Databases Reference
In-Depth Information
ora_login_user,
sysdate,
ora_sysevent,
ora_dict_obj_type,
ora_dict_obj_owner,
ora_dict_obj_name
);
END;
In DB2 you use audit traces, in SQL Server trace functions, and in
Sybase native auditing. In all cases it is up to you to extract the information,
produce reports, and create baselines if you want to do so. This is where the
second category comes in: external auditing tools. These tools not only col-
lect the information on your behalf, but they also provide the tools for
reporting, alerting, and advanced functions such as baselining.
The third category—comparing schema snapshots—does not give you a
detailed audit trail of DDL activity and is inferior to the other two catego-
ries but is relatively easy to implement and can be used as a temporary solu-
tion until you implement a true auditing infrastructure. It is based on
periodically collecting a full definition of the schema (typically once a day)
and comparing the schema with the schema from the night before. Even a
simple tool like diff can be used, because all you are trying to do in this
method is determine whether changes have occurred. Although this
method is fairly easy to implement, it suffers from the fact that when a
change is made, you cannot track down who did it, when, or why. Also, if
someone maliciously made a change, used it, and then rolled it back to
what it was before the change, you will not see it so long as the whole pro-
cess took less than a day. Therefore, this alternative is sometimes sufficient
in a configuration management initiative but is often not good enough in a
project driven by security or compliance requirements.
12.5
Audit database errors
Auditing errors returned by the database is important and is one of the first
audit trails you should implement. This is especially true from a security
standpoint, and you have seen many instances where this would be impor-
tant. For example, when we discussed SQL injection attacks in Chapter 5,
one of the things you learned is that in many cases attackers will make
many attempts until they get it right. The example used was a UNION-
based attack in which attackers need to guess the right number of columns.
Until they get the right number, the database will continuously return an
error code saying that the columns selected by the two SELECT statements
Search WWH ::
Custom Search