RE: what does audit_sys_operations actually audit

Oracle's response to the question is, "Audit Vault watches the
watchmen".  Of course some people might suggest the pricing strategy for
that product is akin to banditry but I'm not one to take cheap shots J

 

Cheers, APC

 

From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Tim Gorman
Sent: 07 January 2009 19:43
To: Bobak, Mark
Cc: oracle-l
Subject: Re: what does audit_sys_operations actually audit

 

Napolean Bonaparte, when asked a similar question regarding the guards
at the (then newly opened) Devil's Island penitentiary in South
America...

Q:  Who is going to guard these bandits?
A:  Worse bandits.


Bobak, Mark wrote: 

Quis custodiet ipsos custodes?

 

Tim Gorman wrote:

 

AUDIT_SYS_OPERATIONS only sends records to the OS audit trail, not the
DB audit trail (i.e. SYS.AUD$).  Check the files in your
AUDIT_FILE_DEST.

Rationale:  Why leave audit records for SYSDBA where SYSDBA users can
tamper with them?  Oracle sends them to OS files so they can be
protected (if necessary) from tampering by SYSDBA.  Now, you just have
to trust your OS sysadmins.... ;-)



Douglas Cowles wrote: 


I turned on audit_sys_operations in a dev database but nothing seems to
be being added to the sys.aud$ table. 
SQL> show parameter audit_sys_operations; 

NAME                                 TYPE        VALUE 
------------------------------------ -----------
------------------------------ 
audit_sys_operations                 boolean     TRUE 
SQL> show user; 
USER is "SYS" 
SQL> 
SQL> select sqltext from sys.aud$ where ntimestamp# between
to_date('01-07-09 13:15','MM-DD-RR HH24:MI') and sysdate; 

SQLTEXT 
------------------------------------------------------------------------
-------- 


SQL> select count(1) from sys.aud$ where ntimestamp# between
to_date('01-07-09 13:15','MM-DD-RR HH24:MI') and sysdate; 

  COUNT(1) 
---------- 
         1 

SQL> create table test(a number); 

Table created. 

SQL> insert into test values (1); 

1 row created. 

SQL> delete from test; 

1 row deleted. 

SQL> drop table test; 

Table dropped. 

SQL> select count(1) from sys.aud$ where ntimestamp# between
to_date('01-07-09 13:15','MM-DD-RR HH24:MI') and sysdate; 

  COUNT(1) 
---------- 
         1 

No new rows added.. What's the deal? 



Dc. 

-- http://www.freelists.org/webpage/oracle-l 

-- http://www.freelists.org/webpage/oracle-l 



Please help Logica to respect the environment by not printing this email  /  
Merci d'aider Logica à préserver l'environnement en évitant d'imprimer ce mail 
/  Bitte drucken Sie diese Nachricht nicht aus und helfen Sie so Logica dabei 
die Umwelt zu schuetzen  /  Por favor ajude a Logica a respeitar o ambiente não 
imprimindo este correio electrónico.



This e-mail and any attachment is for authorised use by the intended 
recipient(s) only. It may contain proprietary material, confidential 
information and/or be subject to legal privilege. It should not be copied, 
disclosed to, retained or used by, any other party. If you are not an intended 
recipient then please promptly delete this e-mail and any attachment and all 
copies and inform the sender. Thank you.

Other related posts: