Karen Hill wrote:
> DA Morgan wrote:
>> Karen Hill wrote:
>>> We know that Oracle and SUN/Solaris go together quite well on high end
>>> installs. To insure an audit trail for BASEL , HIPPA, Sarbanes Ox and
>>> other federal laws, one can ship oracle logs to an offsite server.
>>> Yet, how can this guarentee an audit trail, when Solaris does not
>>> support immutable files? Immutable files are files where not even root
>>> can change/delete/move a file set as immutable.
>> The secret it to keep audit trails inside the database and create an
>> audit trail of any attempt to alter it.
>>
>> How can I tell if the audit trail's been altered?
>> One way is to apply DBMS_CRYPTO to the data.
>> Data alteration becomes impossible.
>
> Where does Oracle keep the encryption keys? If someone has root could
> they not just sniff out where oracle has the encryption keys and then
> decrypt the data?
If someone is root, they can do anything, including writing to immutable
files. Or do you also create immutable disk devices in /dev and immutable
kernel data structures so that the kernel code can't be patched? If so,
I'd be impressed. I don't know a way to do it.
Received on Fri Sep 01 2006 - 20:18:13 CDT
