Auditing sys administrative users
By using standard auditing, operations performed against database objects by sys or users with sysdba and sysoper privileges are not audited. Only details about logon including the terminal and the date are audited by mandatory auditing. This recipe will show you how to enable the audit for sys users.
Getting ready
All steps will be performed on the HACKDB database.
How to do it...
In a separate terminal open
/var/log/oracle_audit.logwith thetail –fcommand. From a second terminal connect assysdbaand issue a count against thehr.employeestable:SQL> conn / as sysdba Connected. SQL> select count(*) from hr.employees; COUNT(*) ---------- 107
If you now look at
/var/opt/oracle_audit.logyou will see that nothing was recorded.Connect as
sysdbaand modifyaudit_sys_operationtotrueas follows:SQL> alter system set audit_sys_operations=true scope=spfile;Bounce the database.
Connect as
sysdbaand reissue the count againsthr.employees:SQL...
