Ask the Expert

Protecting *.aud files from SysAdmin

If the audit_trail init.ora parameter is set to TRUE, Oracle will create a file *.aud in the audit_file_destination directory every time a sysadmin uses the internal command. Sysadmin has write privileges on this file and can update or delete this file. How can I make this file safe against sysadmin?

    Requires Free Membership to View

Since at least Oracle 8i, Oracle will automatically create a *.aud file in the default audit destination whether you have AUDIT_TRAIL=TRUE or not. Setting AUDIT_TRAIL=FALSE will not change this behavior.

Your SysAdmin has root access to the server. As such, you cannot stop them from making changes to the *.aud files. This is where you have to trust that SysAdmin will not abuse their root privileges. In the companies I have worked for, such abuse by anyone with root is grounds for dismissal. And I can think of many other ways the SysAdmin can hurt the database and the server that are worse than modifying the *.aud files.

This was first published in June 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: