Auditing sys administrative users

By using standard auditing, operations performed against database objects by sys or users with sysdba and sysoper privileges are not audited. Only details about logon including the terminal and the date are audited by mandatory auditing. This recipe will show you how to enable the audit for sys users.

Getting ready

All steps will be performed on the HACKDB database.

How to do it...

In a separate terminal open /var/log/oracle_audit.log with the tail –f command. From a second terminal connect as sysdba and issue a count against the hr.employees table:
```
SQL> conn / as sysdba  
Connected.
SQL> select count(*) from hr.employees;
  COUNT(*)
----------
       107
```
If you now look at /var/opt/oracle_audit.log you will see that nothing ...

Get Oracle 11g Anti-hacker's Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Oracle 11g Anti-hacker's Cookbook by Adrian Neagu

Auditing sys administrative users

Getting ready

How to do it...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly