||Oracle Tips by Burleson
Chapter 8 General Oracle Auditing
location in UNIX is the filesystem specified by
the initialization parameter audit_file_dest,
which defaults to $ORACLE_HOME/rdbms/audit.
Since the SYS user is audited and the audit
record goes into a filesystem area, not the database object like a
table, the security is more pronounced. If this filesystem area is
somehow protected so that the regular DBA user does not have read or
write access to it, only the auditors or other security personnel
have access. The information can be considered more secure than the
regular database auditing, which can be tampered with by anyone with
a DBA role. In Windows NT, the event log is generally not available
to the regular user and therefore the trail is protected.
Since auditing SYS user actions must be
accounted for, it is recommended that this auditing be enabled. The
logs (in UNIX) and Event Log (in Windows) should be periodically
archived to an offline medium and purged from the system.
We have covered some data dictionary tables in
line with the descriptions above. Some additional important tables
have been described here.
– This table
contains the auditable action and its associated numeric code. This
numeric Action# is referenced in the aud$ table. Table 8.4 has a
listing of all auditable actions.
The above text is
an excerpt from:
Oracle Privacy Security Auditing
Final Word on Oracle Security
This is the only authoritative
book on Oracle Security, Oracle Privacy, and Oracle Auditing written
by two of the world’s leading Oracle Security experts.
This indispensable book is only
and has an
immediate download of working security scripts: