2 Replies Latest reply on Jun 11, 2019 3:32 AM by 3576990

    DBSAT Report

    3576990

      I have run the DBSAT report against my 11gR2 and 12cR1 databases. 

       

      One auditing issue I received was:  Actions related to database management are not sufficiently audited.

       

      I have issued the following auditing commands against the database, but it does not resolve the issue when I run the DBSAT report again.

       

      Does anyone know what command/s will resolve this issue in the DBSAT report?

       

      audit ALTER any trigger by access whenever successful;

      audit CREATE ANY LIBRARY by access whenever successful;

      audit CREATE ANY TRIGGER by access whenever successful;

      audit ALTER ANY PROCEDURE by access whenever successful;

      audit AUDIT ANY by access whenever successful;

      audit DROP ANY PROCEDURE by access whenever successful;

      audit DROP ANY TRIGGER by access whenever successful;

      Audit EXECUTE ON SYS.DBMS_RLS;

      audit ALTER DATABASE by access whenever successful;

      audit ALTER SYSTEM by access whenever successful;

      audit CREATE ANY LIBRARY by access whenever successful;

      audit CREATE EXTERNAL JOB by access whenever successful;

      audit CREATE PROCEDURE by access whenever successful;

      audit CREATE PUBLIC DATABASE LINK by access whenever successful;

      audit DATABASE LINK by access whenever successful;

      audit DIRECTORY by access whenever successful;

      audit DROP ANY PROCEDURE by access whenever successful;

      audit PUBLIC DATABASE LINK by access whenever successful;

      audit PUBLIC SYNONYM by access whenever successful;

        audit SYSTEM AUDIT by access whenever successful;

        • 1. Re: DBSAT Report
          Emad Al-Mousa

          Hi,

           

          DBSAT is a great tool for scanning to ensure your system: properly configured (database parameters for example), privileges,.....etc.

           

          for "auditing" part, i think you should have your "own" set of auditing criteria based on your database data confidentiality, internal security policy, what things your company/organization are looking for....etc.

           

          so i don't think you should implement "auditing" blindly based on DBSAT reporting. One important thing you should ensure,  for example "audit_sys_operations" parameter is set to "TRUE".

           

          Regards,

          Emad

          • 2. Re: DBSAT Report
            3576990

            Thank you for your reply, Emad.  I agree with what you have said.  Unfortunately, our CIO wants to see the issue on the DBSAT report go away when I rerun the report.  And there is the issue for me.