Re: AUDIT question

• From: Pete Finnigan <pete@xxxxxxxxxxxxxxxx>
• To: deshpande.subodh@xxxxxxxxx
• Date: Wed, 16 Nov 2011 19:12:59 +0000

Exactly Subodh, there are single privileges just as good as being DBA,
i.e. GRANT ANY ROLE, therefore you need to audit these are well as they
are "potential DBA", also "all privileges" granted is just as good, also
SYSDBA is just as good. You need to find the role via roles, i.e. use
http://www.petefinnigan.com/who_has_role.sql and find via a heirarchy.

You can audit the DBA role in one command - see
http://www.petefinnigan.com/forum/yabb/YaBB.cgi?board=ora_aud;action=display;num=1179990496

Auditing DBA's was discussed on my blog 7 years ago -
http://www.petefinnigan.com/weblog/archives/00000039.htm

cheers

Pete

Subodh Deshpande wrote:
> indeed you should do it..and can do it..and there is one gotcha in it..
> the gotcha is if you are auditing the database then just finding out the
> users who has been assigned dba role may not be sufficient..to avoid this I
> will suggest..followings..
> 0) find out how many roles there in your database..
> 1) then find out which are grants and privs they have.
> 2) then find out which user has given which roles
> 3) then find out which users has given extra privileges other than these
> roles..
> 4) and then start questioning why this is required..
> if your database has been migrated(mostly using export/import) from
> previous releases..then it is likely that you will find many users they
> have connect, resource dba roles, privileges..in 9.x
> 
> 
> 
> On 10 November 2011 20:46, Bill Zakrzewski <bill@xxxxxxxxxxxx> wrote:
> 
>> Environment:
>>
>> Oracle 9.2.0.8.0
>> HP-UX 11.11
>>
>>
>> We would like to audit all activities of the oracle users that have the
>> DBA role granted.  My initial thought was to create a logon trigger to
>> check for the DBA role and turn auditing on for that particular session,
>> but I do not believe that is an option.  Any ideas?
>>
>> Thanks,
>> Bill--
>> //www.freelists.org/webpage/oracle-l
>>
>>
>>
> 
> 

-- 

Pete Finnigan
CEO and Founder
PeteFinnigan.com Limited

Specialists in database security.

Makers of PFCLScan the database security auditing tool.
Makers of PFCLObfuscate the tool to protect IPR in your PL/SQL

If you need help to audit or secure an Oracle database, please ask for
details of our training courses and consulting services

Phone: +44 (0)1904 791188
Fax  : +44 (0)1904 791188
Mob  : +44 (0)7759 277220
email: pete@xxxxxxxxxxxxxxxx
site : http://www.petefinnigan.com

Registered Office: 9 Beech Grove, Acomb, York, YO26 5LD, United Kingdom
Company No       : 4664901
VAT No.          : 940668114

Please note that this email communication is intended only for the
addressee and may contain confidential or privileged information. The
contents of this email may be circulated internally within your
organisation only and may not be communicated to third parties without
the prior written permission of PeteFinnigan.com Limited.  This email is
not intended nor should it be taken to create any legal relations,
contractual or otherwise.

--
//www.freelists.org/webpage/oracle-l

• References:
  • AUDIT question
    • From: Bill Zakrzewski
  • Re: AUDIT question
    • From: Subodh Deshpande

Other related posts:

• » AUDIT question- Bill Zakrzewski
• » RE: AUDIT question- Powell, Mark
• » Re: AUDIT question- rjamya
• » RE: AUDIT question- Michael Dinh
• » Re: AUDIT question- Bill Zakrzewski
• » Re: AUDIT question- Wayne Smith
• » Re: AUDIT question- Subodh Deshpande
• » Re: AUDIT question - Pete Finnigan

1. Home
2. oracle-l
3. Archive
4. 11-2011

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---