Auditing of privileged users needed

I know that the SYS.AUD$ table audits all users except SYS and INTERNAL (not sure about SYSTEM). The auditing documentation [http://technet.oracle.com/docs/products/oracle8i/doc_library/817_doc/server.817/a76965/c27audit.htm] states an operating system audit trail for auditing instance startup/shutdown, as well as connections to the database for users with admin privileges. We have a requirement to log privilege users' activities.
(a) Does this audit trail have the same schema as the SYS.AUD table?
(b) What documentation is available that states where this audit trail resides (I know its the same directory as the background trace files IF the OS does not make an audit trail accessible to Oracle.) I.e., how is its location specified if the OS DOES make an audit trail available to Oracle? Any assistance is greatly appreciated.

Sorry for asking again, but I would need to be more specific in questions 1 and 2, so:
- What of the referred versions (7, 8, 9, 10) allows and what does not allow this audit?
- Apart from any specific user created in a database, what are the standard users which can be considered by default "privileged users" and what specific actions are suggested to be audited as a minimum.
Thanks again! Kind regards.

Similar Messages

  • Audit log files user rights

    Hello,
    I started binary audit some of my servers. It works fine.
    Generated files has 600 mask and root:root group:user. This makes my backup routines sick. Backup scripts work as another user and permission denied errors arises.
    How can i change audit files mask?
    Thanks,
    Osman

    Although I'm not sure I don't think you can since audit data will always need solid protection due to the included information. The only liable option I see is to use syslog as your logging daemon.

  • Non-privileged user groups and examples of tasks

    Wiki says that normal, non-privileged users can and should be given membership in the following groups:
    audio - for tasks involving sound card and related software
    floppy - for access to a floppy if applicable
    lp - for managing printing tasks
    optical - for managing tasks pertaining to the optical drive(s)
    storage - for managing storage devices
    video - for video tasks and hardware acceleration
    wheel - for using sudo
    power - used w/ power options (e.g.: shutdown with power button)
    What I'm interested is the examples of the typical tasks (besides mentioned on Wiki) that require membership in these groups: storage, video, power, camera, games.
    If someone could break it down nicely I would be much obliged. Thank you.

    Runiq wrote:
    Storage allows you to (un)mount removable media as user in graphical file managers (when HAL is involved).
    Power allows you t resume/suspend/shutdown/reboot as user.
    Some games set the permissions on their executables so that a non-member of the games group can't start the game.
    For the others, I have no idea unfortunately. By the way, the groups are to be deprecated in the (rather far?) future since you are supposed to get proper permissions when you need them. I think ConsoleKit is involved in that IIRC.
    Thanks for a quick reply. That's an interesting idea to grant privileges dynamically on demand. Haven't heard of it yet. Where can I read about it more?
    Last edited by xCrucialDudex (2010-02-26 09:38:07)

  • Auditing non-dba user grants?

    Hi,
    I'm trying to audit if an user grants a privilege on their objects to another user. ex:
    show user
    USER is "TESTUSER1"
    grant select on mytable1 to testuser2I'm trying with "AUDIT GRANT ANY OBJECT PRIVILEGE BY ACCESS" but it only audit grants/revokes performed by DBA user.
    Also I'm trying whit "AUDIT GRANT TABLE BY ACCESS" but nothing appears in audit trail.
    How can I do it?
    Oracle version 11.1.0.6
    audit parameters:
    audit_sys_operations                 boolean     TRUE
    audit_trail                          string      DBRegards

    Ok, I know what was happening.
    I was testing it without closing the test-user session. I didn't know that the AUDIT GRANT won't work in the active sessions at activation time.
    ex:
    TERMINAL 1:
    $ sqlplus '/as sysdba'
    SQL*Plus: Release 11.1.0.6.0 - Production on Vie Abr 26 11:44:04 2013
    Copyright (c) 1982, 2007, Oracle.  All rights reserved.
    Conectado a:
    Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
    With the Partitioning, OLAP, Data Mining and Real Application Testing options
    SQL> show parameter audit_trail;
    NAME                                 TYPE        VALUE
    audit_trail                          string      DB
    SQL> audit resource, connect;
    Auditoría terminada correctamente.
    SQL> create user testuser1 identified by ****;
    Usuario creado.
    SQL> create user testuser2 identified by ****;
    Usuario creado.
    SQL> grant resource, connect to testuser1;
    Concesión terminada correctamente.TERMINAL 2:
    sqlplus
    SQL*Plus: Release 11.1.0.6.0 - Production on Vie Abr 26 11:45:19 2013
    Copyright (c) 1982, 2007, Oracle.  All rights reserved.
    Introduzca el nombre de usuario: testuser1
    Introduzca la contraseña:
    Conectado a:
    Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
    With the Partitioning, OLAP, Data Mining and Real Application Testing options
    SQL> create table TEST_TABLE (n number);
    Tabla creada.
    SQL> grant select on TEST_TABLE to testuser2;
    Concesión terminada correctamente.
    SQL> revoke select on TEST_TABLE from testuser2;
    Revocación terminada correctamente.
    SQL> drop table TEST_TABLE;
    Tabla borrada."testuser1" session still open in terminal 2.
    TERMINAL 1:
    SQL> set linesize 190
    SQL> col OBJECT format A30
    SQL> select USERNAME, TIMESTAMP, ACTION_NAME, OWNER || '.' || OBJ_NAME OBJECT, SES_ACTIONS from dba_audit_trail where USERNAME='TESTUSER1' order by TIMESTAMP;
    USERNAME                       TIMESTAMP            ACTION_NAME                  OBJECT                         SES_ACTIONS
    TESTUSER1                      26-ABR-2013 11:45:22 LOGON                        .
    TESTUSER1                      26-ABR-2013 11:45:35 CREATE TABLE                 TESTUSER1.TEST_TABLE
    TESTUSER1                      26-ABR-2013 11:46:00 DROP TABLE                   TESTUSER1.TEST_TABLE
    SQL> AUDIT GRANT TABLE;
    Auditoría terminada correctamente.The AUDIT GRANT TABLE is now activated, but it won't work yet...
    TERMINAL 2 (testuser1 session was still opened):
    SQL> create table TEST_TABLE2 (n number);
    Tabla creada.
    SQL> grant select on TEST_TABLE2 to testuser2;
    Concesión terminada correctamente.
    SQL> revoke select on TEST_TABLE2 to testuser2;
    revoke select on TEST_TABLE2 to testuser2
    ERROR en línea 1:
    ORA-00905: falta una palabra clave
    SQL> revoke select on TEST_TABLE2 from testuser2;
    Revocación terminada correctamente.
    SQL> drop table TEST_TABLE2;
    Tabla borrada.TERMINAL 1:
    SQL> select USERNAME, TIMESTAMP, ACTION_NAME, OWNER || '.' || OBJ_NAME OBJECT, SES_ACTIONS from dba_audit_trail where USERNAME='TESTUSER1' order by TIMESTAMP;
    USERNAME                       TIMESTAMP            ACTION_NAME                  OBJECT                         SES_ACTIONS
    TESTUSER1                      26-ABR-2013 11:45:22 LOGON                        .
    TESTUSER1                      26-ABR-2013 11:45:35 CREATE TABLE                 TESTUSER1.TEST_TABLE
    TESTUSER1                      26-ABR-2013 11:46:00 DROP TABLE                   TESTUSER1.TEST_TABLE
    TESTUSER1                      26-ABR-2013 11:47:16 CREATE TABLE                 TESTUSER1.TEST_TABLE2
    TESTUSER1                      26-ABR-2013 11:47:52 DROP TABLE                   TESTUSER1.TEST_TABLE2Lets close and reopen "testuser1" session
    TERMINAL 2:
    SQL> exit
    Desconectado de Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
    With the Partitioning, OLAP, Data Mining and Real Application Testing options
    $ sqlplus
    SQL*Plus: Release 11.1.0.6.0 - Production on Vie Abr 26 11:48:19 2013
    Copyright (c) 1982, 2007, Oracle.  All rights reserved.
    Introduzca el nombre de usuario: testuser1
    Introduzca la contraseña:
    Conectado a:
    Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
    With the Partitioning, OLAP, Data Mining and Real Application Testing options
    SQL> create table TEST_TABLE3 (n number);
    Tabla creada.
    SQL> grant select on TEST_TABLE3 to testuser2;
    Concesión terminada correctamente.
    SQL> revoke select on TEST_TABLE3 from testuser2;
    Revocación terminada correctamente.
    SQL> drop table TEST_TABLE3;
    Tabla borrada.Now the grant/revoke is audited:
    TERMINAL 1:
    SQL> select USERNAME, TIMESTAMP, ACTION_NAME, OWNER || '.' || OBJ_NAME OBJECT, OBJ_PRIVILEGE, GRANTEE from dba_audit_trail where USERNAME='TESTUSER1' order by TIMESTAMP;
    USERNAME                       TIMESTAMP            ACTION_NAME                  OBJECT                         OBJ_PRIVILEGE    GRANTEE
    TESTUSER1                      26-ABR-2013 11:45:22 LOGOFF                       .
    TESTUSER1                      26-ABR-2013 11:45:35 CREATE TABLE                 TESTUSER1.TEST_TABLE
    TESTUSER1                      26-ABR-2013 11:46:00 DROP TABLE                   TESTUSER1.TEST_TABLE
    TESTUSER1                      26-ABR-2013 11:47:16 CREATE TABLE                 TESTUSER1.TEST_TABLE2
    TESTUSER1                      26-ABR-2013 11:47:52 DROP TABLE                   TESTUSER1.TEST_TABLE2
    TESTUSER1                      26-ABR-2013 11:48:26 LOGON                        .
    TESTUSER1                      26-ABR-2013 11:48:39 CREATE TABLE                 TESTUSER1.TEST_TABLE3
    TESTUSER1                      26-ABR-2013 11:48:46 GRANT OBJECT                 TESTUSER1.TEST_TABLE3          ---------Y------ TESTUSER2
    TESTUSER1                      26-ABR-2013 11:48:56 REVOKE OBJECT                TESTUSER1.TEST_TABLE3          ---------N------ TESTUSER2
    TESTUSER1                      26-ABR-2013 11:49:02 DROP TABLE                   TESTUSER1.TEST_TABLE3
    10 filas seleccionadas.Anyway, thanks Balazs Papp because i was looking for the AUDIT GRANT ON DEFAULT ;)
    Regards

  • What privilege is needed to browse all tables in a schema

    I used SQLPlus to login to DB. When I clicked "table" in the left side window, no tables is shown. What privilege is needed to browse all tables in a schema?
    Thanks.

    SQL*Plus is a command-line interface. There is no side window to click on. Perhaps you're talking about SQL Programmer? Or are you talking about some other tool?
    What user are you logging in as? What user owns the objects? Do you just want to see that the tables exist? Or do you want to be able to see the data as well?
    Justin

  • Ashley Madison Data Breach: The Importance of a Privileged User

    Olá pessoal, feliz dia do Administrador de Sistemas!!
    Então, como vão comemorar esta data tão especial para nós, heróis não reconhecidos?
    Aqui vamos sair para tomar um chopp mais tarde :)
    Ah, comente se algum usuário lembrou do dia!

    The AshleyMadison.com hacker attack potentially exposes more than 37 million user account details and possibly is an inside job. If it is an inside job as CEO Noel Binderman claims, then there’s not much the best security practices can do to prevent it. According to the 2015Vormetric Insider Threat Report, 40% of organizations experienced a data breach or failed a securitycompliance audit in the last year. Globally, 89% feel at least somewhat vulnerable toinsider attacksand 34% feel very or extremely vulnerable.It’s especially disturbing to note that 55% of the respondents in the Vormetric study stated that privileged users posed the biggest internal threat to data and assets. A study conducted by The Association of Certified Fraud Examiners stated that internal attacks cost United States businesses $400 billion per year.Privileged...

  • Auditing a proxy user.

    I am having trouble figuring out the best way to audit a proxy user. Here is the situation:
    user nsarri is created and following auditing features are enabled:
    audit all by nsarri by access;
    audit update table, insert table, delete table,execute procedure by nsarri by access;
       There is a user called APPLICATION_USER which is NOT audited.
    nsarri is given proxy to connect to APPLICATION_USERalter user APPLICATION_USER grant connect through nsarri;
    nsarri can now connect to APPLICATION_USER and run update/delete/create/drop etc
    I need to know what nsarri did while it was connect to APPLICATION_USER as a proxy.
    What is the best way to achieve this?
    Thanks in advance.

    I am having trouble figuring out the best way to audit a proxy user. Here is the situation:
    user nsarri is created and following auditing features are enabled:
    audit all by nsarri by access;
    audit update table, insert table, delete table,execute procedure by nsarri by access;
       There is a user called APPLICATION_USER which is NOT audited.
    nsarri is given proxy to connect to APPLICATION_USERalter user APPLICATION_USER grant connect through nsarri;
    nsarri can now connect to APPLICATION_USER and run update/delete/create/drop etc
    I need to know what nsarri did while it was connect to APPLICATION_USER as a proxy.
    What is the best way to achieve this?
    Thanks in advance.

  • Is it possible to have a PDF form flow to a second page IF the user needs to type in a lot of information? ( Like a Word Doc would)

    Is it possible to have a PDF form flow to a second page IF the user needs to type in a lot of information? ( Like a Word Doc would)
    An automated second page.

    There are two approaches.
    If you wish to use AcroForm technology, then you would need to write a bunch of JavaScript to enable this.  It has been done, but it’s not trivial.
    If you wish to use XFA technology, then it can be setup to happen automatically.
    Be aware that in both cases, even though both technologies are part of the PDF standard, that the forms will only be usable in this manner in Adobe’s viewers as many others don’t support JavaScript or XFA.

  • How to enable a low privilege user to run an administrative script ?

    Hello
    I have a problem which seems to come from the lack of "sudo" in Windows.
    I want standard low privileges users to be enable to run a script that will give them a result (i-e DB status on Exchange). I don't want to give them any right, so the only solutions i think about are
     - to make a scheduled task on a server, and give them only the right to launch the task (but i'd prefer them not to be able to log on the server, so i don't like it)
     - To create a webpage (ASP.NET, i guess) that runs the script when they click a button. I'm not a dev, i won't be able to do it easily but i think i will have to.
    Do you have better ideas please ?

    Signed scripts could include authorizations to be ran from some chosen users...
    This is not possible in Windows because an process that can escalate inside of a user process allows the user process namespace to access the processes security context. This makes it possible for the process to see the credentials of the script. The password
    also has to beencoded in a way that he user can decode so it is almost the same as giving out the admin password.
    UAC is designed to protect an admin.  Bypassing authentication or merging it with a users context defeats the security.
    The closes we can come is to delegate the authority carefully or to provide a proxy service that is secure.
    Access to read the Exchange DB status can be delegated without giving admin access to Exchange.  Post in Exchange forum to learn how to set up Exchange read-only operators.
    I recommend that this should be done as a set of reports exposed through a web site.  The reports can be generated daily or more frequently.  This would be more consistent with other management scenarios.
    ¯\_(ツ)_/¯

  • Projector for CD ROM - user need player?

    I'm creating a CD ROM presentation. If I export the
    presentation as a projector does the user need to have Flash Player
    to view it? I was under the impression that the projector was a
    standalone player so there are no requirements on the user
    end.

    That's the right impression

  • User needs to delete a line item from old STO

    Hi all,
    User needs to delete a line item from old stock transfer order and would like to be advised what he needs to do to delete the line item from the STO.
    On the STO, Goods Issue done and reversed also. Delivery completed indicator not checked. I aslo found that the payment has been made for the line item 40 for Freight. Carrier charges. It seems that the payment has been made/cleared to the vendor.  I think Due to this reason they are unable to remove this line item from STO. They have attempted to delete or block an item that is not yet closed. All down (advance) payments made to date have been taken into account.
    Can you please advice how to resolve this problem?
    Thanks in advance..
    Regards
    Suresh

    Hi,
    Delivery completed tick is also there for STO PO. If you are not getting it then check settings. Also you can mark deletion indicator for that line item. Or minimise quantity to goods received quantity.
    For STO if delivery is made from delivering plant but Goods receipt not done in receiving plant then that material remains in transit. Can viewed with ME5t. In this case that line item cannot be delted or delivery completed.
    Still your client wants to complete these type also better to leave decision to business if they want to reverse delivery (Stock of issuing plant will increase) or make Gr ( Stock of receiving plant will increase) Although they can adjust later with physical inventry process and make stock in system to real physical stock
    Regs,
    Appie

  • Web Dynpro ABAP application users need a backend su01 account?

    Hello Experts
    i have been searching the forums trying to determine if all Web Dynpro  ABAP application users need a backend su01 account?
    thank you for assisting,
    regards,
    Thabiso

    Solved

  • Our company has users on both Acrobat X and XI.  We have custom stamps in X that the XI users need to use. How do we transfer the stamps to use in the newer version?

    Our company has users on both Acrobat X and XI.  We have custom stamps in X that the XI users need to use. How do we transfer the stamps to use in the newer version?

    You just copy the stamp files from one machine and place them in the correct directory on the other. You can find the location of both the user and app stamp directories by running the following code in the interactive JavaScript console:
    app.getPath("user", "stamps");
    app.getPath("app", "stamps");
    Select both lines and press Ctrl+Enter (Windows) or cmd+enter (Mac). Here's what I get with this using Acrobat 11 on a Mac:
    user folder: /Macintosh HD/Users/georgejohnson/Library/Application Support/Adobe/Acrobat/11.0/Stamps/
    app folder: /Macintosh HD/Applications/Adobe Acrobat XI Pro/Adobe Acrobat Pro.app/Contents/Built-in/Comments.acroplugin/Stamps/
    The stamp files (PDFs) might have cryptic looking names, but you can safely open each to see what stamps they contain.

  • Do Windows 8.1 Users Need Third-Party Anti-Malware Software?

    Do Windows 8.1 Users Need Third-Party Anti-Malware Software?

    It depend. Until you make decision update your Defender regularly and stick with general security measures.
    Regards
    Milos

  • What privileges user should have to install and run weblogic on linux box

    What privileges user should have to install and run weblogic on linux box ?

    Hello.
    Normal user if you don't want to listen to ip port < 1024 or write in protected directories (like /var).
    Regards.

Maybe you are looking for

  • XSLT-Mapping for Genesys in combination with IC Webclient

    Hi, Im not sure if this is the correct area of the SDN but I dont know better I have the following problem: In the Account Identification Profile I can define an ApplicationID and an XSLT-File to transform my SOAP-request accordingly to search a Busi

  • How do I see the e-mail account name I used in Sync set up?

    Some time ago I set up a Sync account. Today I am trying to add a device. Itrie four different e-mail addresses for the Sync set up and it indicated none of them matched an existing account. I may have mistyped an e-address on my initial set up. How

  • Font unavailable in script

    I have written the following script to generate a font index in an InDesign document: // Generate new document var doc = app.documents.add(); var frm = doc.pages[0].textFrames.add(); var w = doc.documentPreferences.pageWidth; var h = doc.documentPref

  • Save command has suddenly stopped working

    A few days ago, I was unable to use the save command when accessing a folder for a website that resides on a network drive. Dreamweaver only works now if the local folder is on the same computer as the program. Could a MS update or something similar

  • UME logon screen change

    Hi all, i have a requirement in which i want to replace the UME logon screen with a light weight JSP page . this JSP page will conatian two input field (for user id and password)and a button to logon to application. this page with take the inputs fro