Q

Protecting *.aud files from SysAdmin

If the audit_trail init.ora parameter is set to TRUE, Oracle will create a file *.aud in the audit_file_destination directory every time a sysadmin uses the internal command. Sysadmin has write privileges on this file and can update or delete this file. How can I make this file safe against sysadmin?

If the audit_trail init.ora parameter is set to TRUE, Oracle will create a file *.aud in the audit_file_destination directory every time a sysadmin uses the internal command. Sysadmin has write privileges on this file and can update or delete this file. How can I make this file safe against sysadmin?

Since at least Oracle 8i, Oracle will automatically create a *.aud file in the default audit destination whether...

you have AUDIT_TRAIL=TRUE or not. Setting AUDIT_TRAIL=FALSE will not change this behavior.

Your SysAdmin has root access to the server. As such, you cannot stop them from making changes to the *.aud files. This is where you have to trust that SysAdmin will not abuse their root privileges. In the companies I have worked for, such abuse by anyone with root is grounds for dismissal. And I can think of many other ways the SysAdmin can hurt the database and the server that are worse than modifying the *.aud files.

This was last published in June 2006

Dig Deeper on Oracle database design and architecture

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchDataManagement

SearchBusinessAnalytics

SearchSAP

SearchSQLServer

TheServerSide

SearchDataCenter

SearchContentManagement

SearchFinancialApplications

Close