RE: Auditing statements

From: Don Granaman <DonGranaman_at_solutionary.com>
Date: Wed, 3 Aug 2011 16:23:14 -0500
Message-ID: <FD98CB0EE75EEA438CAF4DA2E6071C420EAA8D583A_at_MAIL.solutionary.com>

You have some work to do - starting with research. For starters try: http://download.oracle.com/docs/cd/B28359_01/server.111/b28318/security.htm#CNCPT1616 and
http://download.oracle.com/docs/cd/B28359_01/server.111/b28286/statements_4007.htm#SQLRF01107

Object auditing is always for all users (except of course SYS, ... as SYSDBA, .... as SYSOPER, etc.). Some auditing is for all users (with the usual exceptions) unless you specify otherwise. For example: "audit session" versus "audit session by system" or "audit session by system whenever not successful". To audit actions by highly privileged users (SYS, ... as SYSDBA, ... as SYSOPER) see the initialization parameter AUDIT_SYS_OPERATIONS at:
[see: http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/auditing.htm#DBSEG98423]

However, some things - like "database start" are always audited.
[See: http://download.oracle.com/docs/cd/B28359_01/server.111/b28318/security.htm#i13053]

I sincerely doubt that anyone is going to be both willing and able to interpret your security division's "business requirements" into fully functional code. [E.G. How can you tell if a schema is "unused"?]

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of P D Sent: Wednesday, August 03, 2011 2:29 PM To: oracle-l_at_freelists.org
Subject: Auditing statements

We have been asked by our security division to run these specific statements on a database for auditing purposes. They don't work. These are 11.1.0.7 databases on Standard Edition. Are there some other broad-based generic commands that can be run that will capture the purpose of what is listed here? If they want it to capture information from every user in the database, wouldn't we have to also explicitly state each user name, otherwise all we are really auditing is actions by the sys user since that is where the command is being run from?

Audit drop unused schemas
Audit trap autonomous transactions
Audit any create statement
Audit any drop statement
Audit insert failures
Audit grant any object
Audit database start or stop

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Aug 03 2011 - 16:23:14 CDT

This message: [ Message body ]
Next message: Patrice sur GMail: "Forms, Reports Builder on AIX for Power"
Previous message: Morten Egan: "Re: Auditing statements"
In reply to: P D: "Auditing statements"
Next in thread: Pete Finnigan: "Re: Auditing statements"
Reply: Pete Finnigan: "Re: Auditing statements"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message