SlideShare a Scribd company logo

Oracle audit and reporting in one hour or less

Download as PPTX, PDF
Leon Rzhemovskiy
Leon Rzhemovskiy

• Answer questions Who, What, Where and When about any database activity, by setting up an Oracle standard audit. The feature is free and available in every database edition. • Stay on top of any possible performance and storage issues by choosing appropriate audit parameters. • Build summary and detail reports to analyze audit events from multiple databases using APEX or SQL*PLUS. • Setup a data retention period and cleanup audit records regularly. • Create a honeypot to attract hacker’s attention. • Enable alerts and send email notifications using Oracle enterprise manager infrastructure

SoftwareTechnologyBusiness
1 of 19
REMINDER Check in on the COLLABORATE mobile app Oracle audit and reporting in one hour or less. Prepared by: Leon Rzhemovskiy Database Architect UnikaSolution.com Session 448 Security, Risk and Compliance
Learning Objectives ■ Answer questions Who, What , When and Where about any database activity by setting up an Oracle audit. The infrastructure is free and available in every database edition. ■ Stay on top of any possible performance and storage issues by choosing appropriate audit parameters. ■ Build summary and detail reports to analyze audit events from multiple databases using APEX or SQL*Plus. ■ Setup a data retention period and cleanup audit records regularly. ■ Create honeypot to attract hacker’s attention. ■ Enable alerts and send email notifications using Oracle Enterprise Manager infrastructure.
Monitoring Infrastructure
Enabling Auditing Database auditing is enabled and disabled by the AUDIT_TRAIL parameter in the database initialization parameter file. Unfortunately, audit_trail is not a dynamic parameter and as a result, requires a database reboot. To enable the audit, execute the following SQL commands as sysdba: ■ ALTER SYSTEM SET audit_trail=db_extended SCOPE=SPFILE; ■ SHUTDOWN immediate; ■ STARTUP; Verify the audit value by executing SELECT VALUE FROM V$PARAMETER WHERE NAME='audit_trail';
Auditing options Audit policy is controlled by setting up options based on the statement, privilege, object and network level. AUDIT and NOAUDIT statements are used to set up auditing settings. Following views could be used to display auditing settings: ■ DBA_PRIV_AUDIT_OPTS; ■ DBA_STMT_AUDIT_OPTS; ■ DBA_OBJ_AUDIT_OPTS; To remove all audit settings on the statement and privilege level execute ■ NOAUDIT ALL PRIVILEGES; ■ NOAUDIT ALL;
Auditing Options Setup The auditing event’s frequency impacts database performance and storage. The number of auditing options varies between database versions. You can setup auditing options by running oracle recommended RDBMS/admin/secconf.sql. In my opinion, it is more beneficial to start from auditing everything available and reduce/modify auditing options if needed. ■ AUDIT ALL PRIVILEGES WHENEVER SUCCESSFUL; ■ AUDIT ALL WHENEVER SUCCESSFUL; ■ NOAUDIT CREATE SESSION; ■ AUDIT CREATE SESSION WHENEVER NOT SUCCESSFUL; ■ NOAUDIT SELECT ANY TABLE; ■ NOAUDIT SELECT ANY SEQUENCE; ■ NOAUDIT INSERT ANY TABLE; ■ NOAUDIT DELETE ANY TABLE; ■ NOAUDIT UPDATE ANY TABLE; ■ NOAUDIT EXECUTE ANY PROCEDURE;
Audit Reporting Audit entries are stored in SYS.AUD$ table and usually are accessed using DBA_AUDIT_TRAIL view. For every entry, the user name, timestamp, connection origin, action performed and even SQL statement is recorded. You can use TOAD, SQLDeveloper to browse audit records. SQL*Plus could be used to generate html output. The following is a sample: SET MARKUP HTML ON spool summary.html SELECT TRUNC(TIMESTAMP) "Date" ,COUNT(1) "Count Audit Entries" FROM dba_audit_trail WHERE TIMESTAMP BETWEEN TRUNC(SYSDATE,'MON') AND SYSDATE GROUP BY TRUNC(TIMESTAMP) ORDER BY TRUNC(TIMESTAMP) DESC; exit;
Audit reporting using APEX demo
Audit reporting using APEX demo
Audit reporting using APEX demo
Audit reporting using APEX demo
Audit reporting using APEX demo
Audit reporting using APEX demo
Audit Cleanup The simplest (but not recommended by Oracle) option is TRUNCATE TABLE sys.aud$; If you are running 11g, then use the following solution: -- init cleanup BEGIN DBMS_AUDIT_MGMT.INIT_CLEANUP( AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, DEFAULT_CLEANUP_INTERVAL => 720 /*hours*/ ); END; / -- set timestamp to purge data 30+ days old BEGIN DBMS_AUDIT_MGMT.set_last_archive_timestamp( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, last_archive_time => SYSTIMESTAMP-30); END; / -- cleanup job. Should be scheduled to execute daily BEGIN DBMS_AUDIT_MGMT.clean_audit_trail( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, use_last_arch_timestamp => TRUE); END; /
Setup alerts and email notifications Login to Oracle Enterprise Manager Cloud Control 12c Navigate to Enterprise-> Monitoring -> Metric Extensions -> Action -> Create
Setup alerts and email notifications
Honeypot Setup Create a table with an intriguing name and then monitor any attempt to select data from this table. Setup the Metric Extension and email notifications in Enterprise Manager to react on unauthorized actions immediately. CREATE TABLE CUSTOMER_CREDIT_CARDS( Customer_no number(16), Credit_Card_No number(16), Credit_Card_Exp varchar2(4)); GRANT SELECT ON CUSTOMER_CREDIT_CARDS TO PUBLIC; CREATE PUBLIC SYNONYM CUSTOMER_CREDIT_CARDS FOR CUSTOMER_CREDIT_CARDS; AUDIT SELECT ON CUSTOMER_CREDIT_CARDS;
Conclusion There is no excuse to avoid setting up an Audit Trail. You will get an enormous value for expending very little effort. You can utilize APEX application or any SQL client to browse Oracle audit entries. You can react immediately on unauthorized activities by setting up Enterprise Manager metric extensions and email notifications. Please contact me if you need any assistance.
Please complete the session evaluation on the mobile app We appreciate your feedback and insight Session 448

Recommended

Oracle audit and reporting in one hour or less
Oracle audit and reporting in one hour or lessOracle audit and reporting in one hour or less
Oracle audit and reporting in one hour or lessLeon Rzhemovskiy
 
Less12 Proactive
Less12 ProactiveLess12 Proactive
Less12 Proactivevivaankumar
 
Less13 Performance
Less13 PerformanceLess13 Performance
Less13 Performancevivaankumar
 
Agile db testing_techniques
Agile db testing_techniquesAgile db testing_techniques
Agile db testing_techniquesTarik Essawi
 
Less11 Security
Less11 SecurityLess11 Security
Less11 Securityvivaankumar
 
MySql Triggers Tutorial - The Webs Academy
MySql Triggers Tutorial - The Webs AcademyMySql Triggers Tutorial - The Webs Academy
MySql Triggers Tutorial - The Webs Academythewebsacademy
 
Step by step how to install diagnostic agent
Step by step how to install diagnostic agentStep by step how to install diagnostic agent
Step by step how to install diagnostic agentGraciete Martins
 
Introduction to triggers
Introduction to triggersIntroduction to triggers
Introduction to triggersSyed Awais Mazhar Bukhari
 

Recommended

Oracle audit and reporting in one hour or less
Oracle audit and reporting in one hour or lessOracle audit and reporting in one hour or less
Oracle audit and reporting in one hour or lessLeon Rzhemovskiy
 
Less12 Proactive
Less12 ProactiveLess12 Proactive
Less12 Proactivevivaankumar
 
Less13 Performance
Less13 PerformanceLess13 Performance
Less13 Performancevivaankumar
 
Agile db testing_techniques
Agile db testing_techniquesAgile db testing_techniques
Agile db testing_techniquesTarik Essawi
 
Less11 Security
Less11 SecurityLess11 Security
Less11 Securityvivaankumar
 
MySql Triggers Tutorial - The Webs Academy
MySql Triggers Tutorial - The Webs AcademyMySql Triggers Tutorial - The Webs Academy
MySql Triggers Tutorial - The Webs Academythewebsacademy
 
Step by step how to install diagnostic agent
Step by step how to install diagnostic agentStep by step how to install diagnostic agent
Step by step how to install diagnostic agentGraciete Martins
 
Introduction to triggers
Introduction to triggersIntroduction to triggers
Introduction to triggersSyed Awais Mazhar Bukhari
 
Oracle apex hosting
Oracle apex hostingOracle apex hosting
Oracle apex hostingPranesh Cool Chokkalingam
 
Building a Flexible UI with Oracle ApEx
Building a Flexible UI with Oracle ApExBuilding a Flexible UI with Oracle ApEx
Building a Flexible UI with Oracle ApExBradley Brown
 
Mastering the Oracle Data Pump API
Mastering the Oracle Data Pump APIMastering the Oracle Data Pump API
Mastering the Oracle Data Pump APIEnkitec
 
Creating Single Page Applications with Oracle Apex
Creating Single Page Applications with Oracle ApexCreating Single Page Applications with Oracle Apex
Creating Single Page Applications with Oracle ApexDick Dral
 
LOBS, BLOBS, CLOBS: Dealing with Attachments in APEX
LOBS, BLOBS, CLOBS: Dealing with Attachments in APEXLOBS, BLOBS, CLOBS: Dealing with Attachments in APEX
LOBS, BLOBS, CLOBS: Dealing with Attachments in APEXEnkitec
 
Oracle APEX or ADF? From Requirements to Tool Choice
Oracle APEX or ADF? From Requirements to Tool ChoiceOracle APEX or ADF? From Requirements to Tool Choice
Oracle APEX or ADF? From Requirements to Tool ChoiceSten Vesterli
 
NoCOUG_201411_Patel_Managing_a_Large_OLTP_Database
NoCOUG_201411_Patel_Managing_a_Large_OLTP_DatabaseNoCOUG_201411_Patel_Managing_a_Large_OLTP_Database
NoCOUG_201411_Patel_Managing_a_Large_OLTP_DatabaseParesh Patel
 
LVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11gLVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11gMaris Elsins
 
Sherlock holmes for dba’s
Sherlock holmes for dba’sSherlock holmes for dba’s
Sherlock holmes for dba’sKellyn Pot'Vin-Gorman
 
Sql and PL/SQL Best Practices I
Sql and PL/SQL Best Practices ISql and PL/SQL Best Practices I
Sql and PL/SQL Best Practices ICarlos Oliveira
 
OER UNIT 5 Audit
OER UNIT 5 AuditOER UNIT 5 Audit
OER UNIT 5 AuditGirija Muscut
 
Oracle SQL Tuning
Oracle SQL TuningOracle SQL Tuning
Oracle SQL TuningAlex Zaballa
 
DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2Alex Zaballa
 
DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2Alex Zaballa
 
Tony Jambu (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu (obscure) tools of the trade for tuning oracle sq lsTony Jambu (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu (obscure) tools of the trade for tuning oracle sq lsInSync Conference
 
Tony jambu (obscure) tools of the trade for tuning oracle sq ls
Tony jambu (obscure) tools of the trade for tuning oracle sq lsTony jambu (obscure) tools of the trade for tuning oracle sq ls
Tony jambu (obscure) tools of the trade for tuning oracle sq lsInSync Conference
 
2008 Collaborate IOUG Presentation
2008 Collaborate IOUG Presentation2008 Collaborate IOUG Presentation
2008 Collaborate IOUG PresentationBiju Thomas
 
Aspects of 10 Tuning
Aspects of 10 TuningAspects of 10 Tuning
Aspects of 10 TuningSage Computing Services
 
22-4_PerformanceTuningUsingtheAdvisorFramework.pdf
22-4_PerformanceTuningUsingtheAdvisorFramework.pdf22-4_PerformanceTuningUsingtheAdvisorFramework.pdf
22-4_PerformanceTuningUsingtheAdvisorFramework.pdfyishengxi
 
Free oracle performance tools
Free oracle performance toolsFree oracle performance tools
Free oracle performance toolsRogerio Bacchi Eguchi
 
DB2 LUW Auditing
DB2 LUW AuditingDB2 LUW Auditing
DB2 LUW AuditingDB2Locksmith
 
Advanced Postgres Monitoring
Advanced Postgres MonitoringAdvanced Postgres Monitoring
Advanced Postgres MonitoringDenish Patel
 

More Related Content

Viewers also liked

Building a Flexible UI with Oracle ApEx
Building a Flexible UI with Oracle ApExBuilding a Flexible UI with Oracle ApEx
Building a Flexible UI with Oracle ApExBradley Brown
 
Mastering the Oracle Data Pump API
Mastering the Oracle Data Pump APIMastering the Oracle Data Pump API
Mastering the Oracle Data Pump APIEnkitec
 
Creating Single Page Applications with Oracle Apex
Creating Single Page Applications with Oracle ApexCreating Single Page Applications with Oracle Apex
Creating Single Page Applications with Oracle ApexDick Dral
 
LOBS, BLOBS, CLOBS: Dealing with Attachments in APEX
LOBS, BLOBS, CLOBS: Dealing with Attachments in APEXLOBS, BLOBS, CLOBS: Dealing with Attachments in APEX
LOBS, BLOBS, CLOBS: Dealing with Attachments in APEXEnkitec
 
Oracle APEX or ADF? From Requirements to Tool Choice
Oracle APEX or ADF? From Requirements to Tool ChoiceOracle APEX or ADF? From Requirements to Tool Choice
Oracle APEX or ADF? From Requirements to Tool ChoiceSten Vesterli
 

Viewers also liked (6)

Oracle apex hosting
Oracle apex hostingOracle apex hosting
Oracle apex hosting
 
Building a Flexible UI with Oracle ApEx
Building a Flexible UI with Oracle ApExBuilding a Flexible UI with Oracle ApEx
Building a Flexible UI with Oracle ApEx
 
Mastering the Oracle Data Pump API
Mastering the Oracle Data Pump APIMastering the Oracle Data Pump API
Mastering the Oracle Data Pump API
 
Creating Single Page Applications with Oracle Apex
Creating Single Page Applications with Oracle ApexCreating Single Page Applications with Oracle Apex
Creating Single Page Applications with Oracle Apex
 
LOBS, BLOBS, CLOBS: Dealing with Attachments in APEX
LOBS, BLOBS, CLOBS: Dealing with Attachments in APEXLOBS, BLOBS, CLOBS: Dealing with Attachments in APEX
LOBS, BLOBS, CLOBS: Dealing with Attachments in APEX
 
Oracle APEX or ADF? From Requirements to Tool Choice
Oracle APEX or ADF? From Requirements to Tool ChoiceOracle APEX or ADF? From Requirements to Tool Choice
Oracle APEX or ADF? From Requirements to Tool Choice
 

Similar to Oracle audit and reporting in one hour or less

NoCOUG_201411_Patel_Managing_a_Large_OLTP_Database
NoCOUG_201411_Patel_Managing_a_Large_OLTP_DatabaseNoCOUG_201411_Patel_Managing_a_Large_OLTP_Database
NoCOUG_201411_Patel_Managing_a_Large_OLTP_DatabaseParesh Patel
 
LVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11gLVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11gMaris Elsins
 
Sql and PL/SQL Best Practices I
Sql and PL/SQL Best Practices ISql and PL/SQL Best Practices I
Sql and PL/SQL Best Practices ICarlos Oliveira
 
DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2Alex Zaballa
 
DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2Alex Zaballa
 
Tony Jambu (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu (obscure) tools of the trade for tuning oracle sq lsTony Jambu (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu (obscure) tools of the trade for tuning oracle sq lsInSync Conference
 
Tony jambu (obscure) tools of the trade for tuning oracle sq ls
Tony jambu (obscure) tools of the trade for tuning oracle sq lsTony jambu (obscure) tools of the trade for tuning oracle sq ls
Tony jambu (obscure) tools of the trade for tuning oracle sq lsInSync Conference
 
2008 Collaborate IOUG Presentation
2008 Collaborate IOUG Presentation2008 Collaborate IOUG Presentation
2008 Collaborate IOUG PresentationBiju Thomas
 
22-4_PerformanceTuningUsingtheAdvisorFramework.pdf
22-4_PerformanceTuningUsingtheAdvisorFramework.pdf22-4_PerformanceTuningUsingtheAdvisorFramework.pdf
22-4_PerformanceTuningUsingtheAdvisorFramework.pdfyishengxi
 
Advanced Postgres Monitoring
Advanced Postgres MonitoringAdvanced Postgres Monitoring
Advanced Postgres MonitoringDenish Patel
 
Performance Stability, Tips and Tricks and Underscores
Performance Stability, Tips and Tricks and UnderscoresPerformance Stability, Tips and Tricks and Underscores
Performance Stability, Tips and Tricks and UnderscoresJitendra Singh
 
Oracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsOracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsGokhan Atil
 
SQL Server Performance Tuning with DMVs
SQL Server Performance Tuning with DMVsSQL Server Performance Tuning with DMVs
SQL Server Performance Tuning with DMVsFranklin Yamamoto
 
Oracle database 12.2 new features
Oracle database 12.2 new featuresOracle database 12.2 new features
Oracle database 12.2 new featuresAlfredo Krieg
 

Similar to Oracle audit and reporting in one hour or less (20)

NoCOUG_201411_Patel_Managing_a_Large_OLTP_Database
NoCOUG_201411_Patel_Managing_a_Large_OLTP_DatabaseNoCOUG_201411_Patel_Managing_a_Large_OLTP_Database
NoCOUG_201411_Patel_Managing_a_Large_OLTP_Database
 
LVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11gLVOUG meetup #4 - Case Study 10g to 11g
LVOUG meetup #4 - Case Study 10g to 11g
 
Sherlock holmes for dba’s
Sherlock holmes for dba’sSherlock holmes for dba’s
Sherlock holmes for dba’s
 
Sql and PL/SQL Best Practices I
Sql and PL/SQL Best Practices ISql and PL/SQL Best Practices I
Sql and PL/SQL Best Practices I
 
OER UNIT 5 Audit
OER UNIT 5 AuditOER UNIT 5 Audit
OER UNIT 5 Audit
 
Oracle SQL Tuning
Oracle SQL TuningOracle SQL Tuning
Oracle SQL Tuning
 
DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2
 
DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2DBA Commands and Concepts That Every Developer Should Know - Part 2
DBA Commands and Concepts That Every Developer Should Know - Part 2
 
Tony Jambu (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu (obscure) tools of the trade for tuning oracle sq lsTony Jambu (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu (obscure) tools of the trade for tuning oracle sq ls
 
Tony jambu (obscure) tools of the trade for tuning oracle sq ls
Tony jambu (obscure) tools of the trade for tuning oracle sq lsTony jambu (obscure) tools of the trade for tuning oracle sq ls
Tony jambu (obscure) tools of the trade for tuning oracle sq ls
 
2008 Collaborate IOUG Presentation
2008 Collaborate IOUG Presentation2008 Collaborate IOUG Presentation
2008 Collaborate IOUG Presentation
 
Aspects of 10 Tuning
Aspects of 10 TuningAspects of 10 Tuning
Aspects of 10 Tuning
 
22-4_PerformanceTuningUsingtheAdvisorFramework.pdf
22-4_PerformanceTuningUsingtheAdvisorFramework.pdf22-4_PerformanceTuningUsingtheAdvisorFramework.pdf
22-4_PerformanceTuningUsingtheAdvisorFramework.pdf
 
Free oracle performance tools
Free oracle performance toolsFree oracle performance tools
Free oracle performance tools
 
DB2 LUW Auditing
DB2 LUW AuditingDB2 LUW Auditing
DB2 LUW Auditing
 
Advanced Postgres Monitoring
Advanced Postgres MonitoringAdvanced Postgres Monitoring
Advanced Postgres Monitoring
 
Performance Stability, Tips and Tricks and Underscores
Performance Stability, Tips and Tricks and UnderscoresPerformance Stability, Tips and Tricks and Underscores
Performance Stability, Tips and Tricks and Underscores
 
Oracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsOracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAs
 
SQL Server Performance Tuning with DMVs
SQL Server Performance Tuning with DMVsSQL Server Performance Tuning with DMVs
SQL Server Performance Tuning with DMVs
 
Oracle database 12.2 new features
Oracle database 12.2 new featuresOracle database 12.2 new features
Oracle database 12.2 new features
 

Recently uploaded

What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....kzayra69
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfIdiosysTechnologies1
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfLivetecs LLC
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 

Recently uploaded (20)

What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....What are the key points to focus on before starting to learn ETL Development....
What are the key points to focus on before starting to learn ETL Development....
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdf
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Advantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your BusinessAdvantages of Odoo ERP 17 for Your Business
Advantages of Odoo ERP 17 for Your Business
 
How to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdfHow to Track Employee Performance A Comprehensive Guide.pdf
How to Track Employee Performance A Comprehensive Guide.pdf
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 

Oracle audit and reporting in one hour or less

  • 1. REMINDER Check in on the COLLABORATE mobile app Oracle audit and reporting in one hour or less. Prepared by: Leon Rzhemovskiy Database Architect UnikaSolution.com Session 448 Security, Risk and Compliance
  • 2. Learning Objectives ■ Answer questions Who, What , When and Where about any database activity by setting up an Oracle audit. The infrastructure is free and available in every database edition. ■ Stay on top of any possible performance and storage issues by choosing appropriate audit parameters. ■ Build summary and detail reports to analyze audit events from multiple databases using APEX or SQL*Plus. ■ Setup a data retention period and cleanup audit records regularly. ■ Create honeypot to attract hacker’s attention. ■ Enable alerts and send email notifications using Oracle Enterprise Manager infrastructure.
  • 4. Enabling Auditing Database auditing is enabled and disabled by the AUDIT_TRAIL parameter in the database initialization parameter file. Unfortunately, audit_trail is not a dynamic parameter and as a result, requires a database reboot. To enable the audit, execute the following SQL commands as sysdba: ■ ALTER SYSTEM SET audit_trail=db_extended SCOPE=SPFILE; ■ SHUTDOWN immediate; ■ STARTUP; Verify the audit value by executing SELECT VALUE FROM V$PARAMETER WHERE NAME='audit_trail';
  • 5. Auditing options Audit policy is controlled by setting up options based on the statement, privilege, object and network level. AUDIT and NOAUDIT statements are used to set up auditing settings. Following views could be used to display auditing settings: ■ DBA_PRIV_AUDIT_OPTS; ■ DBA_STMT_AUDIT_OPTS; ■ DBA_OBJ_AUDIT_OPTS; To remove all audit settings on the statement and privilege level execute ■ NOAUDIT ALL PRIVILEGES; ■ NOAUDIT ALL;
  • 6. Auditing Options Setup The auditing event’s frequency impacts database performance and storage. The number of auditing options varies between database versions. You can setup auditing options by running oracle recommended RDBMS/admin/secconf.sql. In my opinion, it is more beneficial to start from auditing everything available and reduce/modify auditing options if needed. ■ AUDIT ALL PRIVILEGES WHENEVER SUCCESSFUL; ■ AUDIT ALL WHENEVER SUCCESSFUL; ■ NOAUDIT CREATE SESSION; ■ AUDIT CREATE SESSION WHENEVER NOT SUCCESSFUL; ■ NOAUDIT SELECT ANY TABLE; ■ NOAUDIT SELECT ANY SEQUENCE; ■ NOAUDIT INSERT ANY TABLE; ■ NOAUDIT DELETE ANY TABLE; ■ NOAUDIT UPDATE ANY TABLE; ■ NOAUDIT EXECUTE ANY PROCEDURE;
  • 7. Audit Reporting Audit entries are stored in SYS.AUD$ table and usually are accessed using DBA_AUDIT_TRAIL view. For every entry, the user name, timestamp, connection origin, action performed and even SQL statement is recorded. You can use TOAD, SQLDeveloper to browse audit records. SQL*Plus could be used to generate html output. The following is a sample: SET MARKUP HTML ON spool summary.html SELECT TRUNC(TIMESTAMP) "Date" ,COUNT(1) "Count Audit Entries" FROM dba_audit_trail WHERE TIMESTAMP BETWEEN TRUNC(SYSDATE,'MON') AND SYSDATE GROUP BY TRUNC(TIMESTAMP) ORDER BY TRUNC(TIMESTAMP) DESC; exit;
  • 14. Audit Cleanup The simplest (but not recommended by Oracle) option is TRUNCATE TABLE sys.aud$; If you are running 11g, then use the following solution: -- init cleanup BEGIN DBMS_AUDIT_MGMT.INIT_CLEANUP( AUDIT_TRAIL_TYPE => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, DEFAULT_CLEANUP_INTERVAL => 720 /*hours*/ ); END; / -- set timestamp to purge data 30+ days old BEGIN DBMS_AUDIT_MGMT.set_last_archive_timestamp( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, last_archive_time => SYSTIMESTAMP-30); END; / -- cleanup job. Should be scheduled to execute daily BEGIN DBMS_AUDIT_MGMT.clean_audit_trail( audit_trail_type => DBMS_AUDIT_MGMT.AUDIT_TRAIL_AUD_STD, use_last_arch_timestamp => TRUE); END; /
  • 15. Setup alerts and email notifications Login to Oracle Enterprise Manager Cloud Control 12c Navigate to Enterprise-> Monitoring -> Metric Extensions -> Action -> Create
  • 16. Setup alerts and email notifications
  • 17. Honeypot Setup Create a table with an intriguing name and then monitor any attempt to select data from this table. Setup the Metric Extension and email notifications in Enterprise Manager to react on unauthorized actions immediately. CREATE TABLE CUSTOMER_CREDIT_CARDS( Customer_no number(16), Credit_Card_No number(16), Credit_Card_Exp varchar2(4)); GRANT SELECT ON CUSTOMER_CREDIT_CARDS TO PUBLIC; CREATE PUBLIC SYNONYM CUSTOMER_CREDIT_CARDS FOR CUSTOMER_CREDIT_CARDS; AUDIT SELECT ON CUSTOMER_CREDIT_CARDS;
  • 18. Conclusion There is no excuse to avoid setting up an Audit Trail. You will get an enormous value for expending very little effort. You can utilize APEX application or any SQL client to browse Oracle audit entries. You can react immediately on unauthorized activities by setting up Enterprise Manager metric extensions and email notifications. Please contact me if you need any assistance.
  • 19. Please complete the session evaluation on the mobile app We appreciate your feedback and insight Session 448