Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: audit insert, delete, update on sys.aud$

Re: audit insert, delete, update on sys.aud$

From: Anurag Varma <avdbi_at_hotmail.com>
Date: Sat, 02 Apr 2005 13:29:16 GMT
Message-ID: <M6x3e.711$uw2.635@twister.nyroc.rr.com> 





DA Morgan wrote:


> Anurag Varma wrote:

> 


>> :) Not that funny though. Its common to audit delete on sys.aud$ ....
>>
>> Anurag




> 

> 

> Assuming the person that had access to sys.aud$ doesn't have access

> to the table used to audit the delete from sys.aud$?

> 

> If this is about Sarbanes-Oxley a far more robust solution is require

> to comply with the law.




Daniel,



If you audit delete on aud$. Then the record is placed in sys.aud$ itself.
Now you might think that the user with delete privs on aud$ can delete that record ..
well te user does, the attempt to delete will be logged.



Now he can then log in as sysdba and turn off auditing and delete all records
from sys.aud$ .. then in that case the statements will be logged to the filesystem.
And in the rare chance that you dont trust the sysdba, you can prevent him
from deleting the audit files created in audit file destination.



In the FM:


http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96521/audit.htm#1875




To Prem:


I do see the FM suggesting audit insert/update/delete on sys.aud$, so its
possible that attempts to insert using non-administrative account might
still be logged (I have not done testing regarding this)....



Anurag
Received on Sat Apr 02 2005 - 07:29:16 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US