What Mode of Oracle 12c Unified Auditing Are You Using and Default Auditing Policies?
Continuing our blog series on Oracle 12 Unified Auditing, how do you know what mode of Unified Auditing that you are using? Use the following SQL –
SELECT VALUE FROM V$OPTION WHERE PARAMETER = 'Unified Auditing';
The result will be TRUE or FALSE. If TRUE, the database is using PURE Unified Auditing. If FALSE, the database is using Mixed Mode, which is the Oracle 12c default. Remember that V$OPTION shows what database options are installed, and V$PARAMETER shows the startup parameters for the options which have been installed. Unified Auditing is enabled by being installed and not by being configured in V$PARAMETER.
Unified Auditing is configured through policies. If Oracle 12c tenant databases (PDBs) are being used, these polices can be applied to common objects in all PDBs or to individual PDBs. The table below show the policies installed and/or enabled by default –
Unified Audit Polices Installed With Oracle 12c |
||
---|---|---|
Policy Name |
Default Enabled |
Description |
ORA_SECURECONFIG |
Yes |
Secure configuration audit options |
ORA_RAS_POLICY_MGMT |
No |
Oracle Real Application Security administrative actions on application users, roles, and policies. |
ORA_RAS_SESSION_MGMT |
No |
Run-time Oracle Real Application Security session actions and namespace actions |
ORA_ACCOUNT_MGMT |
No |
Commonly used user account and privilege settings for create user, role, and privilege grants |
ORA_DATABASE_PARAMETER |
No |
Audits commonly used Oracle Database parameter settings, e.g., the initialization file (spfile) changes |
To query what policies have been defined you may use –
SELECT * FROM SYS.AUDIT_UNIFIED_POLICIES
To query what polices have been enabled you may use –
SELECT * FROM SYS.AUDIT_UNIFIED_ENABLED_POLICIES
If you have questions, please contact us at mailto:info@integrigy.com
Reference
For more information on Unified Auditing can be found here:
- Integrigy Oracle 12c Unified Auditing Whitepaper Oracle 12c Unified Auditing
- 12c Unified Auditing, Oracle Database Security Guide 12c Release 1 (12.1) http://docs.oracle.com/database/121/DBSEG/auditing.htm#DBSEG1023
- Predefined Unified Audit Policies, Oracle Database Security Guide 12c Release 1 (12.1) http://docs.oracle.com/database/121/DBSEG/audit_config.htm#DBSEG356