Presentation is loading. Please wait.

Presentation is loading. Please wait.

Oracle audit and reporting in one hour or less. Prepared by: Leon Rzhemovskiy Database Architect UnikaSolution.com UGF9157.

Published byJalynn Derham Modified over 9 years ago

Similar presentations

Presentation on theme: "Oracle audit and reporting in one hour or less. Prepared by: Leon Rzhemovskiy Database Architect UnikaSolution.com UGF9157."— Presentation transcript:

1 Oracle audit and reporting in one hour or less. Prepared by: Leon Rzhemovskiy Database Architect UnikaSolution.com UGF9157

2 Learning Objectives 2 Answer questions Who, What, When and Where about any database activity by setting up an Oracle audit. The infrastructure is free and available in every database edition. Stay on top of any possible performance and storage issues by choosing appropriate audit parameters. Build summary and detail reports to analyze audit events from multiple databases using APEX or SQL*Plus. Setup a data retention period and cleanup audit records regularly. Create honeypot to attract hacker’s attention. Enable alerts and send email notifications using Oracle Enterprise Manager infrastructure.

3 Monitoring Infrastructure 3

4 Enabling Auditing 4 Database auditing is enabled and disabled by the AUDIT_TRAIL parameter in the database initialization parameter file. Unfortunately, audit_trail is not a dynamic parameter and as a result, requires a database reboot. To enable the audit, execute the following SQL commands as sysdba: ALTER SYSTEM SET audit_trail=db_extended SCOPE=SPFILE; SHUTDOWN immediate; STARTUP; Verify the audit value by executing SELECT VALUE FROM V$PARAMETER WHERE NAME='audit_trail';

5 Auditing options 5 Audit policy is controlled by setting up options based on the statement, privilege, object and network level. AUDIT and NOAUDIT statements are used to set up auditing settings. Following views could be used to display auditing settings: DBA_PRIV_AUDIT_OPTS; DBA_STMT_AUDIT_OPTS; DBA_OBJ_AUDIT_OPTS; To remove all audit settings on the statement and privilege level execute NOAUDIT ALL PRIVILEGES; NOAUDIT ALL;

6 Auditing Options Setup 6 The auditing event’s frequency impacts database performance and storage. The number of auditing options varies between database versions. You can setup auditing options by running oracle recommended RDBMS/admin/secconf.sql. In my opinion, it is more beneficial to start from auditing everything available and reduce/modify auditing options if needed. AUDIT ALL PRIVILEGES WHENEVER SUCCESSFUL; AUDIT ALL WHENEVER SUCCESSFUL; NOAUDIT CREATE SESSION; AUDIT CREATE SESSION WHENEVER NOT SUCCESSFUL; NOAUDIT SELECT ANY TABLE; NOAUDIT SELECT ANY SEQUENCE; NOAUDIT INSERT ANY TABLE; NOAUDIT DELETE ANY TABLE; NOAUDIT UPDATE ANY TABLE; NOAUDIT EXECUTE ANY PROCEDURE;

7 Audit Reporting 7 Audit entries are stored in SYS.AUD$ table and usually are accessed using DBA_AUDIT_TRAIL view. For every entry, the user name, timestamp, connection origin, action performed and even SQL statement is recorded. You can use TOAD, SQLDeveloper to browse audit records. SQL*Plus could be used to generate html output. The following is a sample: SET MARKUP HTML ON spool summary.html SELECT TRUNC(TIMESTAMP) "Date",COUNT(1) "Count Audit Entries" FROM dba_audit_trail WHERE TIMESTAMP BETWEEN TRUNC(SYSDATE,'MON') AND SYSDATE GROUP BY TRUNC(TIMESTAMP) ORDER BY TRUNC(TIMESTAMP) DESC; exit;

8 Audit reporting using APEX demo 8

9 9

10 10

11 Audit reporting using APEX demo 11

12 Audit reporting using APEX demo 12

13 Audit reporting using APEX demo 13

14 Audit Cleanup 14 The simplest (but not recommended by Oracle) option is TRUNCATE TABLE sys.aud$; If you are running 11g, then use the following solution: -- init cleanup BEGIN DBMS_AUDIT_MGMT.INIT_CLEANUP( AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, DEFAULT_CLEANUP_INTERVAL => 720 /*hours*/ ); END; / -- set timestamp to purge data 30+ days old BEGIN DBMS_AUDIT_MGMT.set_last_archive_timestamp( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, last_archive_time => SYSTIMESTAMP-30); END; / -- cleanup job. Should be scheduled to execute daily BEGIN DBMS_AUDIT_MGMT.clean_audit_trail( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, use_last_arch_timestamp => TRUE); END; /

15 Setup alerts and email notifications 15 Login to Oracle Enterprise Manager Cloud Control 12c Navigate to Enterprise-> Monitoring -> Metric Extensions -> Action -> Create

16 Setup alerts and email notifications 16

17 Honeypot Setup 17 Create a table with an intriguing name and then monitor any attempt to select data from this table. Setup the Metric Extension and email notifications in Enterprise Manager to react on unauthorized actions immediately. CREATE TABLE CUSTOMER_CREDIT_CARDS( Customer_no number(16), Credit_Card_No number(16), Credit_Card_Exp varchar2(4)); GRANT SELECT ON CUSTOMER_CREDIT_CARDS TO PUBLIC; CREATE PUBLIC SYNONYM CUSTOMER_CREDIT_CARDS FOR CUSTOMER_CREDIT_CARDS; AUDIT SELECT ON CUSTOMER_CREDIT_CARDS;

18 Conclusion 18 There is no excuse to avoid setting up an Audit Trail. You will get an enormous value for expending very little effort. You can utilize APEX application or any SQL client to browse Oracle audit entries. You can react immediately on unauthorized activities by setting up Enterprise Manager metric extensions and email notifications.

Download ppt "Oracle audit and reporting in one hour or less. Prepared by: Leon Rzhemovskiy Database Architect UnikaSolution.com UGF9157."

Similar presentations

4 Copyright © 2005, Oracle. All rights reserved. Managing the Oracle Instance.

4 Copyright © 2005, Oracle. All rights reserved. Managing the Oracle Instance.
Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.

Week 6: Chapter 6 Agenda Automation of SQL Server tasks using: SQL Server Agent Scheduling Scripting Technologies.
GOLD SILVER BRONZE. © CGI Group Inc. 2014 Oracle Auditing COUG Presentation – June 19, 2014 Ray Smith June 2014.

GOLD SILVER BRONZE. © CGI Group Inc Oracle Auditing COUG Presentation – June 19, 2014 Ray Smith June 2014.
1 DB2 Access Recording Services Auditing DB2 on z/OS with “DBARS” A product developed by Software Product Research.

1 DB2 Access Recording Services Auditing DB2 on z/OS with “DBARS” A product developed by Software Product Research.
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
SOX Compliance: A Practical Look at Application Auditor Presented By Sunita Sarathy Product Manager Absolute Technologies, Inc.

SOX Compliance: A Practical Look at Application Auditor Presented By Sunita Sarathy Product Manager Absolute Technologies, Inc.
ManageEngine TM Applications Manager 8 Monitoring Custom Applications.

ManageEngine TM Applications Manager 8 Monitoring Custom Applications.
Chapter 9 Auditing Database Activities

Chapter 9 Auditing Database Activities
A Guide to Oracle9i1 Advanced SQL And PL/SQL Topics Chapter 9.

A Guide to Oracle9i1 Advanced SQL And PL/SQL Topics Chapter 9.
AGENDA Tools used in SQL Server 2000 Graphical BOL Enterprise Manager Service Manager CLI Query Analyzer OSQL BCP.

AGENDA Tools used in SQL Server 2000 Graphical BOL Enterprise Manager Service Manager CLI Query Analyzer OSQL BCP.
1 Chapter Overview Transferring and Transforming Data Introducing Microsoft Data Transformation Services (DTS) Transferring and Transforming Data with.

1 Chapter Overview Transferring and Transforming Data Introducing Microsoft Data Transformation Services (DTS) Transferring and Transforming Data with.
1 www.EvDBT.com Tuning PL/SQL procedures using DBMS_PROFILER 20-August 2009 Tim Gorman Evergreen Database Technologies, Inc. Northern California Oracle.

1 Tuning PL/SQL procedures using DBMS_PROFILER 20-August 2009 Tim Gorman Evergreen Database Technologies, Inc. Northern California Oracle.
Project Implementation for COSC 5050 Distributed Database Applications Lab1.

Project Implementation for COSC 5050 Distributed Database Applications Lab1.
10 Copyright © 2005, Oracle. All rights reserved. Implementing Oracle Database Security.

10 Copyright © 2005, Oracle. All rights reserved. Implementing Oracle Database Security.
DB Audit Expert v1.1 for Oracle Copyright © 1999-2002 SoftTree Technologies, Inc. This presentation is for DB Audit Expert for Oracle version 1.1 which.

DB Audit Expert v1.1 for Oracle Copyright © SoftTree Technologies, Inc. This presentation is for DB Audit Expert for Oracle version 1.1 which.
Adapted from Afyouni, Database Security and Auditing DB Auditing Examples (Ch. 9) Dr. Mario Guimaraes.

Adapted from Afyouni, Database Security and Auditing DB Auditing Examples (Ch. 9) Dr. Mario Guimaraes.
Adapted from Afyouni, Database Security and Auditing Database Application Auditing – Ch. 8.

Adapted from Afyouni, Database Security and Auditing Database Application Auditing – Ch. 8.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
ORACLE Using ORACLE 8 SQL using ORACLE 8 PL/SQL using ORACLE 8.

ORACLE Using ORACLE 8 SQL using ORACLE 8 PL/SQL using ORACLE 8.
The powerhouse PL/SQL upgrade option: Edition-Based Redefinition (EBR)

The powerhouse PL/SQL upgrade option: Edition-Based Redefinition (EBR)

Similar presentations

Ads by Google