Professional Documents
Culture Documents
05 Les 04 Audit
05 Les 04 Audit
05 Les 04 Audit
Objectives
After completing this lesson, you should be able to do the following: Implement basic database auditing Implement auditing of the privileged user Implement data manipulation language (DML) and data definition language (DDL) auditing Send audit records to the operating system (OS) files
4-2
4-3
Type of Audit
What Is Audited?
Fixed set of data, including the SQL statement and bind; extensible through event handlers
4-5
4-6
4-7
Optionally, Database Vault can protect database audit tables from the privileged users. OS audit files are accessible to:
The root user on the repository machine Any user depending on directory permissions
4-8
AUDIT select any table, create any trigger; AUDIT select any table BY hr BY ACCESS;
4-9
Auditing Sessions
Audit unsuccessful attempts to connect:
Monitor DBA_AUDIT_SESSION:
ACTION_NAME RETURNCODE LOGOFF -------------------- ---------LOGON 1017 LOGOFF 0 0829 22:39 LOGOFF BY CLEANUP 0 0829 22:40 LOGON 0
Check DBA_AUDIT_TRAIL.COMMENT_TEXT.
4 - 11
Description
Default audit options Statement auditing options Privilege auditing options Schema object auditing options
4 - 13
DBA
Parameter file
SYSLOG files
Audit options
Server process
Generate audit trail.
syslog
OS audit trail
4 - 14
Description
All audit trail entries Records produced by the NOT EXISTS audit Records concerning the schema objects All connect and disconnect entries Auditing records at the statement level
4 - 16
4 - 17
4 - 18
XML files can be read with a variety of readers. XML files can be protected by the OS.
4 - 20
Configuring syslog
The audit_syslog_level initialization parameter sets facility.priority of the messages. The syslog.conf file determines where syslog writes the message.
4 - 21
@edrsr5p1
4 - 22
syslog Limitations
syslog limitations: Fine-grained audit records are not captured. Oracle Label Security audit records are not captured. Oracle Database Vault audit records are not captured. Message limited to 1,024 bytes on some machines. Remote messages are sent by user datagram protocol (UDP)
4 - 23
Value-Based Auditing
Trigger fires.
4 - 25
4 - 27
4 - 29
Summary
In this lesson, you should have learned how to: Implement basic database auditing Implement auditing of the privileged user Implement DML and DDL auditing Send audit records to the OS files
4 - 30