RE: SQL audit

  • From: John Hallas <John.Hallas@xxxxxxxxxxxxxxxxxx>
  • To: "kjped1313@xxxxxxxxx" <kjped1313@xxxxxxxxx>, "rtylka@xxxxxxxxx" <rtylka@xxxxxxxxx>, "jkstill@xxxxxxxxx" <jkstill@xxxxxxxxx>
  • Date: Tue, 22 Dec 2009 09:45:59 +0000

But Oracle's recommendation is not to password protector the listener from 10G 

From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On 
Behalf Of Kellyn Pedersen
Sent: 22 December 2009 02:02
To: rtylka@xxxxxxxxx; jkstill@xxxxxxxxx
Cc: Oracle-l
Subject: Re: SQL audit

I have had to implement auditing on Oracle Apps 11i and the auditors required 
it for SOX compliance, so first thing I would request is the auditor 
requirements that they need to track.  You might be surprised how little you 
actually have to audit or even turn on.
You also have the opportunity to challenge and demand they justify many of the 
requests, as they often will not even know what they are requesting or that 
some features are already tracked automatically by Oracle and you just need to 
write out a justification response of your own.
The odd items I did need to implement were:
- a shell script to track that the listener was password protected at all times.

Wm Morrison Supermarkets Plc is registered in England with number 358949. The 
registered office of the company is situated at Gain Lane, Bradford, West 
Yorkshire BD3 7DL. This email and any attachments are intended for the 
addressee(s) only and may be confidential. 

If you are not the intended recipient, please inform the sender by replying to 
the email that you have received in error and then destroy the email. 
If you are not the intended recipient, you must not use, disclose, copy or rely 
on the email or its attachments in any way. 

Wm Morrison Supermarkets PLC accepts no liability or responsibility for 
anything said in the email or its attachments and gives no warranty as to 
accuracy. It is the policy of Wm Morrison Supermarkets PLC not to enter into 
any contractual or other obligations by email. 

Although we have taken steps to ensure the email and its attachments are 
virus-free, we cannot guarantee this or accept any responsibility, 
and it is the responsibility of recipients to carry out their own virus checks. 

Other related posts: