Re: Oracle rootkit
- From: Jared Still <jkstill@xxxxxxxxx>
- To: oracledba.williams@xxxxxxxxx
- Date: Wed, 25 Jan 2006 06:55:19 -0800
It's time to get serious about security, if you're not already.
Put passwords on listeners, etc.
It would also be a good idea to track changes to the data dictionary.
Our databases have a baseline run once a month that tracks
DDL dates, new/missing objects and checksums on stored code,
including views.
A report is spit out show differences between the baseline(could
be any previous run) and the current one.
That will help detect root kits.
The problem with that is if something is modified, and then changed
back to its original state between data collection runs.
The change date can be detected, but not how it was changed.
Then again, a savvy root kit would put all the dates back.
Oracle may need to start supporting auditing on the DD objects.
Jared
On 1/25/06, Dennis Williams <oracledba.williams@xxxxxxxxx> wrote:
>
> List,
>
> Here is a significant media article that I haven't seen posted here.
> It describes a nightmarish future of Oracle security problems. But
> then maybe I was napping. Hey maybe this article is a hallucination.
>
> http://www.eweek.com/article2/0,1895,1914465,00.asp
>
> Dennis Williams
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>
--
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
- Follow-Ups:
- Re: Oracle rootkit
- From: Ethan Post
- References:
- Oracle rootkit
- From: Dennis Williams
Other related posts:
- » Oracle rootkit
- » Re: Oracle rootkit
- » Re: Oracle rootkit
- » RE: Oracle rootkit
- » Re: Oracle rootkit
- » RE: Oracle rootkit
- » Re: Oracle rootkit
- » Re: Oracle rootkit
- » Re: Oracle rootkit
- » RE: Oracle rootkit
- » Re: Oracle rootkit
- » RE: Oracle rootkit
- » RE: Oracle rootkit
- » RE: Oracle rootkit
- Re: Oracle rootkit
- From: Ethan Post
- Oracle rootkit
- From: Dennis Williams