Re: Track Audit Parameter Changes
- From: Barbara Baker <barb.baker@xxxxxxxxx>
- To: rlsmith@xxxxxxx
- Date: Fri, 17 Jun 2005 11:36:32 -0600
Version?
Starting in version 9, setting audit_sys_operations to true will
output the info to the audit_dest directory for SYS. (Hopefully user
SYS is not being used unless critical. The SYS user does not seem to
show up in the audit trail at all, so audit_sys_operations is the only
way I know to capture this.)
For users other than sys . . .
Pete Finnigan's "Oracle Security Step-by-Step" says
protect the audit trail with AUDIT ALL ON SYS$AUD$ BY ACCESS;
I issued this AUDIT ALL audit command in my 9.2.0.4 database, and as
user BARB (who was granted dba role) I tried
selecting from the audit trail
changing an audit parameter
The select from this user shows up in the audit trail. The change
does not. I find this very odd. I tried "audit trigger", and "audit
delete on schema.table" as user BARB. I would assume that changing
the audit parameter would be an update to the AUD$ table. But the
audit trail does not show this update.
Anyone know why not??
** objects current audit options enabled **
OWNER OBJECT_NAM OBJECT ALT AUD COM DEL GRA IND INS LOC REN SEL UPD REF EXE
---------- ---------- ------ --- --- --- --- --- --- --- --- --- --- --- --- ---
SYS AUD$ TABLE S/A A/A A/A A/A A/A A/A A/A A/A A/A A/A S/A -/- -/-
AMAX AGENCIES TABLE -/- -/- -/- S/S -/- -/- -/- -/- -/- -/- -/- -/- -/-
** Audit Records from last 24 hours **
AACDGIILRSURE
Action Obj Return
luoernnoeepex
USERID TIMEST Name Name Code tdmladscnldfe
-------- ------------ ------------------- ------ -------------------
BARB 17-Jun 11:18 SELECT AUD$ 0
BARB 17-Jun 11:18 SELECT AUD$ 0
On 6/16/05, Smith, Ron L. <rlsmith@xxxxxxx> wrote:
> We have Oracle auditing turned on, but I am wondering how to track
> changes made to the Audit Parameters. We want to know if someone makes
> a change to the parameters.
> Thanks!
> Ron
>
--
//www.freelists.org/webpage/oracle-l
Other related posts:
