Restricting their access to cron will not provide any better security.=20 Dick Goulet Senior Oracle DBA Oracle Certified 8i DBA -----Original Message----- From: KATHERINE_KAYLOR@rsausa.com [mailto:KATHERINE_KAYLOR@rsausa.com]=20 Sent: Monday, January 24, 2005 10:53 AM To: oracle-l@freelists.org Subject: audit suggestion We just completed an external audit and one of the findings from the=20 auditors is that DBAs should not have cron rights in Unix. The finding=20 basically stated that a DBA could schedule something to run malicious code=20 from cron and therefore is a security threat. Frankly, I don't see how=20 that's much different from just running the script interactively. Unless=20 the DBA is kicked off the Unix server period..... I'm curious if other sites have restricted DBA's access to such a point=20 that they no longer are allowed to develop and promote shell scripts for databases. This is supposed to be a 'segregation' of duties, but it seems=20 to me that if you are going to run a script that is in the 'DBA' group=20 then what's really happened is that access is now opened up to the UNIX=20 administrators (considering they are a separate job). K Kaylor=20 Database Administration=20 RSA ************************************************************************ *********** Notice of Confidentiality=20 This transmission (including attachments) contains information that=20 may be privileged, confidential and protected from disclosure. Unless=20 you are the intended recipient of the message (or authorized to receive=20 it for the intended recipient) you may not copy, forward, or otherwise=20 use it, or disclose it or its contents to anyone. If you received this=20 transmission in error please notify us immediately, permanently delete=20 the transmission(including attachments) from your system, and destroy=20 all hard copies. Thank you. Email: security_usa@rsausa.com ************************************************************************ *********** -- http://www.freelists.org/webpage/oracle-l -- http://www.freelists.org/webpage/oracle-l