few minutes. Sorry for the inconvenience.
- Original Message --
T o : O R A C L E - L @ f a t c i t y . c o m
D a t e : Fri, 7 Sep 2001 17:21:28 -0700
S u b j e c t : RE: How do you audit a DBA?
C C : c a r m i c h r @ h o t m a i l . c o m
R-
This was probably already
From: Christopher Spence [SMTP:[EMAIL PROTECTED]]
Sent: Friday, September 07, 2001 12:37 PM
To: Multiple recipients of list ORACLE-L
Subject:RE: How do you audit a DBA?
I think the president should be the only one in charge, he just
tells the
>Does the manager three levels above you know you by name?
yup... and he's the CEO of the company too!
>From: "Boivin, Patrice J" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject:
ECTED]]
Sent: Friday, September 07, 2001 12:37 PM
To: Multiple recipients of list ORACLE-L
Subject: RE: How do you audit a DBA?
I think the president should be the only one in charge, he just
tells the
dba what to do, i.e., alter the freelists o
ce [SMTP:[EMAIL PROTECTED]]
Sent: Friday, September 07, 2001 12:37 PM
To: Multiple recipients of list ORACLE-L
Subject: RE: How do you audit a DBA?
I think the president should be the only one in charge, he just
tells the
dba what to do,
Subject: RE: How do you audit a DBA?
Sent by:
t;Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: RE: How do you audit a DBA?
>Date: Fri, 07 Sep 2001 01:45:06 -0800
>
>There is an administrator account, but individual users can configure
>access control lists on their file
y Hammond" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: RE: How do you audit a DBA?
>Date: Fri, 07 Sep 2001 01:45:06 -0800
>
>There is an administrator account, but individual users can configu
point of failure" again! so... the auditor is more
trusted than the DBA?
Who audits the auditor?
>From: "Guy Hammond" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: RE: How
single point of failure" again! so... the auditor is more
trusted than the DBA?
Who audits the auditor?
>From: "Guy Hammond" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: RE: How do y
auditor?
>From: "Guy Hammond" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: RE: How do you audit a DBA?
>Date: Fri, 07 Sep 2001 01:45:06 -0800
>
>There is an administrator a
ere's that "single point of failure" again! so... the auditor is more
trusted than the DBA?
Who audits the auditor?
>From: "Guy Hammond" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>S
There is an administrator account, but individual users can configure
access control lists on their files (right-click, properties, security)
that would prevent the administrator from reading them. The only way
that an administrator could then read them would be to "take ownership"
first. Unlike U
They were auditing all functions and software in IS.
-Original Message-
Sent: Wednesday, September 05, 2001 11:51 PM
To: Multiple recipients of list ORACLE-L
Your company's auditors auditing DBA or ORACLE database ?
-Original Message-
Sent: Thursday, 6 September 2001 12:16 AM
o: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
> >Subject: RE: How do you audit a DBA?
> >Date: Thu, 06 Sep 2001 01:20:58 -0800
> >
> >That is correct. For example, in NT you can assign a role to a user and
> >make them a Print Administrator - they can
AIL PROTECTED]>
>Subject: RE: How do you audit a DBA?
>Date: Thu, 06 Sep 2001 01:20:58 -0800
>
>That is correct. For example, in NT you can assign a role to a user and
>make them a Print Administrator - they can stop and start queues, set
>permissions and priorities and so f
That is correct. For example, in NT you can assign a role to a user and
make them a Print Administrator - they can stop and start queues, set
permissions and priorities and so forth, do anything to do with
printers, but they can't, say create user accounts. There is another
role, Backup Operator,
Your company's auditors auditing DBA or ORACLE database ?
-Original Message-
Sent: Thursday, 6 September 2001 12:16 AM
To: Multiple recipients of list ORACLE-L
You mean you think DBAs should do things? My company's auditors were aghast
when I told them that I did things such as write U
and the administrator account on a NT system can't do everything too?
>From: "Miller, Jay" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: RE: How do you audit a DBA?
>Date: Wed, 05
and the administrator account on a NT system can't do everything too?
>From: "Miller, Jay" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: RE: How do you audit a DBA?
>Date: Wed
<[EMAIL PROTECTED]>
Sent by: cc:
root@fatcity. Subject: RE: How do you audit a DBA?
or become a terrible warning"
JayMiller@TDWate
rhouse.com To: [EMAIL PROTECTED]
Sent by:cc:
[EMAIL PROTECTED] Subject: R
EMAIL PROTECTED]
Sent by:cc:
[EMAIL PROTECTED] Subject: RE: How do
16 PM
To: Multiple recipients of list ORACLE-L
Subject: RE: How do you audit a DBA?
You mean you think DBAs should do things? My company's auditors
were aghast
when I told them that I did things such as write Unix scripts to
monitor the
database.
From: Miller, Jay [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, September 05, 2001 1:16 PM
To: Multiple recipients of list ORACLE-L
Subject: RE: How do you audit a DBA?
You mean you think DBAs should do things? My company's auditors
were aghast
You mean you think DBAs should do things? My company's auditors were aghast
when I told them that I did things such as write Unix scripts to monitor the
database. They were firmly of the opinion that DBAs should not be allowed
to write code, only developers should write code. That was a major a
What is the purpose of having a dba if he is not allowed to do anything?
"Do not criticize someone until you walked a mile in their shoes, that way
when you criticize them, you are a mile a way and have their shoes."
Christopher R. Spence
Oracle DBA
Phone: (978) 322-5744
Fax:(707) 885-2275
-Original Message-
From: Kevin Kostyszyn [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, August 23, 2001 6:30 PM
To: Multiple recipients of list ORACLE-L
Subject:RE: RE: How do you audit a DBA?
Why don'
Title: RE: OT RE: RE: How do you audit a DBA?
I
went to see that movie, The Mummy Returns, when it came out, 'cos The Rock was
in it, and I was hoping for some long, rambling monologues from the Scorpion
King about how he planned to lay the smackdown on the Egyptians' candy asses,
Title: RE: OT RE: RE: How do you audit a DBA?
It
would be like in the SNL episode, where the Rock was Nicotrol, to help people
stop smoking. That was very funny!!!
-Original Message-From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Koivu, LisaSent:
Monday
Title: RE: OT RE: RE: How do you audit a DBA?
C'mon. I'd vote for The Rock instead, along with all The Rock's "witty" comments. That would be awfully darn distracting, and you could be sure your DBA would get NOTHING done :)
Honestly, if there's a need to
tified DBA)
-Original Message-
From: Kevin Kostyszyn [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, August 23, 2001 6:30 PM
To: Multiple recipients of list ORACLE-L
Subject: RE: RE: How do you audit a DBA?
Why don't you get
If you're a DBA long enough, you
can grow your own. :)
Jared
On Friday 24 August 2001 06:16, Thater, William wrote:
> Scott Shafer wrote:
> >If the folding metal chair at my computer desk wasn't so cold, I wouldn't
> >bother...
> >
> >--Scott
>
> two words: "seat cushion".;-)
--
Please see th
I have same impression for Amsterdam, Netherlands where I lived for 3 years
1984-87 and enjoyed my time Got married and had 2 beautiful
baby girls
Have a nice weekend
Regards
MOHAMMAD RAFIQ
Reply-To: [EMAIL PROTECTED]
To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
Da
Trusted Oracle is very much like regular Oracle. Most of the
security actually comes from the OS. That being said it does have
row level security so you have to match or superseed the privilage
that the row has to see the row but sys has the ability to change
to the higher level and you install
Scott Shafer wrote:
>If the folding metal chair at my computer desk wasn't so cold, I wouldn't
>bother...
>
>--Scott
>
two words: "seat cushion".;-)
--
--
Bill "Shrek" Thater ORACLE DBA
Telergy,Inc. [EMAIL PROTECTED]
-
Germany, lived there also, 3 years, beautiful and the only place where
trash was laying around in the street was where the American military
housing was. go figure.
joe
Scott Shafer wrote:
>
> You know, I lived in Berlin for 2 years, and if I could figure out all the
> employment/health-care/ho
I have no direct experience of this on Oracle, but I do know that
trusted operating systems make it possible to prevent the sysadmin from
reading files. They can be backed up to tape and restored, but they
couldn't be opened by a regular process such as a text editor without
the operating system i
Thanks for all the serious and amusing replies on this, superb stuff!!
Seriously, I raised this question just to cover my back so when I give my
answer (the answer being NO!!) then no other bright spark can justifiably
contradict it.
Thanks again for your time,
Dave Leach
**
gt;
> >Reply-To: [EMAIL PROTECTED]
> >To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
> >Subject: RE: OT RE: How do you audit a DBA?
> >Date: Thu, 23 Aug 2001 13:48:02 -0800
> >
> >Don't we all at some point in time. Although I am just in
You know, I lived in Berlin for 2 years, and if I could figure out all the
employment/health-care/housing laws I would move back in a heartbeat.
Scott Shafer
Converse, TX
- Original Message -
To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]>
Sent: Thursday, August 23, 2001
you'd be surprised, it's not always that great. I ended up doing all sorts
of chores
>From: "Anderson, Brian" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: RE: RE: How do yo
L PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: RE: OT RE: How do you audit a DBA?
>Date: Thu, 23 Aug 2001 13:48:02 -0800
>
>Don't we all at some point in time. Although I am just in shorts and tee
>s
Move to Germany. They actually have to come up with a justification for NOT
taking vacation!
Kip
|I want to be required to take 2 weeks vacation.
|> -Original Message-
|> From: Rachel Carmichael [mailto:[EMAIL PROTECTED]]
|> Sent: Thursday, August 23, 2001 3:37 PM
|> To: Multiple r
I want to be required to take 2 weeks vacation.
> -Original Message-
> From: Rachel Carmichael [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, August 23, 2001 3:37 PM
> To: Multiple recipients of list ORACLE-L
> Subject: Re:RE: How do you audit a DBA?
>
>
> Dick,
>
> Actually, many st
RACLE-LSubject: OT
RE: How do you audit a DBA?
That sounds more like Rachel or Lisa.
Let's hope it wasn't Shrek, Dorothy, or
any of the other members
of the trans-species gang that pulled me
onto their flying saucer last night.
-Original Message-
Yea, and in 13i we won't need the data.
Then, in 14i, we won't need the Internet.
In 15, we'll just sit at home and rot.
-Original Message-
Sent: Thursday, August 23, 2001 5:10 PM
To: Multiple recipients of list ORACLE-L
You don't need to install a program, seems govt agencies are
erger.com> cc:
Sent by: Subject: RE: OT RE: How do you
audit a DBA?
[EMAIL PROTECTED]
om
08/23/01 03:17
PM
Please respond
to ORACLE-L
sorry, that's Oracle Security Handbook
>From: "Rachel Carmichael" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: RE: How do you audit a DBA?
>Date: Thu, 23 Aug 2001 12:25:48
tiple recipients of list ORACLE-LSubject: RE:
OT RE: How do you audit a DBA?
But I was NOT the one who brought up "DBAing in my pajamas" ;)
joe
>>> [EMAIL PROTECTED] 08/23/01 03:16PM
>>>
It's shocking to me that you would
23, 2001 4:17
PMTo: Multiple recipients of list ORACLE-LSubject: RE:
OT RE: How do you audit a DBA?
But I was NOT the one who brought up "DBAing in my pajamas" ;)
joe
>>> [EMAIL PROTECTED] 08/23/01 03:16PM
>>>
It's shocking to me that you w
erger.com> cc:
Sent by: Subject: RE: OT RE: How do you audit a
DBA?
If the dba is worth their paycheck, there isn't much you can install without
them finding it.
"Do not criticize someone until you walked a mile in their shoes, that way
when you criticize them, you are a mile a way and have their shoes."
Christopher R. Spence
Oracle DBA
Phone: (978) 322-5744
Fa
Why don't you get some Conan the Barbarian lookinn fella to stand behind
this mistrusted dba all day?
-Original Message-
Rajendra
Sent: Thursday, August 23, 2001 5:10 PM
To: Multiple recipients of list ORACLE-L
You don't need to install a program, seems govt agencies are capable of
usin
You don't need to install a program, seems govt agencies are capable of
using EMI techniques to capture (the keystrokes) what you are typing,
sitting outside your home. There is a case against in the court right now
where judge asked to explain the technology recently.
What the heck, believe in L
Waleed [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, August 23, 2001 2:12 PM
> To: Multiple recipients of list ORACLE-L
> Subject:RE: How do you audit a DBA?
>
> If you don't trust the DBA then fire him!
>
> DBA has access to do everything i
At 04:17 PM 8/23/2001, JOE TESTA wrote:
>But I was NOT the one who brought up "DBAing in my pajamas" ;)
>
>joe
all i say is the goddess is very attractive, IMNSHO. and i ain't gonna
touch the pajamas line with an 11' Hungarian!
and if they started any of this auditing here, and i'd know, i'd w
not Security 101 -- Oracle8i Security Handbook
it's on the Osborne site, should be out soon
>From: "Thater, William" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: RE: How do you
I once told a user - on a dumb terminal - (or was that a dumb user
on a terminal...) that the character mode computer system monitors
what they do at their desks.
I was kidding, I promise. Maybe I even smiled.
Within hours I was called in to the CFO. The users were revolting.
Oy vey.
yosi
"Mo
Without the DBA knowing it. Install a program that logs every keystork on all the DBA
workstations.
And since you are at it, might as well install it on every computer within the
company. This way you can audit the CEO if you want. :)
>>> [EMAIL PROTECTED] 08/23/01 04:10PM >>>
maybe/maybe no
maybe/maybe not, here is why,
if i'm going to make changes(and try not to get caught),i'd be granting
update on table to someone else, change their password, login as them, change
the password back and it would totally look like someone else did it.
If you can't trust the DBA, there is big
Dave,
If the DBA is competent, he or she cannot be audited by the database.
Any skillful DBA can work around anything you do to the database.
Maybe if you sniffed the network for SQL*Net packets you could look
for suspicious activity, and severely limit access to the console that
would avoid
At 03:02 PM 8/23/2001, you wrote:
>You might want to take a peek at the relatively old Oracle Security book by
>O'Reilly Press, it talks about triggers.
or you might just want to wait for the new security 101 book due out RSN.
--
Bill "Shrek" Thater ORACLE DBA
Telergy,Inc.
TECTED]]Sent: Thursday, August 23, 2001 2:23
PMTo: Multiple recipients of list ORACLE-LSubject: OT
RE: How do you audit a DBA?
DBA-cam now there's a kewl concept :)
Then we can see what the goddess's desk looks like.
Whether Lisa looks like Laura or not, etc.
This h
my PJ's
>From: "JOE TESTA" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: OT RE: How do you audit a DBA?
>Date: Thu, 23 Aug 2001 10:23:09 -0800
>
>DBA-cam now there's a k
mes, MPO
E-Mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
-Original Message-
From: Khedr, Waleed [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, August 23, 2001 2:12 PM
To: Multiple recipients of list ORACLE-L
Subject: RE: How do yo
If it's really that bad, then we are talking about setting something up that
the DBA wouldn't know about!
I do not know if the logminer could help here!
Regards,
Waleed
-Original Message-
Sent: Thursday, August 23, 2001 1:36 PM
To: Multiple recipients of list ORACLE-L
Waleed,
Re
It's shocking to me that you would consider
such a thing, Young Joseph!
;-)
-Original Message-From: JOE TESTA
[mailto:[EMAIL PROTECTED]]Sent: Thursday, August 23, 2001 2:23
PMTo: Multiple recipients of list ORACLE-LSubject: OT
RE: How do you audit a DBA?
DBA-ca
Maybe too clever?
Hell, they haven't fired me yet!
Of course, every time i type something, my network card lights up and my
hard drive
whirs, but other than that, I have no reason to suspect my every breath is
being monitored!
-Original Message-
Sent: Thursday, August 23, 2001 1:27 PM
LOL!!! The "IRS Audit" trigger! New in Oracle 10i!!!
-Original Message-
Sent: Thursday, August 23, 2001 2:23 PM
To: Multiple recipients of list ORACLE-L
Write a letter to the IRS stating that he did not report
all his income last year. They will be happy to audit
him.
Ken Janusz
DBA-cam now there's a kewl concept :)
Then we can see what the goddess's desk looks like.
Whether Lisa looks like Laura or not, etc.
This has serious potential
joe
>>> [EMAIL PROTECTED] 08/23/01 01:11PM
>>>I think i see where this thread is going. You'd better
audit change to the trigg
Write a letter to the IRS stating that he did not report
all his income last year. They will be happy to audit
him.
Ken Janusz, CPIM
> I think i see where this thread is going.
>
> You'd better audit change to the trigger that audits changes to the data
> that
> audits the DBA that you don't
'..fire him, not the trigger.'
ver-y clever.
-Original Message-
Sent: Thursday, August 23, 2001 9:47 AM
To: Multiple recipients of list ORACLE-L
Oh hell, if you don't trust him, just fire him, not the trigger.
-Original Message-
Sent: Thursday, August 23, 2001 11:56 AM
To:
I think i see where this thread is going.
You'd better audit change to the trigger that audits changes to the data
that
audits the DBA that you don't trust.
Maybe throwing another trigger at it will help?
Maybe installing a 24x7 "DBA-cam" above his cube?
Maybe feeding him a higher grade of "
If you don't trust the DBA then fire him!
DBA has access to do everything including the audit records which he/she can
modify easily!
Waleed
-Original Message-
Sent: Thursday, August 23, 2001 12:52 PM
To: Multiple recipients of list ORACLE-L
you'd better audit changes to the trigger,
you'd better audit changes to the trigger, and then changes to SYS.AUD$
otherwise the DBA could disable the trigger, make the changes and re-enable
it
>From: Dave Leach <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: Multiple recipients of list ORACLE-L <[EMAIL PROTECTED]>
>Subject: Ho
Oh hell, if you don't trust him, just fire him, not the trigger.
-Original Message-
Sent: Thursday, August 23, 2001 11:56 AM
To: Multiple recipients of list ORACLE-L
Anyone who can help,
I've been asked if Oracle can somehow audit the DBA ie. Raise an alert if
the DBA were to execut
This has been discussed before, I'll try to summarize it as I remember.
Sure, you could put triggers, turn on auditing, whatever. But the DBA
by nature of his job function, can disable, remove, whatever you turn
on.
So it basically comes down to trusting your DBA, or getting a new DBA.
> -
78 matches
Mail list logo
