Rootkit Checker and Security Monitoring - Protecting Oracle Database 12c

Database Reference

In-Depth Information

The reason for using checksums is that they can be easily compared to a known-good state

programmatically, and we can run a simple SQL query to return a value if the state of the privileges

is still the same as follows:

SYS@orcl3>(select utl_raw.cast_to_raw(DBMS_SQLHASH.gethash('select * from dba_tab_privs

where privilege !=''INHERIT''',2)) from dual)intersect(select utl_raw.cast_to_raw('F07962

C1BC9B3A948AA176D6B7C5E3F7') from dual);

UTL_RAW.CAST_TO_RAW(DBMS_SQLHASH.GETHASH('SELECT*FROMDBA_TAB_PRIVSWHEREPRIVILEGE

--------------------------------------------------------------------------------

4630373936324331424339423341393438414131373644364237433545334637

I personally use a view I have created called DBA_OBJ_PRIVS which is shown below. It includes the object

type in the view which is essential for security purposes.

CREATE OR replace VIEW dba_obj_privs AS select ue.name grantee, u.name owner , o.name

object_name, ur.name grantor , tpm.name privilege,

decode(mod(oa.option$,2), 1, 'YES', 'NO') grantable,

decode(bitand(oa.option$,2), 2, 'YES', 'NO') heirarchy,

OBJECT_TYPE

from sys.objauth$ oa, sys.obj$ o, sys.user$ u, sys.user$ ur, sys.user$ ue,

table_privilege_map tpm, DBA_OBJECTS

where oa.obj# = o.obj#

and oa.grantor# = ur.user#

and oa.grantee# = ue.user#

and oa.col# is null

and oa.privilege# = tpm.privilege

and u.user# = o.owner#

AND DBA_OBJECTS.OBJECT_ID=oa.obj#;

5.

Checksum of role privileges can be created as follows:

SYS@orcl3> select DBMS_SQLHASH.gethash('select * from dba_role_privs',2) from dual;

DBMS_SQLHASH.GETHASH('SELECT*FROMDBA_ROLE_PRIVS',2)

--------------------------------------------------------------------------------

511C85CC54B6569D58D4EF2F4248BD00

6.

Java privileges can be state-checked using the following:

SYS@orcl3>select DBMS_SQLHASH.gethash('select * from DBA_JAVA_POLICY',2) from dual;

DBMS_SQLHASH.GETHASH('SELECT*FROMDBA_JAVA_POLICY',2)

--------------------------------------------------------------------------------

5ABBE6C61160C5E725DF67D9400EEF36

7.

System privileges can be state-checked using the following:

SYS@orcl3>select DBMS_SQLHASH.gethash('select * from dba_sys_privs',2) from dual;

DBMS_SQLHASH.GETHASH('SELECT*FROMDBA_SYS_PRIVS',2)

--------------------------------------------------------------------------------

DE75FC9B856A499596788423544CCF6F

Protecting Oracle Database 12c

Search WWH ::

Custom Search

Home