Category: Audit

Oracle Database Audit

It’s a Wrap: Insights from the SOUG Espresso on Oracle Audit

In my latest SOUG Espresso session, Easy Audit Data Analysis with SQL Developer Reports, I focused on Oracle Unified Audit Analysis. This was an opportunity to share my experience and insights into database security and audit data workflow enhancement. Event Highlights Based on my considerable experience with Oracle databases, I emphasized the critical importance of […]

Easy Audit Data Analysis with SQL Developer Reports

In one of my last blog post SQL Toolbox for simplified Oracle Unified Audit Data Analysis, I introduced a set of scripts designed to streamline Oracle Unified Audit data analysis. These scripts, now available on my GitHub repository oehrlis/oradba, have received positive feedback. Building on that, I’d like to explore an alternative approach to augment […]

SQL Toolbox for simplified Oracle Unified Audit Data Analysis

On my journey through the area of database security, Oracle Unified Audit has been a constant companion. I not only created audit concepts, but also often had the opportunity to implement them. Besides the configuration, the administration and evaluation of the audit data was always part of it. Occasionally I used scripts for this. However, […]

Great, I found my Audit Policies again

A while ago I wrote a blog post about issues with some Oracle Unified Audit Policies see Help I lost my brand new Unified Audit Policy? In the meantime, the whole thing no longer looks so tragic. The problem is an official bug for which Oracle has already released a one-off patch. See Oracle Support Document 30769454.8 Bug 30769454 – Policy Created For Some Actions Are Not Showing In Audit_Unified_Policies.

How to write Unified Audit Trail Records to SYSLOG 

With the introduction of Oracle Unified Audit, Oracle has completely redesigned the process of logging audit events. With the new unified audit trail, there is only one place where audit records are stored. Ok, the audit trail exists per PDB and for a read only database additionally somehow as a binary overflow file. However, the […]

Audit Trail cleanup in Oracle Multitenant environments

A crucial aspect of any database audit concept is the management and maintenance of audit trails. Depending on the defined audit policies and the database activity, an audit trail can grow relatively quickly. Oracle Multitenant environments increase the operational effort because the root container and each PDB uses their own audit trail. Ok, for a […]

Audit Vault and Database Firewall 12.2

Oracle has just released a new major Release of its Oracle Audit Vault and Database Firewall. The new release is immediately available on Oracle’s Software Delivery Cloud. But the OTN website have not been updated. Beside the upgrade of the OS and embedded Oracle Database to 12.1.0.2, Oracle added a bunch of Enterprise-Grade Features. Starting […]

Release of Audit Vault and Database Firewall 12.1.2 Bundle Patch 7

Today Oracle released the new Bundle Patch for Audit Vault and Database Firewall 12.1.2. The patch can be downloaded as usual on Oracle Metalink as Patchset 21920205 for existing installations. The full installation image for new installations is not yet available on Oracle eDelivery. I guess this will follow in a couple of days. Beside […]

DOAG SIG Security Munich 2015

Just finished my presentation about Unified Audit at the DOAG SIG Security in München. It is about Oracle Unified Audit and a few considerations for migrating old standard audit to new policy based unified audit. The slides are available for download . Some impression for the event and my presentation.

Release of Audit Vault and Database Firewall 12.1.2 Bundle Patch 5

Today Oracle released the new Bundle Patch for Audit Vault and Database Firewall 12.1.2. The patch can be downloaded as usual on Oracle Metalink as Patchset 20829881 for existing installations. The full installation image for new installations is not yet available on Oracle eDelivery. I guess this will follow in a couple of days. Beside […]

Oracle Software Appliances and Bash Shellshock

Late September a vulnerability in the bash Shell has been published. The vulnerability also known as shellshock, was classified as extremely critical. Anyway, in the meantime security patch has been released for the different operating systems and bash implementations. A bugfix is also available for Oracle Enterprise Linux, which is used as operating system of […]

Release of Audit Vault and Database Firewall 12.1.2 Bundle Patch 2

End of last week, Oracle has released the second Bundle Patch for Audit Vault and Database Firewall 12.1.2. I’ve missed the release due to public holiday here in Switzerland. 🙂 The patch can be downloaded as usual on Oracle Metalink as Patchset 19190265 for existing installations or on Oracle eDelivery as full installation image for […]

Release of Audit Vault and Database Firewall 12.1.2 Bundle Patch 1

Earlier today, Oracle has released the first Bundle Patch for Audit Vault and Database Firewall 12.1.2. The patch can be downloaded on Oracle Metalink as Patchset 18728905 for existing installations or on Oracle eDelivery as full installation image for new installations. The installation image is split in two parts which need to be merged before […]

Update: AVDF installation fails on HP server with Smart Array

A couple of days ago I’ve wrote about some problems when installing Oracle Audit Vault and Database Firewall 12.1.2 on HP server with Smart Array Disk Controller. The problem is still not resolved, but in the meantime Oracle has open a Bug and added some Metalink Notes related to this issue. AVDF 12.1.1 Installation Fails […]

AVDF installation ISO

Due to some problems during the installation of Oracle Audit Vault and Database Firewall 12.1.2 (see AVDF installation fails on HP server with Smart Array Disk Controller), I’ve looked at the AVDF ISO image and its kickstart setup. AVDF 12.1.2 is based on Oracle Enterprise Linux 5.9. To setup or upgrade AVDF it is required […]

Audit Vault and Database Firewall 12.1.2

Oracle has just released a new Release of its Oracle Audit Vault and Database Firewall. The new release is immediately available on Oracle’s Software Delivery Cloud. It look’s like Oracle added a bunch of Enterprise-Grade Features like iSCSI SAN Disk, NFS Storage as well as SYSLOG integration. Starting with this Release, the Audit Vault Repository […]

Update: Oracle and OpenSSL ‘Heartbleed’ vulnerability

While writing a post about the new Critical Patch Advisory I’ve discovered, that Oracle made the Information about the OpenSSL Vulnerability publicly available. The information in MOS Note 1645479.1 has been moved to OpenSSL Security Bug – Heartbleed CVE-2014-0160. Until now it looks like that Oracle Databases are not affected since they do not use […]

Oracle and OpenSSL ‘Heartbleed’ vulnerability

Earlier this week the OpenSSL Project as well US-CERT informed about a Security Vulnerability in OpenSSL. See OpenSSL Security Advisory or US-CERT Alert (TA14-098A) The vulnerability may affect Oracle Products as well, since some of them do use OpenSSL. So far Oracle did not provide dedicate information on it’s public Critical Patch Updates and Security […]

AVCLI doubles audit trails, bug or feature?

I’ve start using the AV command line interface to administer AVDF. I use the tool fairly often to start, stop and monitor the audit trails. But recently I ran in a small issue after a typo. I just want to start the audit trail on the ADUMP directory of a database. AVCLI> LIST TRAIL FOR […]

AVCLI Audit Vault command line interface

When I started to deal with Oracle Audit Vault and Database Firewall (AVDF), I have always worked with the Web console. Since a few weeks I regularly use the AVCLI and start to like it. It is a simple java based command line utility, from which you can access Audit Vault and Database Firewall servers. […]

Update agent.jar on audit vault server

As I wrote in my post Error installing Audit Vault Agent 12.1.1 on AIX, there is a Audit Vault Agent bug 17058352 on AIX. Unfortunately it hasn’t yet been fixed in the latest bundle patch for Oracle Audit Vault and Database Firewall. If you haven’t changed your default profile in /etc/profile on your AIX server, […]

AVDF missing boot partition

While working on the problem with missing RAM on the AVDF test system (see ) I realized, that the linux boot partition is not available by default. [root@melete2 log]# ls -al /boot total 16 drwxr-xr-x 2 root root 4096 Jan 11 2013 . drwxr-xr-x 24 root root 4096 Jul 11 20:19 .. [root@melete2 log]# df […]

Audit Vault and Database Firewall 12.1.1 Bundle Patch 1

Oracle just released the new bundle patch for Audit Vault and Database Firewall 12.1.1. The patch can be downloaded on metaling as RPM patch set for existing installations or as full installation images for new installations. According the readme, the BP1 contains the July 2013 PSU 11.2.0.3.7 for the database as well several bug fix […]

AVDF Linux kernel could not recognize whole RAM

After initial setup of an Audit Vault and Database Firewall engineering system, I’ve started to add several audit vault agents and secure targets. In the beginning it went quite smoothly. But after a certain number of secured targets, there were continuously ORA-04031 errors. Most of the errors were related to large pool and PX Msg […]

Error installing Audit Vault Agent 12.1.1 on AIX

The Problem During the setup of the current audit vault agent 12.1.1 on AIX, I’ve run into issues. Depending on the configuration of the AIX environment, the agent can not be installed at all. avagent@host:/u00/app/avagent/ [avagent] java -jar agent.jar -d /u00/app/avagent/product/avagent /u00/app/avagent/product/avagent/bin/agentctl[56]: LOGNAME: is read only Error while executing command: [sh, /u00/app/avagent/product/avagent/bin/agentctl, fixperms] avagent@host:/u00/app/avagent/ [avagent] […]

Use of DEFAULT_CLEANUP_INTERVAL

Following a question to the blog post Database Audit and Audit trail purging, I noticed something interesting about the DEFAULT_CLEANUP_INTERVAL parameter. On one hand, it is mandatory to initialize the audit trail and to define a DEFAULT_CLEANUP_INTERVAL, on the other hand, the parameter is not used at all. Oracle explains this in the MOS note Parameter […]

DOAG 2013 Datenbank

As I announced a while ago in SOUG Special Interest Group Baden March 21st I’ll speak again about some improvements in the latest generation of Oracle Database. The content of the presentation is a mixture of the presentations I’ve lectured at SOUG SIG Baden and DOAG SIG Security Munich. It covers the following possible new […]

DOAG SIG Security

Just a couple of hours ago I’ve lecture a presentation about the latest Generation of Database Technology at the DOAG SIG Security in München. It is a sneak preview on a few upcoming security improvements. Unfortunately I do not yet have the permission to provide the presentation for download. But I will make the download […]

New Oracle Audit Vault and Database Firewall

In the hustle and bustle of the Christmas season, it went under that Oracle had released a new version of Oracle Audit Vault respectively Oracle Audit Vault and Database Firewall. This weekend I found some time to take a first look into the new release. What’s New About a year ago Oracle released the Audit […]

New release of Oracle Audit Vault

Somewhen beginning of 2012 Oracle has secretly released an update of Oracle Audit Vault. So far just for Linux x86-64bit but I guess other OS will follow. I’ve just did a short test installation to see what’s new and different.

Oracle Audit Performance Guide

What happens to my database when switching on Oracle standard audit? Should set AUDIT_TRAIL to the DB or to OS or XML? To answer the last question we have to consider the safe storage and analysis of audit data. Is that all? What about Performance?

Database Audit and Audit trail purging

Setting up database audit is fairly easy. Since the availability of DBMS_AUDIT_MGMT the housekeeping of the audit trail is just a trifle. After the introduction of DBMS_AUDIT_MGMT in an post early this February, I would like to take a closer look at the housekeeping of the Audit Trail and provide a simple example how this could be implemented.

Slides SOUG Presentation on DBMS_AUDIT_MGMT

Just finished my presentation about audit management with DBMS_AUDIT_MGMT at the SOUG Special Interest Group Event in Baden. I’m glad having a MIFI so I can immediately upload the slides 🙂 and still have some time for the aperitif…. I’m happy for any comment on the presentation or the slides. Feel free to add a […]

SOUG Presentation on DBMS_AUDIT_MGMT

On the 24 of March I’ll have a presentation on Database Audit and DBMS_AUDIT_MGMT at the SOUG SIG Event. The presentation is about 30 minutes and will cover a rough overview of DBMS_AUDIT_MGMT, latest Issues and Bugs as well some Ideas on how audit could be simplified. Have a look at the SOUG Webpage for […]

Manage Audit Trails with DBMS_AUDIT_MGMT

I’ve recently wrote an DOAG article about Managing Audit Trails with dbms_audit_mgmt, which has been officially introduced in Oracle 11g R2. This blog post is just to link the article and provides a few more information.