Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Welcome, Guest. Please Login.
Nov 19th, 2017, 4:33am
News: Welcome to Pete Finnigan's Oracle security forum
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Oracle Security
   Oracle Auditing
(Moderator: Pete Finnigan)
   WHAT LEVEL OF AUDITING TO SET
« Previous topic | Next topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic: WHAT LEVEL OF AUDITING TO SET  (Read 2851 times)
CJLFinn
PeteFinnigan.com Newbie
*



I love YaBB 1G - SP1!

   
View Profile |

Posts: 2
WHAT LEVEL OF AUDITING TO SET
« on: Sep 14th, 2009, 1:38pm »
Quote | Modify

Hi all
 
I have been tasked with reviewing the fact that we have auditing switched off here, and selecting an "appropriate" level of auditing.  
 
We are not a bank, but we would like to use a "best practice" approach to security.  How should I start this analysis process - and what are the Oracle defaults once the AUDIT feature has been switched on?  Should I just turn AUDIT_TRAIL to ON and see what happens  Shocked   Is FGA a bolt-on, or is it something that comes with Oracle (we have 10g)?
 
Keep up the great work, Pete.
 
Chris
IP Logged
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: WHAT LEVEL OF AUDITING TO SET
« Reply #1 on: Sep 14th, 2009, 8:04pm »
Quote | Modify

Hi Chris,
 
Thanks for your question. No simply turning on audit doesnt make it do anything. You also need to enable specific audit settings. The simplest first apporach is to set audit to the database, audit_trail=db. This is not the most secure setting BUT as a first step its fine and is in fact what Oracle recommend and set by default in 11gR1. More secure options are available such as writing to the operating system or to syslog. Also options are available to include SQL and to write XML. Using db is a good first step as audit is not just about turning it on as you also need to do something with it. i.e. manage, purge, archive, have reports, act on them, escalation procedures.....
 
The settings enabled in 11g are fine. These can be found by querying an 11g database. Alternately drop me an email and I will send you a list i have (The Oracle 11g ones and around 50 more that i recommend). There is also a package DBMS_AUDIT_MGMT that is used to manage the audit trail. See http://download.oracle.com/docs/cd/E11062_01/admin.1023/e11059/avadm_mng _admin_tasks.htm#insertedID4. Also as you suggest FGA is a feature of Enterprise edition.  
 
I have a paper on Oracle auditing - quite old now, 2003 but still relevant, you can find a link at http://www.petefinnigan.com/orasec.htm
 
hope this helps
 
cheers
 
pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
CJLFinn
PeteFinnigan.com Newbie
*



I love YaBB 1G - SP1!

   
View Profile |

Posts: 2
Re: WHAT LEVEL OF AUDITING TO SET
« Reply #2 on: Sep 14th, 2009, 9:15pm »
Quote | Modify

Hi Pete
 
Thanks for your reply - much appreciated.
 
I'll definitely follow the links you've suggested - I may have already read your orasec paper but I'll go and have another look anyway.
 
By the way, we are on 10g - are the default settings good n that version?  my email is chrisuk@internet.lu - I'd like your list please.
 
Thanks again!
Chris
IP Logged
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: WHAT LEVEL OF AUDITING TO SET
« Reply #3 on: Sep 15th, 2009, 8:06pm »
Quote | Modify

Hi Chris,
 
I emailed it to you.
 
cheers
 
pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pages: 1  Reply | Notify of replies | Send Topic | Print

« Previous topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board