Forum Stats

  • 3,741,782 Users
  • 2,248,475 Discussions
  • 7,861,993 Comments

Discussions

DBSAT Report

3576990
3576990 Member Posts: 4
edited Jun 10, 2019 11:32PM in Database Security - General

I have run the DBSAT report against my 11gR2 and 12cR1 databases. 

One auditing issue I received was:  Actions related to database management are not sufficiently audited.

I have issued the following auditing commands against the database, but it does not resolve the issue when I run the DBSAT report again.

Does anyone know what command/s will resolve this issue in the DBSAT report?

audit ALTER any trigger by access whenever successful;

audit CREATE ANY LIBRARY by access whenever successful;

audit CREATE ANY TRIGGER by access whenever successful;

audit ALTER ANY PROCEDURE by access whenever successful;

audit AUDIT ANY by access whenever successful;

audit DROP ANY PROCEDURE by access whenever successful;

audit DROP ANY TRIGGER by access whenever successful;

Audit EXECUTE ON SYS.DBMS_RLS;

audit ALTER DATABASE by access whenever successful;

audit ALTER SYSTEM by access whenever successful;

audit CREATE ANY LIBRARY by access whenever successful;

audit CREATE EXTERNAL JOB by access whenever successful;

audit CREATE PROCEDURE by access whenever successful;

audit CREATE PUBLIC DATABASE LINK by access whenever successful;

audit DATABASE LINK by access whenever successful;

audit DIRECTORY by access whenever successful;

audit DROP ANY PROCEDURE by access whenever successful;

audit PUBLIC DATABASE LINK by access whenever successful;

audit PUBLIC SYNONYM by access whenever successful;

  audit SYSTEM AUDIT by access whenever successful;

Answers

  • Emad Al-Mousa
    Emad Al-Mousa Member Posts: 716 Bronze Trophy
    edited Jun 10, 2019 1:01PM

    Hi,

    DBSAT is a great tool for scanning to ensure your system: properly configured (database parameters for example), privileges,.....etc.

    for "auditing" part, i think you should have your "own" set of auditing criteria based on your database data confidentiality, internal security policy, what things your company/organization are looking for....etc.

    so i don't think you should implement "auditing" blindly based on DBSAT reporting. One important thing you should ensure,  for example "audit_sys_operations" parameter is set to "TRUE".

    Regards,

    Emad

  • 3576990
    3576990 Member Posts: 4
    edited Jun 10, 2019 11:32PM

    Thank you for your reply, Emad.  I agree with what you have said.  Unfortunately, our CIO wants to see the issue on the DBSAT report go away when I rerun the report.  And there is the issue for me. 

Sign In or Register to comment.