Q
Problem solve Get help with specific problems with your technologies, process and projects.

Protecting *.aud files from SysAdmin

If the audit_trail init.ora parameter is set to TRUE, Oracle will create a file *.aud in the audit_file_destination directory every time a sysadmin uses the internal command. Sysadmin has write privileges on this file and can update or delete this file. How can I make this file safe against sysadmin?

If the audit_trail init.ora parameter is set to TRUE, Oracle will create a file *.aud in the audit_file_destination directory every time a sysadmin uses the internal command. Sysadmin has write privileges on this file and can update or delete this file. How can I make this file safe against sysadmin?

Since at least Oracle 8i, Oracle will automatically create a *.aud file in the default audit destination whether you have AUDIT_TRAIL=TRUE or not. Setting AUDIT_TRAIL=FALSE will not change this behavior.

Your SysAdmin has root access to the server. As such, you cannot stop them from making changes to the *.aud files. This is where you have to trust that SysAdmin will not abuse their root privileges. In the companies I have worked for, such abuse by anyone with root is grounds for dismissal. And I can think of many other ways the SysAdmin can hurt the database and the server that are worse than modifying the *.aud files.

This was last published in June 2006

Dig Deeper on Oracle database design and architecture

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchDataManagement

SearchBusinessAnalytics

SearchSAP

SearchSQLServer

TheServerSide.com

SearchDataCenter

SearchContentManagement

SearchHRSoftware

Close