Presentation is loading. Please wait.

Presentation is loading. Please wait.

GOLD SILVER BRONZE. © CGI Group Inc. 2014 Oracle Auditing COUG Presentation – June 19, 2014 Ray Smith June 2014.

Published byNikolas Selley Modified over 9 years ago

Similar presentations

Presentation on theme: "GOLD SILVER BRONZE. © CGI Group Inc. 2014 Oracle Auditing COUG Presentation – June 19, 2014 Ray Smith June 2014."— Presentation transcript:

1 GOLD SILVER BRONZE

2 © CGI Group Inc. 2014 Oracle Auditing COUG Presentation – June 19, 2014 Ray Smith June 2014

3 Oracle Auditing 3 Objective : What is available to the DBA with regard to auditing How do you configure the various options What are the impacts of setting up the various options Caveats: Based on personal experience Tests are performed on Oracle Virtualbox (Linux) with RDBMS 12c Not real data in examples.

4 Oracle Auditing: Scope During this presentation I would like to cover Mandatory Auditing Standard Database Auditing Audit SYS operations Fine Grained Auditing And now in 12c….. The Unified Audit Trail Excludes : Oracle Database Vault Audit. 4

5 Oracle Auditing : Presentation References Oracle Database Security Guide (11G) – E36292-05 Oracle Database Security Guide (12C) – E17607-25 SQL Language Reference (12C) – E17209-15 5

6 Oracle Auditing – Mandatory Auditing What is always on: Database Startup / Shutdown Sysdba / Sysoper logons And now in 12c – (if unified auditing is switched on) : Auditing changes – changes made to auditing Create/Alter/Drop audit policies Audit/Noaudit actions Execution of FGA / DBMS_AUDIT_MGMT packages Alter table statements run on the AUDSYS table ‘Top level statements by the administrative users..until the database is opened’. Database vault changes 6

7 Oracle Auditing – Mandatory Auditing (12c) 7 Quick peek - Demo

8 Oracle Auditing – Standard Database Auditing Henceforth known as Traditional Auditing Oracle includes the Traditional Auditing for backwards compatibility Oracle Recommends you plan to move away from this type of auditing. Requires the database parameter set to something other than ‘none’ 12c – default setting none (in documentation) but it was set to DB when I installed using DBCA (custom installation). Options available : none | os | db [, extended] | xml [, extended] Turn on : AUDIT command Turn off : NOAUDIT command Data stored in SYS.AUD$ 8

9 Oracle Auditing – Standard Database Auditing 9

10 Audit examples Audit create session; -- will record all log on and log off actions Audit create session by rsmith; -- will record all rsmith’s log on/off Audit select on hr.employee by access; -- will capture who/what is querying the hr.employee table (every time) Audit select on hr.employee by session ; -- will capture who/what is querying the hr.employee table (grouped per session) 10

11 Oracle Auditing – Standard Database Auditing How to query what objects are being audited? DBA_OBJ_AUDIT_OPTS 11

12 Oracle Auditing – Standard Database Auditing How to query what statements are being audited? DBA_STMT_AUDIT_OPTS 12

13 Oracle Auditing – Standard Database Auditing How to query what privileges are being audited? DBA_PRIV_AUDIT_OPTS 13

14 Oracle Auditing – Standard Database Auditing What can be audited? STMT_AUDIT_OPTION_MAP 14

15 Oracle Auditing – Standard Database Auditing What can be audited? SYSTEM_PRIVILEGE_MAP 15

16 Oracle Auditing – Standard Database Auditing Views to query DBA_AUDIT_TRAIL - complete audit list DBA_AUDIT_STATEMENT – audit system changes DBA_AUDIT_SESSION - audit sessions DBA_AUDIT_OBJECT - audit objects V$XML_AUDIT_TRAIL – complete audit if XML is used DBA_AUDIT_EXISTS - audit failure 16

17 Oracle Auditing – Standard Database Auditing Demo – Traditional Auditing 17

18 Oracle Auditing – Standard Database Auditing Performance testing Database : 12c Test – 10,000 individual connections & queries 18 ActionAverage time noaudit9:31 Audit create session (DB)9:40 Audit create session (OS)10:06 Audi Select by Access (DB)9:40 Audit create session + Select by Access9:40

19 Oracle Auditing – Audit SYS operations Record operations performed by SYS / SYSOPER 19

20 Oracle Auditing – Audit SYS operations Auditing records created in the audit directory (OS) Contents : 20

21 Oracle Auditing - FGA Points to note Traditional auditing is object based. FGA auditing has a more granular approach Can be column specific Can be column value specific Can be time specific (disabled/enabled by trigger) Managed by policies which can be queried in DBA_AUDIT_POLICIES Data Stored in SYS.FGA_LOG$ View: DBA_FGA_AUDIT_TRAIL Configured using DBMS_FGA package 21

22 Oracle Auditing - FGA Interesting notes If you audit a table which is accessed via a view, then the OBJECT_NAME in the Audit Trail will be the table being audited, but the sql text will be the query against the view There’s a handler_module that can trigger events, for example – send alert to the DBA if a particular audited activity occurs. 22

23 Oracle Auditing - FGA DBA_AUDIT_POLICIES 23

24 Oracle Auditing - FGA Demo - FGA 24

25 Oracle Auditing – Unified Audit Trail (12c) Basic concept SYS.AUD$ (traditional) SYS.FGA_LOG$ (fga) V$XML_AUDIT_TRAIL (XML) OS FILES (SYS / MANDATORY) ORACLE VAULT AUDIT 25 SYS.UNIFIED_AUDIT_TRAIL

26 Oracle Auditing – Unified Audit Trail (12c) To setup you have to build the appropriate libraries (with all databases / listener in the $HOME shut down) cd $ORACLE_HOME/rdbms/lib make -f ins_rdbms.mk uniaud_on ioracle To turn off you have to rebuild with the option turned off cd $ORACLE_HOME/rdbms/lib make -f ins_rdbms.mk uniaud_off ioracle 26

27 Oracle Auditing – Unified Audit Trail (12c) Banner changed when enabled 27

28 Oracle Auditing – Unified Audit Trail (12c) Points to note Mixed modes are supported Policy managed by ‘Create Audit Policy’ commands Supposed to be faster than previous auditing because it utilizes SGA for auditing with periodic ‘flushes’. Data stored in Read-only area Managed by AUDSYS user, which cannot connect to oracle directly Two roles for auditing : Audit_Admin & Audit_viewer 28

29 Oracle Auditing – Unified Audit Trail (12c) Different write modes Immediate write mode Audit records are immediately written to disk May have a performance impact Queued write mode Audit written to SGA Flushed manually / automatically at intervals Possible risk of audit loss after crash 29

30 Oracle Auditing – Unified Audit Trail (12c) Switching write modes: 30

31 Oracle Auditing – Unified Audit Trail (12c) Flushing the audit trail: 31

32 Oracle Auditing – Unified Audit Trail (12c) Mandatory auditing on Create/Alter/Drop audit policies Audit/Noaudit actions Execution of FGA / DBMS_AUDIT_MGMT packages Alter table statements run on the AUDSYS table ‘Top level statements by the administrative users..until the database is opened’. Database vault changes 32

33 Oracle Auditing – Unified Audit Trail (12c) Demo 33

34 Oracle Auditing – Unified Audit Trail (12c) 34 Performance testing Database : 12c Test – 10,000 individual connections & queries ActionAverage time noaudit9:31 Audit create session (DB)9:40 Audit create session (OS)10:06 Audi Select by Access (DB)9:40 Audit create session + Select by Access9:40 Audit create session (UNIFIED) queue mode10:01

35 Oracle Auditing Thank you for listening 35

Download ppt "GOLD SILVER BRONZE. © CGI Group Inc. 2014 Oracle Auditing COUG Presentation – June 19, 2014 Ray Smith June 2014."

Similar presentations

2 Copyright © 2005, Oracle. All rights reserved. Installing the Oracle Database Software.

2 Copyright © 2005, Oracle. All rights reserved. Installing the Oracle Database Software.
4 Copyright © 2005, Oracle. All rights reserved. Managing the Oracle Instance.

4 Copyright © 2005, Oracle. All rights reserved. Managing the Oracle Instance.
Module 12: Auditing SQL Server Environments

Module 12: Auditing SQL Server Environments
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 8 Application Data Auditing.
Oracle audit and reporting in one hour or less. Prepared by: Leon Rzhemovskiy Database Architect UnikaSolution.com UGF9157.

Oracle audit and reporting in one hour or less. Prepared by: Leon Rzhemovskiy Database Architect UnikaSolution.com UGF9157.
1 Auditing the DBA: What non-technical managers and auditors should know. Presented By Cam Larner Cam Larner President President Absolute Technologies,

1 Auditing the DBA: What non-technical managers and auditors should know. Presented By Cam Larner Cam Larner President President Absolute Technologies,
Oracle Database Security

Oracle Database Security
Oracle 10g Database Administrator: Implementation and Administration

Oracle 10g Database Administrator: Implementation and Administration
Page Footer Keed Education Oracle Database Administration Basic Copyright 2009 Keed Education BV Version 0.0.1. Concept.

Page Footer Keed Education Oracle Database Administration Basic Copyright 2009 Keed Education BV Version Concept.
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
Chapter 9 Auditing Database Activities

Chapter 9 Auditing Database Activities
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
Backup The flip side of recovery. Types of Failures Transaction failure –Transaction must be aborted System failure –Hardware or software problem resulting.

Backup The flip side of recovery. Types of Failures Transaction failure –Transaction must be aborted System failure –Hardware or software problem resulting.
Harvard University Oracle Database Administration Session 2 System Level.

Harvard University Oracle Database Administration Session 2 System Level.
Managing an Oracle Instance

Managing an Oracle Instance
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models

Similar presentations

Ads by Google