Q

Protecting *.aud files from SysAdmin

If the audit_trail init.ora parameter is set to TRUE, Oracle will create a file *.aud in the audit_file_destination directory every time a sysadmin uses the internal command. Sysadmin has write privileges on this file and can update or delete this file. How can I make this file safe against sysadmin?

If the audit_trail init.ora parameter is set to TRUE, Oracle will create a file *.aud in the audit_file_destination directory every time a sysadmin uses the internal command. Sysadmin has write privileges on this file and can update or delete this file. How can I make this file safe against sysadmin?

Since at least Oracle 8i, Oracle will automatically create a *.aud file in the default audit destination whether you have AUDIT_TRAIL=TRUE or not. Setting AUDIT_TRAIL=FALSE will not change this behavior.

Your SysAdmin has root access to the server. As such, you cannot stop them from making changes to the *.aud files. This is where you have to trust that SysAdmin will not abuse their root privileges. In the companies I have worked for, such abuse by anyone with root is grounds for dismissal. And I can think of many other ways the SysAdmin can hurt the database and the server that are worse than modifying the *.aud files.

This was first published in June 2006

Dig deeper on Oracle database design and architecture

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchDataManagement

SearchBusinessAnalytics

SearchSAP

SearchSQLServer

TheServerSide

SearchDataCenter

SearchContentManagement

SearchFinancialApplications

Close