Oct 31 2017

Unified Auditing in Oracle 12c

Category: Administration,Database SecurityFatih Acar @ 10:30

Unified Auditing is new audit feature came with Oracle 12c version. You have to do enable Unified Auditing to use after install database. Unified Auditing come as disabled by default.

In previous releases of Oracle Database, there were separate audit trails for individual components:

  • SYS.AUD$ for the database audit trail,
  • SYS.FGA_LOG$ for fine-grained auditing,
  • DVSYS.AUDIT_TRAIL$ for Oracle Database Vault, Oracle Label Security, and so on.

In 12c, these audit trails are all unified into one, viewable from the UNIFIED_AUDIT_TRAIL data dictionary view for single-instance installations or Oracle Database Real Application Clusters environments.

Auditable Components With Unified Auditing

  • Audit Any Role
  • Application Context Values
  • Oracle Database Real Application Security Events
  • Oracle Recovery Manager Events
  • Oracle Database Vault Events
  • Oracle Label Security Events
  • Oracle Data Mining Events
  • Oracle Data Pump Events
  • Oracle SQL*Loader Direct Load Path Events
  • Operating System Audit Records into the Unified Audit Trail

The unified audit trail, which resides in a read-only table in the AUDSYS schema in the SYSAUX tablespace, makes this information available in a uniform format in the UNIFIED_AUDIT_TRAIL data dictionary view, and is available in both single-instance and Oracle Database Real Application Clusters environments. In addition to the user SYS, users who have been granted the AUDIT_ADMIN and AUDIT_VIEWER roles can query these views. If your users only need to query the views but not create audit policies, then grant them the AUDIT_VIEWER role.

When the database is writeable, audit records are written to the unified audit trail. If the database is not writable, then audit records are written to new format operating system files in the $ORACLE_BASE/audit/$ORACLE_SID directory.

You can use mixed mode auditing enables both traditional (that is, the audit facility from releases earlier than Release 12c) and the new audit facilities (unified auditing). In mixed mode, you can use the new unified audit facility alongside the traditional auditing facility. In pure unified auditing, you only use the unified audit facility.

As in previous releases, the traditional audit facility is driven by the AUDIT_TRAIL initialization parameter. Only for mixed mode auditing, you should set this parameter to the appropriate traditional audit trail. This traditional audit trail will then be populated with audit records, along with the unified audit trail. When you upgrade your database to the current release, traditional auditing is preserved, and the new audit records are written to the traditional audit trail.

Enable Unified Auditing

You can check current status with below query.


If VALUE is TRUE, Unified Auditing is enabled.

You have to shutdown all running database process (database,listener) to activate Unified Auditing before run script. If you use Oracle RAC, you have to run script on all of nodes.

SQL> shutdown immediate;
SQL> exit;

[oracle@testdb ~]$ lsnrctl stop LISTENER

[oracle@testdb ~]$ cd $ORACLE_HOME/rdbms/lib/
[oracle@testdb lib]$ make -f ins_rdbms.mk uniaud_on ioracle ORACLE_HOME=$ORACLE_HOME  

SQL> startup;

The VALUE has to be TRUE.

Continue reading “Unified Auditing in Oracle 12c”

10,066 total views, no views today

Tags: Database Administration, Database Security, Oracle 12c, Oracle 12c Security

Mar 25 2015

How to Change SSH Port When Selinux is Enable on Oracle Linux 7

Category: Linux & Unix,System SecurityFatih Acar @ 15:47

SSH service runs on 22 port number. You can change this port number for security. If you use Oracle Linux 7, Centos 7 or Red Hat Linux 7 versions, you can change port number with below operations. If selinux is enabled, you have to add new port number to selinux configuration because of the fact that selinux allows only 22 port number for ssh connections.

Step 1 : Change Port Number

[root #] vi /etc/ssh/sshd_config
Port 2290

Save and Exit

Step 2 : Change Selinux Configuration

To change:
[root #] semanage port -a -t ssh_port_t -p tcp 2290
To list:
[root #] semanage port -l | grep ssh

Step 3 : Add New Port to Firewall

To Add:
[root #] firewall-cmd –permanent –zone=public –add-port=2290/tcp
To Activate
[root #] firewall-cmd –reload

Step 4 : Restart SSHD Service to Activate New SSH Confiuration

[root #] systemctl restart sshd.service

Step 5 : Show Running SSH Port

[root #] ss -tnlp | grep ssh

24,013 total views, no views today

Jan 27 2015

How to Change Oracle Enterprise Manager Port Number

Category: Administration,Database SecurityFatih Acar @ 17:29

If you want to change Oracle Enterprise Manager port number, you can use “emca -reconfig ports -DBCONTROL_HTTP_PORT ” command, this is simple. You can use to take security measure for Oracle EM. I will give 1820 as port for Oracle EM as example.

Change Oracle Enterprise Manager Port


Continue reading “How to Change Oracle Enterprise Manager Port Number”

23,575 total views, no views today

Tags: Database Administration, Database Security, Oracle Administration, Oracle Security

Dec 23 2014

RMAN Encrypt Backup in Oracle

Category: Backup And Recovery,Database SecurityFatih Acar @ 09:04

You can protect your backups with rman encryption. You have three ways to rman backup encryption. You can use wallet, password or dual mode. I will tell you password protection.

Configure RMAN Backups With Password Protection

rman target /
RMAN> set encryption on identified by ‘yourpassword’ only;

You can backup with backup database command. Do not need to change any backup script.

You can change encryption algorithm on RMAN Configuration.

Show Encryption Algorithm

SQL> select algorithm_id, algorithm_name, algorithm_description, is_default from v$rman_encryption_algorithms;

Change Encryption Algorithm
Continue reading “RMAN Encrypt Backup in Oracle”

32,638 total views, no views today

Tags: Database Administration, Database Security, Oracle Administration, Oracle Backup and Restore, RMAN Encrypt Backup

Dec 22 2014

How to Create Oracle Wallet for Encrpytion

Category: Administration,Database SecurityFatih Acar @ 14:35

Oracle Wallet Manager is a password protected stand-alone Java application tool used to maintain security credentials and store SSL related information such as authentication and signing credentials, private keys, certificates, and trusted certificates.

1- Create Wallet Directory

[oracle@testdb ~] cd $ORACLE_HOME
[oracle@testdb db_home] mkdir -p ORA_WALLETS

2- Write Wallet Location Information in sqlnet.ora File

[oracle@testdb ~] cd $ORACLE_HOME/network/admin
[oracle@testdb db_home] vi sqlnet.ora


3- Configure Wallet in Oracle Database
Continue reading “How to Create Oracle Wallet for Encrpytion”

14,428 total views, no views today

Tags: Database Administration, Database Security, Oracle Administration, Oracle Security, Oracle Wallet

Feb 04 2014

SAP Security Audit Log Activation

Category: SAP Basis,System SecurityFatih Acar @ 14:52

As of Release 4.0, you can use the Security Audit Log to record security-related system information such as changes to user master records or unsuccessful logon attempts. This log is a tool designed for auditors who need to take a detailed look at what occurs in the SAP System. By activating the audit log, you keep a record of those activities that you specify for your audit. You can then access this information for evaluation in the form of an audit analysis report.
The Security Audit Log provides for long-term data access. The audit files are retained until you explicitly delete them. Currently, the Security Audit Log does not support the automatic archiving of the log files; however, you can manually archive them at any time.

SAP Security Audit Log

You can record the following information in the Security Audit Log

  • Successful and unsuccessful dialog logon attempts
  • Successful and unsuccessful RFC logon attempts
  • RFC calls to function modules
  • Changes to user master records
  • Successful and unsuccessful transaction starts
  • Changes to the audit configuration

SAP Security Audit Log Activation Steps

1 – Create Profile

Tcode > SM19

SAP Security Audit Log 1

SAP Security Audit Log 1

SAP Security Audit Log 2

SAP Security Audit Log 2

Continue reading “SAP Security Audit Log Activation”

84,288 total views, 2 views today

Tags: SAP Basis, SAP Security Audit Log, Sap System Administration, System Administration, System Security

Apr 29 2013

Disable root SSH Login on Linux Server

Category: Database Security,Linux & Unix,System SecurityFatih Acar @ 10:45

Root user is the most authoritative user on linux operating systems. You can take measure for security with disable root ssh. You can connect to server with other users.

Edit sshd_config

vi /etc/ssh/sshd_config

#LoginGraceTime 2m
#PermitRootLogin yes
#StrictModes yes

Note : “PermitRootLogin yes” is default value. This value allows ssh root login
You have to change parameter and remove # symbol.

#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes

Edit Port

Note : You can change ssh connection port, then you can provide extra security.

vi /etc/ssh/sshd_config

Change port number


Restart sshd Service

service sshd restart

12,604 total views, 5 views today

Tags: Database Security, System Administration, System Security

Dec 16 2011

Social Engineering Attacks

Category: Database Security,Information Security,System SecurityFatih Acar @ 17:07

All social engineering techniques are based on specific attributes of human decision-making known as cognitive biases. These biases, sometimes called “bugs in the human hardware,” are exploited in various combinations to create attack techniques, some of which are listed here:


Pretexting is the act of creating and using an invented scenario (the pretext) to engage a targeted victim in a manner that increases the chance the victim will divulge information or perform actions that would be unlikely in ordinary circumstances.[4] An elaborate lie, it most often involves some prior research or setup and the use of this information for impersonation (e.g., date of birth, Social Security Number, last bill amount) to establish legitimacy in the mind of the target.
This technique can be used to blame a business into disclosing customer information as well as by private investigators to obtain telephone records, utility records, banking records and other information directly from company service representatives. The information can then be used to establish even greater legitimacy under tougher questioning with a manager, e.g., to make account changes, get specific balances, etc.
Pretexting can also be used to impersonate co-workers, police, bank, tax authorities, clergy, insurance investigators — or any other individual who could have perceived authority or right-to-know in the mind of the targeted victim. The pretexter must simply prepare answers to questions that might be asked by the victim. In some cases all that is needed is a voice that sounds authoritative, an earnest tone, and an ability to think on one’s feet.

Diversion theft

Diversion theft, also known as the “Corner Game” or “Round the Corner Game”, originated in the East End of London.
In summary, diversion theft is a “con” exercised by professional thieves, normally against a transport or courier company. The objective is to persuade the persons responsible for a legitimate delivery that the consignment is requested elsewhere — hence, “round the corner”.
With a load/consignment redirected, the thieves persuade the driver to unload the consignment near to, or away from, the consignee’s address, in the pretense that it is “going straight out” or “urgently required somewhere else”.
The “con” or deception has many different facets, which include social engineering techniques to persuade legitimate administrative or traffic personnel of a transport or courier company to issue instructions to the driver to redirect the consignment or load.
Another variation of diversion theft is stationing a security van outside a bank on a Friday evening. Smartly dressed guards use the line “Night safe’s out of order, Sir”. By this method shopkeepers etc. are gulled into depositing their takings into the van. They do of course obtain a receipt but later this turns out to be worthless. A similar technique was used many years ago to steal a Steinway grand piano from a radio studio in London. “Come to overhaul the piano, guv” was the chat line.

Continue reading “Social Engineering Attacks”

17,741 total views, 5 views today

Tags: Oracle, System Security