Oracle Database Administration/Database Security
Appearance
This lesson introduces Oracle database security.
Objectives and Skills
[edit | edit source]Objectives and skills for the database security portion of Oracle Database Administration I certification include:[1]
- Implementing Oracle Database Security
- Database Security and Principle of Least Privilege
- Work with Standard Database Auditing
Readings
[edit | edit source]Multimedia
[edit | edit source]Activities
[edit | edit source]Privileges
[edit | edit source]- Review Oracle: Managing Compliance.
- Use the following query to identify UTL packages that PUBLIC has EXECUTE privileges for:
SELECT DISTINCT TABLE_NAME FROM DBA_TAB_PRIVS
WHERE GRANTEE = 'PUBLIC' AND TABLE_NAME LIKE 'UTL_%' AND PRIVILEGE = 'EXECUTE'
ORDER BY TABLE_NAME;
- Consider revoking EXECUTE access from PUBLIC for all UTL packages, but at a minimum restrict the following:
REVOKE EXECUTE ON DBMS_JOB FROM PUBLIC;
REVOKE EXECUTE ON DBMS_LOB FROM PUBLIC;
REVOKE EXECUTE ON UTL_FILE FROM PUBLIC;
REVOKE EXECUTE ON UTL_HTTP FROM PUBLIC;
REVOKE EXECUTE ON UTL_SMTP FROM PUBLIC;
REVOKE EXECUTE ON UTL_TCP FROM PUBLIC;
Auditing
[edit | edit source]- Review Oracle: Audit Trail.
- Enable auditing.
- Use the following queries to enable auditing:
ALTER SYSTEM SET AUDIT_TRAIL = DB_EXTENDED SCOPE = SPFILE;
- Stop and restart the database so that the changes take effect using the following queries:
shutdown transactional
startup
- Audit database connections using the following queries:
AUDIT SESSION WHENEVER SUCCESSFUL;
AUDIT SESSION WHENEVER NOT SUCCESSFUL;
- Use the following queries to enable auditing:
- Examine the audit log.
- View the audit log using the following query:
SELECT * FROM DBA_AUDIT_TRAIL;
- View the audit log using the following query:
See Also
[edit | edit source]- Oracle: Administering User Accounts and Security
- Oracle: Keeping Your Oracle Database Secure
- isaca.org: Oracle Database Security Checklist
References
[edit | edit source]