We are not using Unified Auditing.
Scott Canaan '88
Sr Database Administrator
Information & Technology Services
Finance & Administration
Rochester Institute of Technology
o: (585) 475-7886 | f: (585) 475-7520
srcdco@xxxxxxx<mailto:srcdco@xxxxxxx> | c: (585) 339-8659
CONFIDENTIALITY NOTE: The information transmitted, including attachments, is
intended only for the person(s) or entity to which it is addressed and may
contain confidential and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon this
information by persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact the sender and
destroy any copies of this information.
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On ;
Behalf Of Hans Forbrich
Sent: Thursday, February 28, 2019 10:45 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: Re: Cloud Control 13c - Security Compliance
Consider using Oracle's DBSAT - DB Security Assessment Tool. It is updated
quite regularly and likely could identify the issue found in OCC.
https://www.oracle.com/database/technologies/security/dbsat.html
That said, are you using Unified Auditing? If yes, is it linked properly?
/Hans
On 2019-02-28 8:33 AM, Scott Canaan wrote:
I am playing with security compliance evaluations in Cloud Control 13c
(13.2.0.0.0) running on Red Hat 7 Linux. Using the Basic Security
Configuration, everything passes (I get a score of 100%), but there is an error
and I would like to figure out why.
The error is on the rule Enable Database Auditing. It is "Compliance Rule
evaluation failed." I checked the rule in the
sysman.mgmt$compliance_standard_rule and it says "Required auditing parameters
for database auditing should be set." I believe this is referring to
audit_trail, which is set to DB.
Is this telling me that audit_trail is not set properly or that it can't figure
out what it is set at? How do I fix this?
Thank you,
Scott Canaan '88
Sr Database Administrator
Information & Technology Services
Finance & Administration
Rochester Institute of Technology
o: (585) 475-7886 | f: (585) 475-7520
srcdco@xxxxxxx<mailto:srcdco@xxxxxxx> | c: (585) 339-8659
CONFIDENTIALITY NOTE: The information transmitted, including attachments, is
intended only for the person(s) or entity to which it is addressed and may
contain confidential and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon this
information by persons or entities other than the intended recipient is
prohibited. If you received this in error, please contact the sender and
destroy any copies of this information.
