Oracle Template
Tested Oracle Versions
This software has been tested on the following AIX versions:
- Oracle 11 on Windows Server 2012
- Oracle 11 on Red Hat Linux
Oracle Controls
The following table shows the Oracle security audit details on which the template can be used to control the information that is received and actioned in your security schema.
|
Action |
Subaction |
Condition |
Description |
|
Successful Login |
Successful Login |
ACTION# = 100 and RETURNCODE = 0 |
Records whenever a logon to the Oracle system succeeds |
|
Logon Failure |
Logon Failure |
ACTION# = 100 and RETURNCODE <> 0 |
Records whenever a logon to the Oracle system fails |
|
Logoff |
Logoff |
ACTION# = 101 | 102 and RETURNCODE = 0 |
Records whenever a user logs off the Oracle system |
|
User Creation |
User Creation |
ACTION# = 51 |
Records whenever a new user profile is created |
|
User Deletion |
User Deletion |
ACTION# = 53 |
Records whenever a user profile is deleted |
|
User Modification |
User Modification |
ACTION# = 43 |
Records whenver a user profile is changed |
|
Group/Role/Profile Creation |
Role Creation |
ACTION# = 52 |
Records whenever a role profile is created |
|
Group/Role/Profile Creation |
DB Profile Creation |
ACTION# = 65 |
Records whenever a database profile is created |
|
Group/Role/Profile Deletion |
Role Deletion |
ACTION# = 54 |
Records whenever a role profile is deleted |
|
Group/Role/Profile Deletion |
Database Profile Deletion |
ACTION# = 66 |
Records whenever a database profile is deleted |
|
Group/Role/Profile Modification |
Role Modification |
ACTION# = 79 |
Records whenever a role profile is changed |
|
Group/Role/Profile Modification |
DB Profile Modification |
ACTION#= 67 |
Records whenever a database profile is changed |
|
Audit Log Deletion |
Audit Log Deletion |
ACTION# = 105 |
Records whenever the audit log is deleted |
|
Audit Log Modification |
Audit Log Modification |
ACTION# = 104 |
Records whenever the audit log is changed |
|
User Addition To Group/Role/Profile |
Member Addition to User/Role |
ACTION# = 114 |
Records whenever a user profile is created in a group role |
|
User Removal From Group/Role/Profile |
Member Removal fom User/Role |
ACTION# = 115 |
Records whenever a user profile is deleted from a group role |
|
Grant Permission |
System Privilege Assignment |
ACTION# = 108 |
Records whenever a user profile is granted permission to system privileges |
|
Revoke Permission |
System Privilege Removal |
ACTION# = 109 |
Records whenever a user proifile has permission to system privileges removed |
|
Object Creation |
Table Space Creation |
ACTION# = 39 |
Records whenever space is created in the Oracle database |
| Object Creation | Function Creation | ACTION# = 91 | Records whenever a function is created |
| Object Creation | Index Creation | ACTION# = 9 | Records whenever an index is created |
| Object Creation | Stored Procedure Creation | ACTION# = 24 | Records whenever a stored procedure is created |
| Object Creation | Trigger Creation | ACTION# = 59 | Records when a trigger is created |
| Object Creation | View Creation | ACTION# = 21 | Records when a view is created |
|
Object Modification |
Tablespace Modification |
ACTION# = 40 |
Records whenever an object is changed |
| Object Modification | All Triggers Disabling | ACTION# = 121 | Records whenever all triggers are disabled |
| Object Modification | All Triggers Enabling | ACTION# = 120 | Records whenever all triggers are enabled |
| Object Modification | Function Modification | ACTION# = 92 | Records whenever a function is modified |
| Object Modification | Index Modification | ACTION# = 11 | Records whenever an index is modified |
| Object Modification | Stored Procedure Modification | ACTION# = 25 | Records whenever a stored procedure is modified |
| Object Modification | Trigger Disabling | ACTION# = 119 | Records whenever a trigger is disabled |
| Object Modification | Trigger Enabling | ACTION# = 118 | Records whenever a trigger is enabled |
| Object Modification | Trigger Modification | ACTION# = 60 | Records whenever a trigger is modified |
|
Object Deletion |
Table Space Deletion |
ACTION# = 41 |
Records whenever space is deleted from the Oracle database |
| Object Deletion | Function Deletion | ACTION# = 93 | Records whenever a function is deleted |
| Object Deletion | Index Deletion | ACTION# = 10 | Records whenever an index is deleted |
| Object Deletion | Stored Procedure Deletion | ACTION# = 68 | Records whenever a stored procedure is deleted |
| Object Deletion | Trigger Deletion | ACTION# = 61 | Records whenever a trigger is deleted |
|
Object Deletion |
View Deletion | ACTION# = 22 | Records whenever a view is deleted |
| User Statement | Delete Statement | ACTION# = 7 OR ACTION# = 103* | Records whenever a truncate table statement is executed |
| User Statement | Insert Statement | ACTION# = 2 OR ACTION# = 103* | Records whenever a truncate table statement is executed |
| User Statement | Truncate Statement | ACTION# = 85 | Records whenever a truncate table statement is executed |
| User Statement | Update Statement | ACTION# = 6 OR ACTION# = 103* | Records whenever a truncate table statement is executed |
* To audit action 103, the session audit per user should be enabled. That is done executing the following commands:
-
audit insert table by Admin by access
-
shutdown
-
startup
For Linux installations, the 3 events audit should be enabled at the same time.