Oracle will always generate audit files for some SYSDBA operations in audit_file_dest, no matter what you do. As Doc ID 1528170.1, "Some auditing of SYSDBA is mandatory and cannot be disabled (STARTUP, SHUTDOWN, and CONNECT)." If audit_sys_operations is currently set to TRUE, many files will be created in audit_file_dest by SYSDBA user activity. In this …
Category: Database Security
Database Security
Aug 07
Setup VNCR in Oracle RAC
Enabling VNCR (Valid Node Checking for Registration) is a mandatory task that every DBA should do when terminates the configuration of a new database, being it a Single Instance or a Oracle RAC. In my opinion, Oracle should have already defined this option enabled by default on new releases. In times of TNS Poison (Oracle Security …
Aug 03
Howto upgrade Oracle EM 12c with Database Vault enabled
In recent days, I updated the EM 12c release 12.1.0.3.0 to 12.1.0.4.0. However, the database where the repository was placed had Oracle Database Vault enabled and I was not even allowed to temporarily disable it during the upgrade (security policy of the company). The best way to have proceeded with the installation without facing problems would be shutting …
Sep 20
Finding Oracle users with DBA privilege hidden by roles
Some users in Oracle may have very dangerous privileges without your consent, they can cause great damage to the database. Sometimes this privilege is hidden via a chain of roles, which makes it difficult to perception. Eg: SQL> CREATE USER SYSADM identified by "sysadm1"; SQL> CREATE ROLE A; SQL> CREATE ROLE B; SQL> CREATE ROLE …
May 23
Howto force password for sysdba user access
In many situations, the DBA is faced with the scenario where many company teams end up having access to the root password of the machine where Oracle is installed. These teams are usually the Infrastructure, the Backup, the Deployment, etc.. In this case, it is very easy to root user run a "su - oracle" …
About
Rodrigo Jorge
Oracle OCM Database 11g & 12c
Oracle OCM MAA & Cloud
Oracle OCE Data Guard 12c
Oracle OCE RAC and Grid 11gR2 & 12c
Oracle OCE Performance Tuning 11g & 12c
Oracle OCS Security 11g
Oracle OCS Data Warehousing 11g
