I'm after the audits as a point of tracking my DDL/DCL as SYSDBA more than for intrusion detection. As you've eluded to, the truly paranoid would add more layers of protection and monitoring via triggers, audit opts, DBMS_JOB/cron jobs, etc. to provide increased accountability and tracking. Since I only have time to be somewhat paranoid, I've only implemented a few of these. :)
And Oracle Support asked me why I would want to audit SYS. ;) Rich Jesse System/Database Administrator [EMAIL PROTECTED] Quad/Tech International, Sussex, WI USA > -----Original Message----- > From: DENNIS WILLIAMS [mailto:[EMAIL PROTECTED]] > Sent: Monday, June 10, 2002 5:34 PM > To: Multiple recipients of list ORACLE-L > Subject: RE: grant access to another user's objects? > > > Jesse - Does the DBA have access to the audit tables? If so, just edit > yourself back out. I was reading a book about someone that tracks down > hackers on the Internet. One of his security methods is to > copy the system > logs over to another system every few minutes. He checks to > see if the log > ever gets smaller, which would mean that a hacker erased > his/her tracks. > Dennis Williams > DBA 20% OCP > Lifetouch, Inc. > [EMAIL PROTECTED] -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Jesse, Rich INET: [EMAIL PROTECTED] Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051 San Diego, California -- Public Internet access / Mailing Lists -------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
