Auditing
18
Copyright © Oracle Corporation, 2002. All rights reserved.
Objectives
After completing this lesson, you should be able to do the following: • Outline auditing categories • Enable auditing for an instance • Outline auditing options • Obtain audit information
18-2 Copyright © Oracle Corporation, 2002. All rights reserved.
Auditing
• Auditing is the monitoring of selected user database
actions, and is used to: – Investigate suspicious database activity – Gather information about specific database activities
• Auditing can be performed by session or access
18-3 Copyright © Oracle Corporation, 2002. All rights reserved.
Auditing Guidelines
• Define what you want to audit: – Users, statements, or objects – Statement executions – Successful statement executions, unsuccessful
statement executions, or both
• Manage your audit trail:
– Monitor the growth of the audit trail – Protect the audit trail from unauthorized access
18-4 Copyright © Oracle Corporation, 2002. All rights reserved.
18-5 Copyright © Oracle Corporation, 2002. All rights reserved.
Auditing Categories
• Audited by default:
– Instance startup and instance shutdown – Administrator privileges
• Database auditing:
– Enabled by the DBA – Cannot record column values
• Value-based or application auditing:
– Implemented through code – Can record column values – Used to track changes to tables
18-6 Copyright © Oracle Corporation, 2002. All rights reserved.
18-7 Copyright © Oracle Corporation, 2002. All rights reserved.
Database Auditing
Execute command
Enable database auditing
User
DBA
Parameter file
Server process
Specify audit options
Review audit information
Generate audit trail
Audit options
OS audit trail
Database
Audit trail
18-8 Copyright © Oracle Corporation, 2002. All rights reserved.
18-9 Copyright © Oracle Corporation, 2002. All rights reserved.
Auditing Options
• Statement auditing:
AUDIT TABLE;
• Privilege auditing:
AUDIT create any trigger;
• Schema object auditing:
AUDIT SELECT ON emi.orders;
18-10 Copyright © Oracle Corporation, 2002. All rights reserved.
Auditing Options
Fine-grained auditing: • Provides the monitoring of data access based on
content
• Is implemented using the DBMS_FGA package
18-11 Copyright © Oracle Corporation, 2002. All rights reserved.
Auditing User SYS
• Auditing user SYS provides: – Extra level of security – Set AUDIT_SYS_OPERATIONS to True
• Non-auditing of user SYS:
– Set AUDIT_SYS_OPERATIONS to False – This is the default value.
18-12 Copyright © Oracle Corporation, 2002. All rights reserved.
Obtaining Auditing Information
Information about auditing can be obtained by querying the following views: • ALL_DEF_AUDIT_OPTS • DBA_STMT_AUDIT_OPTS • DBA_PRIV_AUDIT_OPTS • DBA_OBJ_AUDIT_OPTS
18-13 Copyright © Oracle Corporation, 2002. All rights reserved.
Obtaining Audit Records Information
Information about auditing records can be obtained by querying the following views: • DBA_AUDIT_TRAIL • DBA_AUDIT_EXISTS • DBA_AUDIT_OBJECT • DBA_AUDIT_SESSION • DBA_AUDIT_STATEMENT
18-14 Copyright © Oracle Corporation, 2002. All rights reserved.
Summary
In this lesson, you should have learned how to: • Outline auditing needs • Enable and disable auditing • Identify and use the various auditing options • Obtain audit information
18-15 Copyright © Oracle Corporation, 2002. All rights reserved.
Practice 18 Overview
There is no practice for this lesson.
18-16 Copyright © Oracle Corporation, 2002. All rights reserved.
