Re: Auditing statements
- From: David Fitzjarrell <oratune@xxxxxxxxx>
- To: "pdba1966@xxxxxxxxxxx" <pdba1966@xxxxxxxxxxx>, "oracle-l@xxxxxxxxxxxxx" <oracle-l@xxxxxxxxxxxxx>
- Date: Wed, 3 Aug 2011 14:33:09 -0700 (PDT)
Audit drop user; -- addresses the schema drop (although it doesn't specify
"unused")
I see no way to audit any autonomous transactions outside of instrumenting the
code to populate a table.
You'll need to set up audits for all create statements -- there is no
'blanket' audit for creates. Same for drops and inserts, with the added
criteria of "whenever not successful" to only capture failed inserts. GRANTs
also need to be individually audited (grant table , etc.) but this also audits
REVOKEs.
There is no audit on starting/stopping the database because those operations
are recorded in the alert log.
If anyone knows any differently I'll be happy to be proven wrong.
David Fitzjarrell
From: P D <pdba1966@xxxxxxxxxxx>
To: oracle-l@xxxxxxxxxxxxx
Sent: Wednesday, August 3, 2011 12:28 PM
Subject: Auditing statements
We have been asked by our security division to run these specific statements on
a database for auditing purposes. They don’t work. These are 11.1.0.7
databases on Standard Edition. Are there some other broad-based generic
commands that can be run that will capture the purpose of what is listed
here? If they want it to capture information from every user in the
database, wouldn’t we have to also explicitly state each user name, otherwise
all we are really auditing is actions by the sys user since that is where the
command is being run from?
Audit drop unused schemas
Audit trap autonomous transactions
Audit any create statement
Audit any drop statement
Audit insert failures
Audit grant any object
Audit database start or stop
Other related posts: