If the dba is worth their paycheck, there isn't much you can install without
them finding it.
"Do not criticize someone until you walked a mile in their shoes, that way
when you criticize them, you are a mile a way and have their shoes."
Christopher R. Spence
Oracle DBA
Phone: (978) 322-5744
Fax: (707) 885-2275
Fuelspot
73 Princeton Street
North, Chelmsford 01863
-----Original Message-----
Sent: Thursday, August 23, 2001 3:44 PM
To: Multiple recipients of list ORACLE-L
If it's really that bad, then we are talking about setting something up that
the DBA wouldn't know about!
I do not know if the logminer could help here!
Regards,
Waleed
-----Original Message-----
Sent: Thursday, August 23, 2001 1:36 PM
To: Multiple recipients of list ORACLE-L
Waleed,
Regrettably in our 'legalistic' world this is not possible if all you
have is a suspicion, you need facts to back them up. And getting facts in
this case can be very difficult at best. What could be a solution in this
case is that someone has a suspicion that this person is modifying data
inside these sensitive tables during some time frame. Well it may be wise
to send them off for a week to a training class where they would be isolated
from the database in question. If the alteration of data records ceases
then there is probable cause for a more direct line of questioning, etc...
If not you may be suspecting someone who is really a front for an other
person who has acquired that DBA's password. My first line would be to have
all of the DBA's change their passwords as well as the passwords for sys and
system.
I wonder, if I tried to connect to that database as
sys/change_on_install or system/manager, would I succeed??
Dick Goulet
____________________Reply Separator____________________
Author: "Khedr; Waleed" <[EMAIL PROTECTED]>
Date: 8/23/2001 9:11 AM
If you don't trust the DBA then fire him!
DBA has access to do everything including the audit records which he/she can
modify easily!
Waleed
-----Original Message-----
Sent: Thursday, August 23, 2001 12:52 PM
To: Multiple recipients of list ORACLE-L
you'd better audit changes to the trigger, and then changes to SYS.AUD$
otherwise the DBA could disable the trigger, make the changes and re-enable
it
>From: Dave Leach <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: How do you audit a DBA?
>Date: Thu, 23 Aug 2001 07:56:29 -0800
>
>Anyone who can help,
>
>I've been asked if Oracle can somehow audit the DBA ie. Raise an alert
>if the DBA were to execute DML statements against sensitive tables,
>this assumes the DBA has the SYS password. I thought this was a pretty
>reasonable question but couldn't think of an answer. My trail of
>though was maybe an email alert to a designated member of staff sent
>via a trigger on the table.
>
>Any comments would be very appreciated.
>
>Dave Leach
>
>
>
>
>**********************************************************************
>The above information is confidential to the addressee and may be
>privileged. Unauthorised access and use is prohibited.
>
>Internet communications are not secure and therefore this Company does
>not accept legal responsibility for the contents of this message.
>
>If you are not the intended recipient, any disclosure, copying,
>distribution or any action taken or omitted to be taken in reliance on
>it, is prohibited and may be unlawful.
>
>Claybrook Computing Limited is a subsidiary of
>Claybrook Computing (Holdings) Limited
>Registered Office: Abbey House. 282 Farnborough Road, Farnborough,
>Hampshire GU14 7NJ Registered in England and Wales No 1287205
>
>A Hogg Robinson plc company
>**********************************************************************
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author: Dave Leach
> INET: [EMAIL PROTECTED]
>
>Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
>San Diego, California -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the
>message BODY, include a line containing: UNSUB ORACLE-L (or the name of
>mailing list you want to be removed from). You may also send the HELP
>command for other information (like subscribing).
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Rachel Carmichael
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the
message BODY, include a line containing: UNSUB ORACLE-L (or the name of
mailing list you want to be removed from). You may also send the HELP
command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Khedr, Waleed
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the
message BODY, include a line containing: UNSUB ORACLE-L (or the name of
mailing list you want to be removed from). You may also send the HELP
command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the
message BODY, include a line containing: UNSUB ORACLE-L (or the name of
mailing list you want to be removed from). You may also send the HELP
command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Khedr, Waleed
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the
message BODY, include a line containing: UNSUB ORACLE-L (or the name of
mailing list you want to be removed from). You may also send the HELP
command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Christopher Spence
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
