Oracle Database Administration/Database Security
Jump to navigation
Jump to search
This lesson introduces Oracle database security.
Objectives and Skills[edit | edit source]
Objectives and skills for the database security portion of Oracle Database Administration I certification include:[1]
- Implementing Oracle Database Security
- Database Security and Principle of Least Privilege
- Work with Standard Database Auditing
Readings[edit | edit source]
Multimedia[edit | edit source]
Activities[edit | edit source]
Privileges[edit | edit source]
- Review Oracle: Managing Compliance.
- Use the following query to identify UTL packages that PUBLIC has EXECUTE privileges for:
SELECT DISTINCT TABLE_NAME FROM DBA_TAB_PRIVSWHERE GRANTEE = 'PUBLIC' AND TABLE_NAME LIKE 'UTL_%' AND PRIVILEGE = 'EXECUTE'ORDER BY TABLE_NAME; - Consider revoking EXECUTE access from PUBLIC for all UTL packages, but at a minimum restrict the following:
REVOKE EXECUTE ON DBMS_JOB FROM PUBLIC;REVOKE EXECUTE ON DBMS_LOB FROM PUBLIC;REVOKE EXECUTE ON UTL_FILE FROM PUBLIC;REVOKE EXECUTE ON UTL_HTTP FROM PUBLIC;REVOKE EXECUTE ON UTL_SMTP FROM PUBLIC;REVOKE EXECUTE ON UTL_TCP FROM PUBLIC;
Auditing[edit | edit source]
- Review Oracle: Audit Trail.
- Enable auditing.
- Use the following queries to enable auditing:
ALTER SYSTEM SET AUDIT_TRAIL = DB_EXTENDED SCOPE = SPFILE; - Stop and restart the database so that the changes take effect using the following queries:
shutdown transactionalstartup - Audit database connections using the following queries:
AUDIT SESSION WHENEVER SUCCESSFUL;AUDIT SESSION WHENEVER NOT SUCCESSFUL;
- Use the following queries to enable auditing:
- Examine the audit log.
- View the audit log using the following query:
SELECT * FROM DBA_AUDIT_TRAIL;
- View the audit log using the following query:
See Also[edit | edit source]
- Oracle: Administering User Accounts and Security
- Oracle: Keeping Your Oracle Database Secure
- isaca.org: Oracle Database Security Checklist
References[edit | edit source]