Auditing dba to syslog
Hi Hemant,
11.2.0.1
Aix 6.1
I am still confused about sys logging.
I configured sys logging already thru:
editing pfile and add:
*.audit_file_dest='/var/log/oracle/proddr'
*.audit_sys_operations=TRUE
*.audit_trail='OS'
*.audit_syslog_level='LOCAL5.INFO'
The auditor asked me to test login sys and drop the EMP table at scott;
Then check if I was logged in OS syslog. But it was not there
How do I include this sys activity in syslog?
Thanks,
zxy
yxes2013 wrote:
Hi Jg, can you spank Sybrand for me so he gets politeness lesson
I really don't know who was impolite here, since when saying to someone to read doc is impolite ?
You are trying to make funny post with your smiley, but it is not anymore long ago.
Should I add that you marked the answer of smon as correct whereas it has nothing to do with your original question ? That's just a shame. Who's impolite ?
-- Once more, and as long as your threads are slipping down, I'm gonna to lock them. That one too --
Nicolas.
Similar Messages
-
Fine Grained Audit records to syslog
Hello experts,
I am working on Standard Auditing and Fine Grained Auditing on 11.2.0.3 databases on Red Hat x86_64.
I am trying to send Fine Grained Audit records to syslog as for my Standard Audit records with audit_trail set to OS, but can't find any appropriate option.
When I create FGA policies with the ADD_POLICY procedure of the DBMS_FGA package, the audit_trail parameter can only be set to DB or XML, as stated in [PL/SQL Packages and Types Reference|http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_fga.htm#CDEIECAG].
Does somebody know if it is possible to send FGA audit records to syslog directly:
1. without using any additional product (e.g. Oracle Audit Vault)?
2. without doing manual extraction from fga_log$ or DBA_COMMON_AUDIT_TRAIL?
Thanks for any suggestion.Hi,
Well, i did not used FGA yet.
I used audit_Trail=db and the query SELECT username,extended_timestamp,owner,obj_name,action_name,sql_text FROM dba_audit_trail WHERE to_char(extended_timestamp, 'DD/MM/RR') = to_char(SYSDATE - 1, 'DD/MM/RR') ORDER BY timestamp)
Then i wrote a procedure, and exported the results using utl_file .
And i scheduled this procedure to run daily.
It works pretty good, if you like the solution as ask for details.
Hope that helps,
Regards. -
Audit DBA Activity, skip table from logical standby!
Dear All,
My database is 10gR2 on windows 2003 server.
I want to know if I can put some audit on the commands: execute dbms_logstdby.skip() to skip tables from Logical standby and also the same on unskipping the objects exec dbms_logstdby.unskip.
Thanks, ImranHi,
Given that your Database is 10g, the auditing options were extended to included DML from only SELECT in 9i, but not audit on procedures. You could double check the Fine Grained Auditing options in 10g, but I don't think this extends to DBMS_ packages.
I would consider writing a trigger or a small job that monitors the DBA_LOGSTDBY_SKIP view for additional entries. This is the only workaround that I can suggest that might fit your needs. -
Standard and sys audit to syslog
Hello,
I have question about enabling auditing to syslog.
Is it possible to configure standard and sys auditing to local syslog in linux environment?
I have read that from version 10.2 it is possible to add AUDIT_SYSLOG_LEVEL parameter to init.ora to send audit trail to syslog. But I need to have both auditings: standard auditing and sys operations auditing on a remote host using syslog.
Regards
DominikHi,
I hope that the following document helps: http://www.springerlink.com/index/ut68j3652k06747j.pdf
Regards,
Naveed. -
Hi all,
11.2.0.1
OEL 6
I have finished configuring send oracle audit log to syslog.
In the /etc/syslog.conf configuration file:
#Save oracle rdbms audit trail to oracle_audit.log
local0.info /var/log/oracle/oracle_audit.log
#Send oracle rdbms audit trail to remote syslog server
local0.info @192.168.100.1
It mentioned local0.info @192.168.100.1 , which file_name & folder location is the log written on this remote target server? Do I need to configure it also?
Thanks a lot,
zxyHi,
I hope that the following document helps: http://www.springerlink.com/index/ut68j3652k06747j.pdf
Regards,
Naveed. -
Audit is enabled and working fine in Global zone.
root@MMS11:/var/audit# uname -a
SunOS MMS11 5.11 11.2 sun4v sparc sun4v
root@MMS11:/var/audit#
root@MMS11:/var/audit#
root@MMS11:/var/audit# pkg info entire
Name: entire
Summary: entire incorporation including Support Repository Update (Oracle Solaris 11.2.3.4.1).
Description: This package constrains system package versions to the same
build. WARNING: Proper system update and correct package
selection depend on the presence of this incorporation.
Removing this package will result in an unsupported system. For
more information see
https://support.oracle.com/rs?type=doc&id=1672221.1.
Category: Meta Packages/Incorporations
State: Installed
Publisher: solaris
Version: 0.5.11 (Oracle Solaris 11.2.3.4.1)
Build Release: 5.11
Branch: 0.175.2.3.0.4.1
Packaging Date: October 2, 2014 10:39:23 PM
Size: 5.46 kB
FMRI: pkg://solaris/[email protected],5.11-0.175.2.3.0.4.1:20141002T223923Z
root@MMS11:/var/audit#
root@MMS11:/var/audit# ls -lhtr
total 34343
-rw-r----- 1 root root 400K Apr 7 16:41 20150407134107.20150407134155.MMS11
-rw-r----- 1 root root 11M Apr 7 17:21 20150407134157.20150407142120.MMS11
-rw-r----- 1 root root 5.5M May 4 13:57 20150504103940.not_terminated.MMS11
root@MMS11:/var/audit#
root@MMS11:/var/audit# ls -lhtr /var/adm/auditlog
-rw-r----- 1 root root 1.0M May 4 13:57 /var/adm/auditlog
root@MMS11:/var/audit# audit -s
root@MMS11:/var/audit# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / solaris shared
5 MMS_NG running /zones/MMS_NG solaris shared
=======================================================
but I am unable to enable audit on local zone.
I have following
root@MMS11:/var/audit# zlogin MMS_NG
[Connected to zone 'MMS_NG' pts/14]
Oracle Corporation SunOS 5.11 11.2 September 2014
You have mail.
root@MMS_NG:~#
root@MMS_NG:~#
root@MMS_NG:~# audit -s
audit: Neither local nor remote auditing is configured in the non-global zone.
root@MMS_NG:~#
root@MMS_NG:~# audit -n
audit: Neither local nor remote auditing is configured in the non-global zone.
root@MMS_NG:~# cd /var/audit
root@MMS_NG:/var/audit# ls -lhtr
total 94399
-rw-r----- 1 root root 149M Apr 7 16:40 20150208124745.not_terminated.MMS_NG
How I can enable audit in NG zone, I want to enable audit logs with syslog service. as enabled and configured on Global Zone.I'm not sure why Ur looking for /etc/system in zones..
now in soalris 10u10 /soalrs 11..you can configure the kernel parameters as application/user specific
you can use projadd command to add the resources like shared memory
if you want add the parameters as global you can use
zonecfg
you can refer this doc what parameters u can add to zone with zonecfg
http://docs.oracle.com/cd/E19455-01/817-1592/z.config.ov-1/index.html
zone.cpu-shares (preferred: cpu-shares)
zone.max-locked-memory
zone.max-lwps (preferred: max-lwps)
zone.max-msg-ids (preferred: max-msg-ids)
zone.max-sem-ids (preferred: max-sem-ids)
zone.max-shm-ids (preferred: max-shm-ids)
zone.max-shm-memory (preferred: max-shm-memory) -
Hi All!
I have been experimenting with Sun Basic Security Module (BSM) and was trying to send audit data via syslog to a central logging server like so:
# cat /etc/security/audit_startup
/usr/sbin/auditconfig -setpolicy +argv,arge
# cat /etc/security/audit_control
plugin: name=audit_syslog.so;p_flags=lo,ex,fr,fc,fd,fw,fmThis does produce the desired log output on the central logging server, except that the log lines do not contain command line parameters / environment variables:
2008-10-14T15:04:26-06:00 csadm4/csadm4 audit: [ID 702911 audit.notice] execve(2) ok session 1576737601 by rem_adm as root:root in csadm4 from csadm1-16.shell.ca obj /usr/bin/lessAs this makes it pretty useless for keeping proper audit records (there is a difference between
rm ~/file and
rm /file that I would like to see) I was wondering if there is a way to customize what is actually produced by audit_syslog.so?
Thanks in advance,
RudolfNo, your plugin doesn't get any access to the command line. Look for other methods of IAC (COM, DDE, shared memory, shared file, etc.)
-
How to check which privileges user is using
Hello All,
I have a user assigned DBA role in mistake many years back.
During our security overview I is flagged and now I need to revoke the DBA role from that user.At the moment it look like as follows and I am on 10204 database
Privilege
Category Granted Privilege
Role Privs CONNECT
DBA
OEM_MONITOR
RESOURCE
Sys Privs ALTER ANY MATERIALIZED VIEW
ANALYZE ANY
CREATE ANY MATERIALIZED VIEW
CREATE PROCEDURE
CREATE ROLE
CREATE SEQUENCE
CREATE SESSION
CREATE TABLE
CREATE VIEW
DROP ANY MATERIALIZED VIEW
GLOBAL QUERY REWRITE
UNLIMITED TABLESPACE
Now I need to find what all privileges out of approx 158 in the DBA role this user is using so that I can revoke the DBA role and assign that sys privielege exclusively and later on trim down a bit on those as well if possible?
Can someone help me in finding or is there a way possible to find out which privileges are actually being used by the user assigned to him via DBA role?
I can find something on net on those lines, any help or useful pointers would be highly appreciated.
Many Thanks,
RishiHello All,
Right I think auditing the DBA role could save my day.I have enable the auditing on the DB for dba role as shown below:
audit_file_dest string /oraadmin/tgtx/10/adump
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB, EXTENDED
Exact version of the database is:
Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Prod
PL/SQL Release 10.2.0.4.0 - Production
CORE 10.2.0.4.0 Production
TNS for Linux: Version 10.2.0.4.0 - Production
NLSRTL Version 10.2.0.4.0 - Production
I have enable the audit dba role for user exeter as shown:
SYS@TGTX> AUDIT DBA by exeter WHENEVER SUCCESSFUL;
Audit succeeded.
Now I expect to audit all the sys privs assigned to dba role but alas its not working as expected if anyone can shed any light ON it, what I am trying to do is as follows:
I am trying to use the sys priv that is create any table as user exeter who is assigned dba role as follows:
SYS@TGTX> select * from dba_role_privs where grantee='EXETER';
GRANTEE GRANTED_ROLE ADM DEF
EXETER DBA NO YES
EXETER CONNECT NO YES
EXETER RESOURCE NO YES
EXETER OEM_MONITOR NO YES
EXETER@TGTX> create table dbaschema.test2 (srno number(10));
Table created.
Now I expect to see some records in dba_audit_trail as a result of above commands but there is none, am I doing anything wrong here?
SELECT * FROM dba_audit_trail
WHERE USERNAME = 'EXETER'
ORDER BY timestamp;
No rows returned but I shall have expected atleast one row to be returned here after enabling the audit on DBA role by exeter.
Any Ideas?
Thanks
Rish -
Oracle parsing SQL with Hibernate
Hi,
I build an J2EE application using framework Hibernate. After auditing DBA on any scenario from my soft, I note all request SQL executed are parsed. Same request, using "bind variable", so identical, is parse as many time it execute (ratio 1/1)... Not really powerful, isn't it?
Did somebody already encounter the problem?
ThanksThis sort of technical question needs to be addressed to one of the technical forums. Products | Database | SQL and PL/SQL would seem to be appropriate here.
Have you tried applying the latest patchset for your database? Seems to work for me on 9.2.0.5
SCOTT @ HP92 Local> select * from (
2 select dept.*,emp.ename from dept
3 left outer join emp on (emp.deptno=dept.deptno)
4 )
5 where (deptno) in
6 (
7 select deptno a from
8 (
9 select deptno,dname from dept where deptno=10
10 UNION ALL
11 select deptno,dname from dept where deptno=20
12 )
13 )
14 /
DEPTNO DNAME LOC ENAME
10 ACCOUNTING NEW YORK CLARK
10 ACCOUNTING NEW YORK KING
10 ACCOUNTING NEW YORK MILLER
20 RESEARCH DALLAS SMITH
20 RESEARCH DALLAS JONES
20 RESEARCH DALLAS SCOTT
20 RESEARCH DALLAS ADAMS
20 RESEARCH DALLAS FORD
8 rows selected.
SCOTT @ HP92 Local> select * from v$version;
BANNER
Oracle9i Enterprise Edition Release 9.2.0.5.0 - Production
PL/SQL Release 9.2.0.5.0 - Production
CORE 9.2.0.6.0 Production
TNS for 32-bit Windows: Version 9.2.0.5.0 - Production
NLSRTL Version 9.2.0.5.0 - ProductionJustin
Distributed Database Consulting, Inc.
http://www.ddbcinc.com/askDDBC -
Lighthouse Waveset Database Structure
Hi All,
Can anybody help me in figuring out the database structure for the default Lighthouse Database - waveset
In IDM 5.0, 9 tables have been defined in the waveset database (14 tables in idm 6.0). Primary, foreign and composite keys have been defined for the same. Can anyone help me in finding out which attribute is the primary/foreign/composite key to which table..
I would also appreciate if somebody helps me in finding out which attribute(from which table) holds the application data viz .... User data(Provisioning Status like deleted, disabled, etc etc), Logs, Reports etc.
Any help will be highly appreciated....
Best RegardsThe data structure is found in the scripts which create the tables for you in the db_scripts directory. When you install you have to run that script. All the info should be there.
Main tables (userobj, account etc) all have a PK of ID. The tables are linked to the *attr tables via the id column (1-many relation). Most of the information you are looking for is part of the xml stored for each object if it is not specifically stored as an extended attribute in attr1..5.
a bit more so you know where to start looking:
userobj, userattr: user objects, no account information
account, acctattr: all resource account objects
task, taskattr: all tasks
org, orgatrr: organisations in IDM
object, attribute: all other objects
Logging:
log, logattr: audit log information
syslog, slogattr: system log
Reports are always generated they are not stored.
WilfredS -
Login attempts with wrong /expired password..Security
Hi,
I need to know dictionary view , which tells which user is trying to login with wrong password.
Actually login history for oracle user account.
please tell procedure or configurations for this.
Thanks in advance.
AjThis is a correct method for OLD versions
See correct value for AUDIT_TRAIL in 10g : http://download.oracle.com/docs/cd/B19306_01/server.102/b14237/initparams016.htm#REFRN10006
From a security point of view, the best is to audit into OS (syslog : http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/auditing.htm#sthref1168)
From a day-by-day point of view, the simplier is to audit into DB (SYS.AU$)
Thoses parameters are not dynamic but you've to modify thoses in spfile, as Oracle recommand using spifile instead of pfile.
svrmgrl no longer exist, you have to do this in sqlplus. -
Hi,
When trying to launch the console using lh console, getting Failed to write audit record and syslog record error.
-----------------------<Start Cause>-----------------------
==> com.waveset.util.InternalError:
==> weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
com.sun.idm.logging.LoggingException:
==> com.waveset.util.InternalError:
==> weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
at com.sun.idm.logging.audit.AbstractAuditLogPublisher.handleError(Abstr
actAuditLogPublisher.java:105)
at com.sun.idm.logging.audit.RepoPublisher.publish(RepoPublisher.java:84
at com.sun.idm.logging.AsynchronousPublisher$Writer.run(AsynchronousPubl
isher.java:79)
at java.lang.Thread.run(Thread.java:595)
Wrapped exception:
com.waveset.util.InternalError:
==> weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
at com.waveset.repository.RelationalDataStore.addItem(RelationalDataStor
e.java:1653)
at com.waveset.repository.OracleDataStore.addItem(OracleDataStore.java:1
495)
at com.waveset.repository.RelationalDataStore$Item.add(RelationalDataSto
re.java:461)
at com.waveset.repository.AbstractDataStore.addItems(AbstractDataStore.j
ava:7703)
at com.waveset.repository.AbstractDataStore.add(AbstractDataStore.java:3
009)
at com.waveset.repository.AbstractDataStore.add(AbstractDataStore.java:2
409)
at com.waveset.repository.ServerRepository.add(ServerRepository.java:282
3)
at com.waveset.server.InternalSession.checkinObject(InternalSession.java
:697)
at com.sun.idm.logging.audit.RepoPublisher.writeRecord(RepoPublisher.jav
a:126)
at com.sun.idm.logging.audit.RepoPublisher.publish(RepoPublisher.java:81
at com.sun.idm.logging.AsynchronousPublisher$Writer.run(AsynchronousPubl
isher.java:79)
at java.lang.Thread.run(Thread.java:595)
Wrapped exception:
weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
at weblogic.jdbc.rmi.internal.PreparedStatementImpl_weblogic_jdbc_wrappe
r_PreparedStatement_oracle_jdbc_driver_T4CPreparedStatement_921_WLStub.setBlob(U
nknown Source)
at weblogic.jdbc.rmi.internal.PreparedStatementStub_weblogic_jdbc_rmi_in
ternal_PreparedStatementImpl_weblogic_jdbc_wrapper_PreparedStatement_oracle_jdbc
driverT4CPreparedStatement_921_WLStub.setBlob(Unknown Source)
at weblogic.jdbc.rmi.SerialPreparedStatement_weblogic_jdbc_rmi_internal_
PreparedStatementStub_weblogic_jdbc_rmi_internal_PreparedStatementImpl_weblogic_
jdbc_wrapper_PreparedStatement_oracle_jdbc_driver_T4CPreparedStatement_921_WLStu
b.setBlob(Unknown Source)
at com.waveset.repository.OracleDataStore.setString(OracleDataStore.java
:783)
at com.waveset.repository.TypeHandler.setString(TypeHandler.java:281)
at com.waveset.repository.LogTypeHandler.prepareToAddObject(LogTypeHandl
er.java:1152)
at com.waveset.repository.RelationalDataStore.addItem(RelationalDataStor
e.java:1638)
at com.waveset.repository.OracleDataStore.addItem(OracleDataStore.java:1
495)
at com.waveset.repository.RelationalDataStore$Item.add(RelationalDataSto
re.java:461)
at com.waveset.repository.AbstractDataStore.addItems(AbstractDataStore.j
ava:7703)
at com.waveset.repository.AbstractDataStore.add(AbstractDataStore.java:3
009)
at com.waveset.repository.AbstractDataStore.add(AbstractDataStore.java:2
409)
at com.waveset.repository.ServerRepository.add(ServerRepository.java:282
3)
at com.waveset.server.InternalSession.checkinObject(InternalSession.java
:697)
at com.sun.idm.logging.audit.RepoPublisher.writeRecord(RepoPublisher.jav
a:126)
at com.sun.idm.logging.audit.RepoPublisher.publish(RepoPublisher.java:81
at com.sun.idm.logging.AsynchronousPublisher$Writer.run(AsynchronousPubl
isher.java:79)
at java.lang.Thread.run(Thread.java:595)
Caused by: java.rmi.MarshalException: failed to marshal setBlob(ILjava.sql.Blob;
); nested exception is:
java.io.NotSerializableException: oracle.sql.BLOB
at weblogic.rjvm.BasicOutboundRequest.marshalArgs(BasicOutboundRequest.j
ava:91)
at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
... 18 more
Caused by: java.io.NotSerializableException: oracle.sql.BLOB
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1081)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:302)
at weblogic.rjvm.MsgAbbrevOutputStream.writeObject(MsgAbbrevOutputStream
.java:614)
at weblogic.rjvm.MsgAbbrevOutputStream.writeObjectWL(MsgAbbrevOutputStre
am.java:603)
at weblogic.rmi.internal.ObjectIO.writeObject(ObjectIO.java:38)
at weblogic.rjvm.BasicOutboundRequest.marshalArgs(BasicOutboundRequest.j
ava:87)
... 19 more
------------------------<End Cause>------------------------
-----------------------<Start Cause>-----------------------
==> com.waveset.util.InternalError:
==> weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
com.sun.idm.logging.LoggingException:
==> com.waveset.util.InternalError:
==> weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
at com.sun.idm.logging.RepositoryLogWriter.handleError(RepositoryLogWrit
er.java:141)
at com.sun.idm.logging.RepositoryLogWriter.publish(RepositoryLogWriter.j
ava:83)
at com.sun.idm.logging.AsynchronousPublisher$Writer.run(AsynchronousPubl
isher.java:79)
at java.lang.Thread.run(Thread.java:595)
Wrapped exception:
com.waveset.util.InternalError:
==> weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
at com.waveset.repository.RelationalDataStore.addItem(RelationalDataStor
e.java:1653)
at com.waveset.repository.OracleDataStore.addItem(OracleDataStore.java:1
495)
at com.waveset.repository.RelationalDataStore$Item.add(RelationalDataSto
re.java:461)
at com.waveset.repository.AbstractDataStore.addItems(AbstractDataStore.j
ava:7703)
at com.waveset.repository.AbstractDataStore.add(AbstractDataStore.java:3
009)
at com.waveset.repository.AbstractDataStore.add(AbstractDataStore.java:2
409)
at com.waveset.repository.ServerRepository.add(ServerRepository.java:282
3)
at com.waveset.server.InternalSession.checkinObject(InternalSession.java
:697)
at com.sun.idm.logging.RepositoryLogWriter.writeRecord(RepositoryLogWrit
er.java:127)
at com.sun.idm.logging.RepositoryLogWriter.publish(RepositoryLogWriter.j
ava:80)
at com.sun.idm.logging.AsynchronousPublisher$Writer.run(AsynchronousPubl
isher.java:79)
at java.lang.Thread.run(Thread.java:595)
Wrapped exception:
weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
at weblogic.jdbc.rmi.internal.PreparedStatementImpl_weblogic_jdbc_wrappe
r_PreparedStatement_oracle_jdbc_driver_T4CPreparedStatement_921_WLStub.setBlob(U
nknown Source)
at weblogic.jdbc.rmi.internal.PreparedStatementStub_weblogic_jdbc_rmi_in
ternal_PreparedStatementImpl_weblogic_jdbc_wrapper_PreparedStatement_oracle_jdbc
driverT4CPreparedStatement_921_WLStub.setBlob(Unknown Source) ......
Anyone familiar with this?
Thanks,
TeenaFirst of all, which version of WAS is this?
Secondly, have you seen this: http://download.oracle.com/docs/cd/E19543-01/820-2956/AppC_Websphere_datasource_configuration.html#wp17404
==========
# Point the repository to the new location. For example:
lh -Djava.ext.dirs="$JAVA_HOME/jre/lib:$JAVA_HOME/jre/lib/ext: $WASHOME/lib:$WASHOME/:$WASHOME/runtimes" setRepo
-Uusername
-Ppassword
-toracle -icom.ibm.websphere.naming.WsnInitialContextFactory -fDataSourcePath -n -o
In the above example the DataSourcePath might be jdbc/jndiname. The -Djava.ext.dirs option adds all of the JAR files all of the JAR files in WebSphere's lib/ and java/jre/lib/ext/ directories to the CLASSPATH. This is necessary in order for the setRepo command to run normally.
Change the -f option to match the value you specified for the JNDI Name field when configuring the data source. See setRepo Reference for more information about this command.
java.ext.dirs is what's critical and if you follow the instructions on the above page it will work.
"runtimes" will have the naming .jar , namingclient.jar... and others needed.
==========
After reading that document and trying the steps, if it still doesn't work please let us know exactly what you did, step by step, along with the error you're seeing.
Good luck. -
Questions on Reflexive Access Lists
Hi Sir,
I'm trying to protect a server farm using reflexive access lists. I also would like any hosts to originate connections to the servers on TCP ports 23 (telnet) and 25 (smtp).
The config on the core router is as follows:
int Vlan10
description *** Server Farm ***
ip address 172.16.10.1 255.255.255.0
ip access-group inboundfilters in
ip access-group outboundfilters out
int Vlan20
description *** Marketing Department ***
ip address 172.16.20.1 255.255.255.0
int Vlan30
description *** Engineering Department ***
ip address 172.16.30.1 255.255.255.0
ip access-list extended outboundfilters
permit tcp any any eq telnet
permit tcp any any eq smtp
evaluate iptraffic
ip access-list extended inboundfilters
permit ip any any reflect iptraffic
My questions:
(1) I yet to test the above config on an actual router. However, is it correct theoretically?
(2) If I were to allow outside hosts to initiate connections to the servers on more protocols/ports, I would be adding more normal "permit" statements in the outboundfilters ACL before the "evaluate" statement. Wouldn't this become very static-based, as far as security is concerned?
(3) If you have other better feature options that meet my requirements, please do recommend.
Please advise.
Thank you.
B.Rgds,
Lim TSHi Lim,
CBAC is good as well, considering the following features:
1. Traffic Filtering:
- filters TCP and UDP packets based on application-layer protocol session information.
- permit specified TCP and UDP traffic through a firewall when the connection is initiated from inside protected network, or outside network.
2. Traffic Inspection
- discover and manage state information for TCP and UDP sessions which is used to create temporary openings in the firewall's access lists to allow return traffic and additional data connections for permissible sessions.
- Protect against DoS attack by checking/verifying sequence no (must be within the expected range) and discard unknown packets. Same goes to attack via fragmented IP.
3. Alerts and Audit Trails
- can send real-time alerts and audit trails to syslog server (or buffer log)
4. Intrusion Detection
- Embedded with 59 well-known IDS signatures. Similar to IDS features in PIX.
Limitations:
1. Only protect protocol you specify. The rest will depend on ACL you have in the router but not up to session layer.
2. No protection for attacks originating from internal network, unless if you have firewall (pix/asa/ios-firewall) protection.
3. Only protect certain type of well-known attacks only - based on 59 embedded IDS signatures
For spoofing protection, i.e spoof attack from outside/common user segment, maybe you should apply RFC2827 (prevent IP on protected segment from coming back into that segment from outside). Make sure your ACL has the 'establish' keyword as well. As recommended by Cisco, you should apply multiple layer of security protection both on your router and other devices connected to it.
Cheers! -
DBA Opinion on Audit Logs in Oracle Database
As the title suggests - what are your initial reaction when your auditors come to you and say "why arent audit logs turned on table a, b, c, d.....z, a1 etc".
Scenario - say the auditor is interested in audit logs and settings as the Database houses PII and bank account data....
The common response from the DBA from what I have seen is "do you realise how much this will cost and what impact it will have on performance" (waving your fists).
So please tell me as a profressional Oracle DBA:
What financial (broke down in detail if poss) considerations need to be made when deploying an audit policy to a database housign sensitive data.
What technical (broke down in detail if poss) considerations need to be made when deploying an audit policy to a database housign sensitive data.
I look forward to your replies.Many, many things to consider.
It will be generally not practical to audit everything down to excruciating detail (as usually requested by well-meaning but technically challenged auditors) without causing significant overhead. Having said that it will be equally irresponsible not to setup auditing on a database that will be used for production. So every DBA needs to find a happy medium that is acceptable to the management, users, auditors, plus compliance with industry/state/federal regulations, etc.
If you wish to use Fine-grained Auditing (FGA), it requires an Enterprise Edition license.
If you need a crash course, Rampant publishes a book that addresses Oracle Auditing:
Oracle Privacy Security Auditing -
Hello all....I am working on setting up the auditing to write to syslogs. I am having trouble understanding what to use for the facility and level. Can anyone point me in the right direction as to what these facilities and levels mean?
TIAi believe those terms are related to syslog which is used on nix systems. if you are using nix then you should check the man page on syslog.conf.
as the docs state, the facility indicates where the message is coming from (such as the kernel, cron, local0 - local 7), and there's the level, which indicates how urgent the message is (info, warning, critical...).
i say this with never actually having used it though...
if you're using windows, well, .... i can't say.
Maybe you are looking for
-
Whenever I run the test report and don;t fill in the USERID parameter before I click SUBMIT, the database logon screen appears prompting me to enter the db info..but when I enter the info and click SUBMIT, the same screen keeps reappearing with the f
-
First_value in Oracle olap based on non - time dimension
Hi Experts, I am trying to figure out to do first_value kind of calculation in Oracle OLAP. Here is the requirement - Fact table - cust_id valid_flag balance 1 y 1000 1 y 1500 2 N 0 2 y 2000 2 y 2500 If valid_flag ='N' and balance =0, then set balanc
-
Hello How to include script logic in default logic?
-
Seemingly random 8-bit audio files
We're running into several instances of files apparently changing from 16 to 8 bit. We can work on a project with 16 and 24 bit files without any issues. Then, occasionally, when reopening the same project, several files from a project become unplaya
-
Problem With XML and DataGrid)
Hi, I do have a question how to get my XML data in the appropriate way into my DataGrid. I wrote a labelFunction to get the data into the grid but I still have the problem that the length of the DataGrid depends on the dataProvider and I can't find a